Deepfake
A deepfake is an image, video, or audio clip generated or manipulated with artificial intelligence to imitate real people convincingly. For businesses, deepfake-enabled CEO fraud is the biggest concrete danger.
A deepfake combines “deep learning” with “fake”: an AI model learns from real recordings of a person and generates new content that is hard to tell apart from the real thing. For attackers it is a powerful social engineering tool, because it can convincingly fake the voices and faces of executives or business partners.
How does a deepfake work?
Deepfakes are usually created with deep neural networks, such as generative adversarial networks (GANs) or diffusion models. The model is trained on images, video, or voice recordings of a target person, then generates new scenes or sentences that the person never said or did. A usable voice clone often needs only a few minutes of audio, which is easy to find for anyone in the public eye.
Why deepfakes are dangerous for businesses
The biggest concrete risk is deepfake-enabled CEO fraud. In 2024 the BACS documented a case in which a finance employee was invited to a video call where a deepfake of the CEO tried to trigger an urgent payment (BACS weekly review). The BACS calls this “CEO fraud 2.0”: the classic “urgent payment from the boss” scam becomes far more convincing with an AI-generated voice and video. Faked voice messages authorizing transfers, disinformation, and reputational attacks are further risks.
In early 2026, an entrepreneur in the canton of Schwyz lost several million francs after fraudsters used an AI-cloned voice of a business partner over the phone (SRF, in German).
How to protect your business from deepfakes
Technical deepfake detection is still unreliable, so the processes matter most:
- Call back on a known channel: Confirm unusual payment instructions from a video or phone call via a separately known number, never the contact details in the request itself.
- Four-eyes principle: Have a second person approve larger transfers.
- Awareness: Social engineering training should explicitly include deepfake scenarios.
Sources
- ENISA: Threats and incidents