Date: 14 August 2025
In May 2024, scammers set up a bogus Microsoft Teams meeting, used an AI‑cloned voice and YouTube footage of WPP’s CEO Mark Read, and attempted to convince an agency leader they were talking to the executive. The attackers were trying to get the victim to send money and personal details. Fortunately, the attack failed, and Read subsequently warned members of his organisation to be aware of similar tactics.
Other organisations have not been so lucky, however, with deepfake phishing attacks growing 15% in the past year, resulting in at least $200 million in financial losses in the first quarter of 2025 alone. Executive teams remain prime targets. The common modus operandi include voice-cloned CFOs authorising fraudulent wire transfers, AI-animated CEOs giving bogus directives over video, and synthetic “vendors” hijacking procurement calls.
This is a threat growing faster and costlier than traditional business email compromise. Corporate boards and CISOs will need to consider increased investment in deepfake defense as a top priority.
Below are seven field-tested tactics, drawn from recent breaches and incident-response exercises, to fight back against synthetic impostors trying to infiltrate your organisation’s digital assets.
1. Build a Multi-Channel Callback Protocol
Relying on a single verification channel is no longer safe, because deepfake attacks can spoof both audio and video in real time, thus significantly expanding the risk surface when relying on just a single channel.
That’s why it’s a good idea to institute at least a two-channel mandatory confirmation. For instance, this might involve a secure messaging app plus a direct phone or in-person callback before approving any request that moves money, changes credentials, or discloses sensitive data.
LastPass reports a 60% surge in business email compromise between January and February 2025, most of it exploiting “urgent” executive requests. Scammers are weaponising such urgency, which can discourage having to verify through an alternative channel. What’s essential here is to provide clear workflow guidance so that team members don’t fall into this trap.
2. Harden Voice Channels with Biometric Watermarking
Corporate fraud losses are forecast to reach $40 billion by 2027 if audio deepfakes remain unchecked. Several telecom vendors now embed ultrasonic or cryptographic signatures into legitimate voice traffic. Receiving systems then verify the watermark before the audio is played.
If the cost of deployment is a concern, adopt watermark-capable softphones for the finance and legal teams first, because they process the most business-critical authorisations.
When feasible, adopt telephony features that attest to call provenance. In the UK, for instance, Ofcom’s updated Calling Line Identification guidance requires providers to strengthen checks against spoofed numbers, making it harder for criminals to present as local executives or suppliers.
3. Deploy Content Integrity Gateways at Video Conferencing Edges
Modern meeting platforms allow API hooks for pre-meeting participant scans. Plug a deepfake-detection engine into the lobby so that synthetic faces or manipulated backgrounds trigger an MFA prompt, decreasing the chances of phishing success. The World Economic Forum’s July 2025 bulletin calls such detection “key to keeping trust alive” during remote collaboration.
You should ensure you have control in high-risk meetings, such as those involving fund transfers, M&A talks, and critical-infrastructure briefings. Depending on your resources and prioritisation, you can roll out enterprise-wide for phased adoption.
4. Expand Zero Trust to Cover Pixels and Waveforms
Zero-trust architecture assumes no device, user, or packet is inherently reliable. Extend that scepticism to media assets. Standardize provenance checks for executive-level files. Require hashes and source attestations before videos or audio snippets are allowed into inboxes or collaboration threads.
Evaluate adoption of the C2PA “Content Credentials” standard so your own media carries verifiable provenance metadata from creation through distribution, making it harder for attackers to pass off forged clips as internal.
For instance, providers have started preserving content credentials on hosted images at internet scale, signalling a broader ecosystem shift you can align with. Another method involves pairing robust identity-and-access-management controls with proactive validation to reduce the blast radius of deepfake social engineering attacks.
5. Run Tabletop Exercises Featuring Synthetic Media Scenarios
A well-run cyber tabletop exercise should rehearse how executives, finance, HR, IT, and communications react when a convincing synthetic voice or video tries to short-circuit controls. Simulate comparable scenarios in regular incident-response drills, such as a video call from a “CEO” ordering a same-day supplier prepayment. Monitor whether the team executes the callback protocol.
Design your scenario around a single, crisp business decision so the exercise doesn’t involve unnecessary complexity or sprawl. The success criteria should be straightforward: someone must insist on the second channel, the transaction must pause until verification is complete, and the incident manager must log the steps and time stamps.
Capture three metrics: detection latency (time to the first verbalised doubt), verification lag (time to complete the callback), and policy adherence (whether the team followed the playbook verbatim).
6. Shrink the Social Media Footprint of Key Leaders
Attackers only need a few seconds of clear voice to train a convincing clone, and this can be done by obtaining samples from content shared on social networks. Audit executives’ LinkedIn, YouTube, and podcast appearances; remove or trim posts containing high-quality voice and video to reduce the risks of these being used to clone their voice.
Provide a media-friendly “safe reel” recorded in controlled conditions so that PR teams aren’t tempted to publish fresh, exploitable footage. This provides a pragmatic compromise between keeping a healthy online presence and ensuring your organisation’s digital assets are protected.
7. Track Deepfake KPIs Alongside Traditional Fraud Metrics
Security teams already report on mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR). With the rise of deepfakes, you need to add metrics such as “synthetic-media false-positive rate” and “callback-verification lag.”
Publishing these KPIs at monthly risk-committee meetings keeps the board engaged and budgets flowing toward controls that actually work, thereby linking measurement to governance.
Wrapping Up
Deepfakes are no longer a fringe novelty. They are an efficient, scalable weapon in the hands of organised criminals and even nation-state APTs. By layering human processes (multi-channel callbacks, social media hygiene, awareness training) with technical safeguards (watermarks, content-integrity gateways, zero-trust extensions), you create a defence-in-depth posture that makes it difficult for synthetic impostors to penetrate.
Most importantly, regularly rehearse these measures until they become reflexes. In an era where your CEO can “speak” without opening their mouth, this could be all that stands between you and an eight-figure transfer to a scammer’s offshore account.
