Deepfake voice calls are here.
AI can clone a voice from 30 seconds of audio. Pretty soon, "I heard your CEO authorize it" will stop being evidence of anything.
A few years ago, fake voices were obvious. Today, with 30 seconds of someone's audio, a consumer AI tool can clone their voice well enough to fool family members on the phone. This technology is already being used to scam businesses out of six figures, and the attacks will get more common, not less.
How it's being used against small businesses
Attackers pull audio from LinkedIn videos, podcast appearances, webinar recordings — anywhere your voice is public. They clone it. Then they call your finance team, your spouse, or your employees and say exactly what you'd say. The fake voice requests a wire. The fake voice confirms a change. The fake voice says "I'm in a meeting, just trust me."
Real incidents
“A CFO at a small firm got a voicemail and then a call from the "CEO" authorizing a wire while the CEO was actually on a flight.”
Red flag: Voice was cloned from a conference keynote the CEO had given months earlier. $230K was wired before anyone noticed.
“A parent received a call from their "daughter" crying, saying she'd been in an accident and needed bail money wired immediately.”
Red flag: The daughter was at school. Voice cloned from a TikTok video. Family lost $8K before reality set in.
Defenses that work against a cloned voice
- Pick a family and company code word. Use it on the phone when money's on the line. A cloned voice doesn't know it.
- Verify any voice-only request via a second channel — text, Teams message, Slack, email.
- Never move money, change banking, or share credentials based on a voice call alone.
- For executives, limit public audio — fewer 30-second samples means harder cloning.
- Train staff: a convincing voice is not a verification anymore.
Set a code word today.
Pick one. Share it with family and finance. Use it whenever a voice call asks for money or sensitive action.
- 1Set a family code word and a company code word for financial authorizations.
- 2Update wire policies: voice alone is not authorization, regardless of whose voice it sounds like.
- 3Verify voice-only requests via a second channel — text or Teams message to a known number.
- 4Train finance staff on deepfake scenarios — this wasn't fiction last year, it's reality now.
- 5For high-profile executives, limit the amount of public audio where feasible.
Want help securing your business?
Schedule a quick security review with our team. 15 minutes, no sales pressure — walk away knowing exactly where your gaps are.
Schedule a quick security reviewKeep reading
Verify before you wire.
Wire fraud is the fastest-growing financial attack on small businesses. The fix is a 90-second phone call before the money moves.
ReadTip #8 · Social engineeringThe fake CEO email.
Gift cards, wire changes, W-2 forms, payroll routing — all the classic CEO-impersonation scams. One callback habit kills every variant.
Read