AI voice cloning has reduced the cost of impersonating a CFO, CEO, or HR director to near zero. A three-second audio sample is now enough to synthesise a convincing voice clone, and attackers are using that capability in real-time phone calls to authorise wire transfers, extract credentials, and bypass identity verification. This is deepfake vishing, and your existing security awareness training almost certainly does not address it.
This guide gives you a concrete detection checklist and a policy template you can hand to executives and HR teams today.
Why Deepfake Vishing Outperforms Email Phishing
Email phishing triggers pattern recognition most employees have trained for. Voice attacks do not. A caller claiming urgency creates psychological pressure that email rarely matches. When that caller sounds exactly like your CEO, the normal friction of “let me verify this” gets suppressed.
The FBI Internet Crime Complaint Center reported a 51% increase in business email compromise losses in 2023. Vishing is now the delivery mechanism of choice for the same financial fraud, because call-based social engineering closes faster and leaves fewer digital traces. Real-time voice synthesis tools available on criminal forums in 2025 can clone a voice with under 10 seconds of training audio pulled from a LinkedIn video or earnings call recording.
The threat is not theoretical. A UK energy company was defrauded of 220,000 euros in a 2019 call where the attacker cloned the CEO voice. That attack used first-generation synthesis. Current models are measurably better.
Detection Checklist: 8 Signs a Call May Be Synthesised
Train your executives and finance teams to apply this checklist before acting on any urgent request received by phone.
- Unnatural prosody: Synthesised voices often have consistent pacing with minimal variation in stress or rhythm. Real speech accelerates, slows, and stumbles.
- Absent background noise: Real calls from a mobile or office carry ambient sound. Pure silence or processed audio is a flag.
- No spontaneous recall: Ask a personal question only the real person would know, such as a shared project name or last meeting location. Attackers cannot improvise accurate answers.
- Resistance to callback: Any caller who discourages you from hanging up and dialling back on a known number is applying social engineering pressure.
- Urgency and secrecy framing: “Do not tell anyone,” “this must happen today,” and “I cannot explain everything now” are consistent social engineering scripts.
- Slight audio artefacts: Listen for metallic resonance, clipping on plosive consonants, or a faint hiss under the speech signal.
- No multi-channel confirmation: If an instruction of financial or access significance arrives only by voice with no written trail, treat it as unverified.
- Mismatched register: Cloned voices are trained on limited samples. The voice may sound right but use vocabulary or phrasing inconsistent with the real person.
Policy Template: Voice Verification Protocol for Finance and HR
Copy this into your internal policy documentation and adjust thresholds to match your organisation’s risk tolerance.
Scope: All requests received by voice call that involve fund transfers, credential resets, payroll changes, or access provisioning above defined thresholds.
Mandatory callback rule: Any voice request above 500 GBP in financial impact, or any credential or access change, requires the recipient to terminate the call and re-initiate contact using a number stored in the company directory, not one provided by the caller.
Code word system: Establish shared code words per department. Executives use a rotating word when placing sensitive calls. Absence of the code word is a hold signal, not a denial, and triggers the callback rule automatically.
Out-of-band confirmation: Finance teams must receive a matching written authorisation via corporate email before processing any voice-requested transfer, regardless of the seniority of the requester.
Escalation path: Suspected vishing calls go to your IT security team within 30 minutes. Log caller ID, time, nature of request, and any recording if available.
For a broader view of how AI is reshaping social engineering, the context in AI-powered phishing attacks and why traditional filters fail is essential reading before you build out your training programme.
What to Tell Your Board
Board members and C-suite executives are the primary targets because their voices are publicly available and their instructions carry immediate authority. Three points that land in a board briefing without technical jargon:
- Voice is no longer a reliable authentication factor. Treat a phone call from a known person with the same verification standard you apply to an email from an unknown domain.
- Urgency and secrecy are attack mechanics, not legitimate business requirements. Any call that explicitly asks you to bypass normal process is, statistically, an attack.
- The fix is procedural, not technical. Out-of-band verification, code words, and callback rules stop vishing without requiring new software.
Pair this briefing with your incident response plan for UK organisations so your team knows exactly what to do in the first 30 minutes after a suspected vishing call.
How Attackers Build the Voice Clone
Understanding the attack surface helps you reduce it. Attackers source training audio from earnings calls, conference presentations, YouTube interviews, LinkedIn video posts, and podcast appearances. Executives with significant public speaking records carry the highest risk. The synthesis pipeline typically involves an open-source text-to-speech model fine-tuned on the target voice, then run in real time through a voice changer during the call itself.
Reducing your audio footprint is not realistic for most executives. What you can do is ensure that the authority your voice carries is not transferable without a second verification factor. Your AI security posture needs to account for voice as an attack vector, not just text and code.
Frequently Asked Questions
Can a real-time deepfake voice call be detected by software?
Detection tools exist but are not reliable enough to deploy as a sole defence. Current classifier accuracy against state-of-the-art synthesis models degrades quickly as synthesis quality improves. Procedural controls, specifically the mandatory callback rule, are more dependable than any automated detector available in 2026.
What audio sample length does an attacker need to clone a voice?
Modern open-source voice cloning models can produce usable output from three to ten seconds of clean audio. High-quality clones that sustain a multi-minute conversation typically require thirty seconds to two minutes of training data. Both thresholds are met by a single short video.
Is vishing covered under UK cyber insurance policies?
Coverage varies. Policies that include social engineering fraud riders typically cover vishing losses, but many standard cyber policies exclude them unless the social engineering endorsement is explicitly added. Review your policy wording with your broker before assuming coverage.
What is the difference between vishing and deepfake vishing?
Traditional vishing is a phone-based social engineering attack where the attacker impersonates someone using only their own voice and a scripted pretext. Deepfake vishing uses AI-synthesised audio to replicate a specific known person’s voice, removing the accent and vocal inconsistency cues that often expose traditional vishing calls.