Deepfake Voice and Video Scams Are Hitting Australian Businesses

Artificial intelligence has enabled a new generation of scams that were previously impossible: convincing voice and video impersonation of real people. The technology to generate a realistic voice clone from as little as three seconds of audio has become accessible, inexpensive, and available to criminals through underground markets. Australian businesses and families are increasingly targeted.

The CEO Fraud Call

A finance staff member receives a call from what sounds exactly like their CEO, asking them to urgently process a payment — framed as a confidential acquisition or sensitive matter that must be kept quiet. The voice is indistinguishable from the real CEO because it has been cloned from a podcast appearance, YouTube video, conference recording, or company video. These attacks have resulted in multi-million dollar losses internationally and are now affecting Australian companies. The combination of authority, urgency, and secrecy is designed to bypass normal verification procedures.

The Family Emergency Call

You receive a distressed call from someone who sounds exactly like your child or grandchild, claiming to be in trouble — an accident, an arrest, or an emergency overseas — and urgently needing money transferred immediately. The voice has been cloned from videos on their social media accounts. This variant is particularly effective against older Australians and parents who are conditioned to respond immediately to distress from family members.

Deepfake Video Calls

Video deepfakes — while less common than voice clones — are advancing rapidly. Several international cases have involved video calls where the participants appeared to be real company executives but were entirely AI-generated. As this technology becomes more accessible, the risk of video call impersonation will increase significantly. A face on a video call is no longer absolute proof of identity.

How to Protect Against Deepfake Voice Scams

Establish a safe word or challenge phrase system for high-value financial requests — a code that only genuine family members or executives know, which must be provided before any urgent financial request is acted upon. For businesses, implement a strict policy that no payment above a certain threshold can be authorised based on a phone call alone, regardless of who the caller appears to be — a physical callback to a pre-registered number or a secondary approval from another executive is required. Train staff that the compelling nature of a voice or appearance is no longer reliable verification.

What to Do If You Are Targeted

If you receive a suspicious call matching this description, hang up and call the person back on a number you already have — not the number that called you. Verify the request through a separate channel entirely. Report the incident to the Australian Cyber Security Centre at cyber.gov.au/report. If funds have already been transferred, contact your bank immediately.

Implementing a Verification Protocol

For businesses, the most effective protection is a documented verification protocol for high-value transactions that cannot be overridden by urgency or authority. The protocol should specify: any payment above a defined threshold (for example, $5,000) requires dual authorisation from two named individuals through a separate communication channel from the original request. This channel verification means that if a CEO calls to authorise an urgent payment, the finance staff member calls back the CEO on a pre-registered number before processing — the callback cannot be to a number provided during the original call. This protocol stops deepfake voice scams completely because even a perfect voice clone cannot simultaneously answer a call to the real CEO's mobile.

The Business Case for Voice Authentication

Some Melbourne businesses have implemented formal voice authentication procedures for high-value transactions, including shared code words, challenge questions with pre-agreed answers, or call-back protocols to pre-registered numbers. While these add a step to the process, the cost of a single successful deepfake fraud — which can be six or seven figures — far exceeds any efficiency loss from the verification step. IntrusionX can help businesses implement practical verification protocols that protect against deepfake and social engineering attacks without creating unacceptable operational friction — contact us for a consultation.