Attack Vectors

What and how generative AI techniques are used to deceive, impersonate and defraud.
Back to Attack Vectors

Deepfake CEO fraud

Multimodal
Corporate Fraud

Deepfake-enabled business email compromise extends traditional BEC by adding voice or video deepfake of an executive to the social engineering chain. The email starts the pretext; the deepfake closes the deal.

Use cases: Executive impersonation · Finance · Live agent assist

How it works

  • An attacker sends an initial email mimicking an executive, often using a lookalike domain
  • A follow-up call or video meeting features a cloned voice or face swap of the executive
  • The deepfake confirms the urgency or authenticity of the email request, breaking through the recipient’s verification instinct

Where it shows up

  • Wire transfer fraud closed on a "CEO" call after an initial email request
  • Vendor banking detail changes confirmed by a deepfake "CFO" video
  • Sensitive document or credential extraction via deepfake "IT" or "legal" calls
  • Acquisition announcements and capital movements directed by deepfake "board" video
  • Payroll redirection where a deepfake "executive" confirms the change