Corporate deepfake: the scam now mimics its boss

A quick meeting, with an urgent agenda and decision made in a few minutes. It was in this context that a European multinational authorized the transfer of €25 million after a video call with someone who seemed to be its own CEO. The executive, in practice, never participated in the conversation. The case was revealed in March 2026 by the OnOff Business website, which detailed the use of deepfake to simulate the company's leadership in real time. At the same time, recent data from Europol indicate that a relevant portion of frauds on the continent already involves identity manipulation with artificial intelligence.

“This type of approach works because it fits into the routine.It is a plausible demand, with someone known and a level of urgency that makes sense within the” operation, says Jose Miguel, Pre Sales Manager at Unentel.“When the context convinces, hardly the first reaction is to doubt.”

The use of synthetic voice and AI-generated imagery has been directed at specific moments in corporate day-to-day life, especially those where decisions need to happen fast.Financial approvals, vendor changes or non-standard requests have seen entry doors when there is no clear path to validation. In many cases, a single confirmation point is enough for the request to move forward.

Reports such as the Verizon Data Breach Investigations Report 2025 help to understand this scenario by showing that most incidents still involve human interaction.When a request combines familiarity with urgency, the tendency is to accelerate the response, even without a more careful check.

Some companies have already started to adjust these points without necessarily resorting to complex solutions. Simple changes in the way critical decisions are validated, such as avoiding approvals by a single channel, registering exceptions and distributing responsibilities, have reduced the space for this type of approach. Care with orders outside the usual flow also grows, especially when they involve values, accesses or short deadlines.

“O deepfake follows the evolution of technology, but it still depends on how the company operates on a daily basis. When there is clarity in the processes and more than one verification step, it is much more difficult for this type of fraud to advance, no matter how convincing it seems”, concludes Jose Miguel.

In practice, this has led companies to review specific points of the operation, especially where there is more pressure for speed. According to the expert, financial approvals, for example, cease to happen only by call or message and begin to require a second confirmation in another channel already known to the team. Also gains strength the formalization of exceptions, when a request escapes the standard, it is not resolved in the improvisation, but recorded and validated within a defined flow. 

In parallel, tools that connect communication, identity and interaction history help to give context to each request, preventing decisions to be made based only on appearance or urgency. This type of adjustment does not eliminate risk, but significantly reduces the space for approaches such as deepfake to advance within the routine.