Opinions expressed by Entrepreneur contributors are their own.
In 2024, a scammer used deepfake audio and video to impersonate Ferrari CEO Benedetto Vigna and attempted to authorize a wire transfer, reportedly tied to an acquisition. Ferrari never confirmed the amount, which rumors placed in the millions of euros.
The scheme failed when an executive assistant stopped it by asking a security question only the real CEO could answer.
This isn’t sci-fi. Deepfakes have jumped from political misinformation to corporate fraud. Ferrari foiled this one — but other companies haven’t been so lucky.
Executive deepfake attacks are no longer rare outliers. They’re strategic, scalable and surging. If your company hasn’t faced one yet, odds are it’s only a matter of time.
Related: Hackers Targeted a $12 Billion Cybersecurity Company With a Deepfake of Its CEO. Here’s Why Small Details Made It Unsuccessful.
How AI empowers imposters
You need less than three minutes of a CEO’s public video — and under $15 worth of software — to make a convincing deepfake.
With just a short YouTube clip, AI software can recreate a person’s face and voice in real time. No studio. No Hollywood budget. Just a laptop and someone ready to use it.
In Q1 2025, deepfake fraud cost an estimated $200 million globally, according to Resemble AI’s Q1 2025 Deepfake Incident Report. These are not pranks — they’re targeted heists hitting C‑suite wallets.
The biggest liability isn’t technical infrastructure; it’s trust.
Why the C‑suite is a prime target
Executives make easy targets because:
-
They share earnings calls, webinars and LinkedIn videos that feed training data
-
Their words carry weight — teams obey with little pushback
-
They approve big payments fast, often without red flags
In a Deloitte poll from May 2024, 26% of execs said someone had tried a deepfake scam on their financial data in the past year.
Behind the scenes, these attacks often begin with stolen credentials harvested from malware infections. One criminal group develops the malware, another scours leaks for promising targets — company names, exec titles and email patterns.
Multivector engagement follows: text, email, social media chats — building familiarity and trust before a live video or voice deepfake seals the deal. The final stage? A faked order from the top and a wire transfer to nowhere.
Common attack tactics
Voice cloning:
In 2024, the U.S. saw over 845,000 imposter scams, according to data from the Federal Trade Commission. This shows that seconds of audio can make a convincing clone.
Attackers hide by using encrypted chats — WhatsApp or personal phones — to skirt IT controls.
One notable case: In 2021, a UAE bank manager got a call mimicking the regional director’s voice. He wired $35 million to a fraudster.
Live video deepfakes:
AI now enables real-time video impersonation, as nearly happened in the Ferrari case. The attacker created a synthetic video call of CEO Benedetto Vigna that nearly fooled staff.
Staged, multi-channel social engineering:
Attackers often build pretexts over time — fake recruiter emails, LinkedIn chats, calendar invites — before a call.
These tactics echo other scams like counterfeit ads: Criminals duplicate legitimate brand campaigns, then trick users onto fake landing pages to steal data or sell knockoffs. Users blame the real brand, compounding reputational damage.
Multivector trust-building works the same way in executive impersonation: Familiarity opens the door, and AI walks right through it.
Related: The Deepfake Threat is Real. Here Are 3 Ways to Protect Your Business
What if someone deepfakes the C‑suite
Ferrari came close to wiring funds after a live deepfake of their CEO. Only an assistant’s quick challenge about a personal security question stopped it. While no money was lost in this case, the incident raised concerns about how AI-enabled fraud might exploit executive workflows.
Other companies weren’t so lucky. In the UAE case above, a deepfaked phone call and forged documents led to a $35 million loss. Only $400,000 was later traced to U.S. accounts — the rest vanished. Law enforcement never identified the perpetrators.
A 2023 case involved a Beazley-insured company, where a finance director received a deepfaked WhatsApp video of the CEO. Over two weeks, they transferred $6 million to a bogus account in Hong Kong. Wh