Deepfake phishing is a social engineering attack that uses AI-generated voice, video, or images to impersonate a trusted person and pressure someone into taking action.
Deepfake phishing uses AI-generated voice, video, or images to make an impersonation feel real. Instead of relying only on a fake email or login page, the attacker may sound or appear to be someone the victim trusts.
In Wizer’s deepfake simulations, the most common mistake was acting on urgency before confirming the request through another channel.
| Type | What it looks like | What the attacker wants |
|---|---|---|
| Voice cloning | A call or voice note from a leader or relative | Transfer money or share a code |
| Video impersonation | A fake person on a video call | Approve a payment or disclose data |
| Image impersonation | A fake profile or altered screenshot | Build trust or support a false story |
Attackers use sophisticated generative AI tools to harvest public synthetic media and exploit human trust. These high-tech scams generally take two primary forms:
Using a short, publicly available audio clip (such as an executive's interview, keynote, or podcast episode), an attacker can clone a leader's voice. They then call an employee in finance or HR, sounding identical to the boss, to authorize an urgent, last-minute fund transfer or credential change.
In more advanced scenarios, scammers create synthetic video streams to impersonate entire leadership teams or vendor representatives on live virtual meetings (like Zoom or Teams), tricking organizations out of millions of dollars during real-time discussions.
Deepfake phishing can be convincing, but there are often warning signs.
The caller or sender may insist that money, passwords, codes, or sensitive files are needed immediately. Urgency is designed to stop people from pausing and checking.
Be cautious if someone asks you to keep the request private, skip the normal approval process, or avoid contacting another team member.
The voice or video may seem real, but the request feels unusual. For example, a leader may suddenly ask for gift cards, a wire transfer, login details, or a change to a vendor’s payment information.
Listen for:
These signs are not always present, but they can be clues.
Watch for:
Deepfakes are improving, so visual glitches should not be the only thing employees rely on.
A real colleague should understand a quick security check. Be suspicious if they refuse to call back on a known number, answer a personal question, or confirm the request through another channel.
Any request involving money, account access, sensitive data, or payment changes should follow the usual approval process. A familiar face or voice should never replace verification.
Before acting on an unusual request:
A useful rule: Trust the process, not the voice.
MFA can help protect an account if an attacker steals a password. It cannot stop a person from being manipulated into approving a payment, sharing sensitive data, or revealing an authentication code.
That is why organizations need both technical controls and clear identity check processes.
Scammers aren't trying to exploit software vulnerabilities; they are exploiting human nature, trust, and compliance:
An employee receives a voice message that sounds like the CFO. The caller says a confidential payment must be approved before the end of the day and asks the employee not to involve anyone else.
The voice sounds familiar, but the request bypasses the normal approval process.
The safest response is to stop, contact the CFO using a known phone number, and confirm the request with another authorized person.