by Mike Minkler
If you thought cybercriminals were running out of tricks, buckle up—because the newest scam hitting businesses isn’t coming through your inbox. It’s showing up on your Zoom call, looking and sounding exactly like the people you trust most.
And yes… it’s coming right for small and midsized businesses in our own backyard.
The $499,000 Fake Zoom Call That Fooled a Finance Director
Let’s start with a mind‑bender.
In March 2025, a finance director at a multinational firm in Singapore joined what looked like a totally normal video meeting. The CFO was there. Other executives were there. Everyone looked familiar, sounded accurate, and acted like themselves. The group urgently requested a $499,000 transfer—and the director approved it.
The problem? Not a single person on that call was real. Every face and voice on the screen was a deepfake—AI‑generated and stitched together using publicly available video and audio. By the time the company realized the deception, the money had evaporated into criminal accounts.
Welcome to the world of deepfake fraud, where reality is optional.
Why You Should Care: This Tech Is No Longer “Hollywood Only”
Deepfake attacks against businesses surged a jaw‑dropping 3,000% in 2023, and voice‑cloning fraud alone jumped 680% in a single year. Criminals now only need around three seconds of audio to clone someone’s voice convincingly. Three. Seconds.
And while that Singapore case grabs headlines, the trend is inching closer to Main Street—yes, that includes us in St. Louis.
Even Cybersecurity Companies Are Getting Tricked
If even experts are getting duped, imagine the odds for a local business juggling marketing, payroll, and a broken ice machine.
Here are some real cases:
LastPass Nearly Got Burned
In early 2024, a LastPass employee received calls and messages from an AI‑cloned voice mimicking the company’s CEO. The clone was trained using publicly available YouTube videos. Thankfully, the employee sensed something was off and reported it.
Wiz Got Hit with a Voice‑Clone Attack Too
Criminals cloned CEO Assaf Rappaport’s voice—again, using public conference footage—and left voicemails requesting employee credentials. The attempt failed only because the attackers used audio of his “public speaking voice,” which sounds different from the CEO’s everyday tone. That tiny inconsistency saved them.
And Then There’s the “Fake Elon Musk” Saga
Not business‑specific, but too wild to ignore:
Deepfake videos of Elon Musk became so convincing in 2024 that The New York Times dubbed the fake Musk “the Internet’s biggest scammer” after one 82‑year‑old retiree invested $690,000 based on a deepfake video.
If a retiree can be fooled into wiring nearly seven figures, imagine how easy it is to pressure a busy employee handling vendor invoices.
Why Small Businesses Should Pay Attention
Small businesses are particularly susceptible for three reasons:
- Tight teams mean lots of trust — fewer verification steps.
- Executives appear on websites, videos, podcasts, and event pages — a goldmine for voice‑ and face‑cloning.
- Employees want to be helpful — especially when a “CEO” asks for something urgently.
Deepfake scammers don’t need your passwords. They just need your confidence.
How to Defend Against a Deepfake Attack
You don’t need spy gear. Just a few practical steps:
1. Add a “safe word” for money requests.
2. Create a second channel verification rule.
3. Train your team to look for red flags.
4. Reduce the CEO’s “public training data.”
5. Make questioning leadership requests a cultural norm.
Yes, deepfakes are sophisticated. Yes, they’re getting more common. But with the right habits you can outsmart even the world’s most advanced scammers.
Mike Minkler is a Founding Partner at CMIT Solutions St. Louis, a Managed IT Service Provider. Contact Mike at 314.628.0811 or visit www.cmitstl.com.