Is Your CFO a Deepfake?

Real‑time deepfakes have quietly moved from novelty to working fraud tool. A recent investigation into a Chinese deepfake platform shows how criminals can now pose as executives live on Zoom, Teams, and WhatsApp to push “urgent” payment requests, policy exceptions, and last‑minute account changes.

The service is sold like any other software subscription: upfront fees, recurring licenses, remote installation, and chat‑based support to get non‑technical buyers up and running. Once installed, it acts as a virtual camera that closely tracks facial expressions and movements, making the person on screen look and behave like a chosen executive or victim with unsettling realism.

This sits inside a broader scam and money‑laundering ecosystem and is already being pitched to slip past selfie‑based KYC and basic video checks. For corporate finance teams, the implication is clear: “I saw them on video” can’t be the final word on trust. Critical actions such as large payments, changes to beneficiary details, and new account instruction need independent verification steps such as callbacks to known contacts, enforced multi‑person approvals, and clearly defined “no exceptions over chat or video” rules.

Conduit Security helps customers operationalize exactly these kinds of protections by taking identity out of email and collaboration channels and anchoring payment approval to secure, policy‑driven workflows instead. The goal is not to spot every fake on sight, but to design processes where even a perfect impersonation, whether by deepfake or compromised account, isn’t enough to move money on its own and payments are safe.

‍