Deepfake Call Scam Targeting CEOs — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 30, 2026

Severity: CRITICAL | View Full Scam Details

Deepfake Call Scam Targeting CEOs: A Critical Cyber Threat in India 2026

A new wave of cyber fraud is sweeping across India in 2026, with scammers using deepfake technology to impersonate CEOs and trick businesses into handing over money.

What Is the Deepfake Call Scam Targeting CEOs?

The deepfake call scam targeting CEOs is an alarming form of cybercrime where fraudsters use artificial intelligence (AI) to create highly realistic fake voice or video calls. These deepfakes mimic the voices and likenesses of company leaders, often top executives such as CEOs or CFOs, to deceive employees authorized to handle finances or sensitive information. India’s growing dependence on WhatsApp and other digital communication platforms for official purposes has made these platforms prime targets.

In recent times, several businesses across metro and Tier 1 cities in India have reported cases of fraud involving deepfake impersonations. The criminals collect audio and video clips from public sources like webinars, interviews, and social media to engineer near-perfect replicas of trusted decision-makers. According to reports in public complaints registered with various police cybercrime cells, these calls are sometimes followed by phishing attempts and requests for urgent financial transactions or sensitive data.

While specific advisories directly focused on deepfake scams are yet to be issued, regulatory bodies like the Reserve Bank of India (RBI), CERT-In (the Indian Computer Emergency Response Team), and the Indian Cyber Crime Coordination Centre (I4C) have cautioned businesses against social engineering attacks and emphasized the importance of verifying unusual financial commands directly through trusted channels.

How This Scam Works — Step by Step

1. Reconnaissance: Fraudsters gather publicly available audio and video clips of a CEO or senior executive from online sources, including social media posts, interviews, and webinars.

2. Crafting the Deepfake: Using AI-driven voice cloning and video synthesis technology, scammers create a deepfake call that sounds and looks like the targeted executive.

3. Initial Contact via WhatsApp or Phone: The deepfake call comes to an employee handling accounts payable or finance, often outside official office hours to reduce scrutiny.

4. Urgent Request for Transfer: Posing as the CEO, the deepfake urges the employee to quickly transfer a large sum of money (often in INR lakhs or crores) to a specified account, sometimes under the pretext of a confidential business deal or emergency.

5. Verification Attempts Bypassed: Because the “call” sounds authentic, employees may skip standard verification procedures, assuming the request is genuine.

6. Money Transferred: The transaction is processed via UPI, bank transfers, or other payment gateways, sending funds to accounts controlled by the scammers.

7. Cover-Up and Exit: The fraudsters immediately attempt to launder the money using unregulated VoIP lines or other means, making it challenging to track or reverse the transfers.

Real Warning Signs to Watch For

• The caller pressures you to act immediately without time for verification.
• The request is unusual or inconsistent with past company financial practices.
• The “CEO” asks for secrecy or instructs against informing other employees.
• You receive voice/video calls from unknown or international phone numbers.
• Payment is requested to new or unverified bank accounts or UPI IDs.
• The emergency or deal described lacks any supporting written confirmation.
• The communication happens outside regular office hours or during holidays.

What Happens to Victims

Victims of this scam suffer serious financial damage, with transactions often amounting to lakhs or even crores of rupees in Indian Rupees (INR). Due to the speed and the impersonation’s sophistication, victims rarely suspect fraud until the money is gone. Banks may not always reverse UPI payments or wire transfers once settled, particularly when authorization appears authorized by senior management.

Beyond financial loss, businesses experience disruption of trust and reputational damage. In certain cases, misuse of Aadhaar-based eKYC information has facilitated scammers’ unauthorized access to company accounts. Some employees face emotional distress and job insecurity, especially when internal controls failed to prevent the fraud.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has frequently emphasized vigilance against social engineering frauds and urged companies to implement robust internal controls for digital payment authorizations. RBI’s official helpline and advisory pages remind businesses to verify payment requests through multiple channels, especially when unusual or urgent payments are involved.

CERT-In regularly issues alerts about advanced persistent threats and has highlighted the dangers of AI-powered impersonation scams. The Indian Cyber Crime Coordination Centre (I4C) is involved in monitoring evolving cyber threats and encourages victims to report online fraud promptly.

For assistance, citizens can call the 1930 cybercrime helpline, which supports reporting and guidance on such digital fraud cases.

How to Protect Yourself

1. Establish Multi-Factor Verification: Require at least two independent approvals for large financial transactions, and verify unusual payment requests using an alternative communication channel.

2. Educate Employees: Regularly train staff to recognize social engineering, phishing, and voice/video impersonations.

3. Use Secure Communication Tools: Avoid conducting critical financial discussions over open platforms like WhatsApp; use encrypted corporate communication apps with access controls.

4. Validate Payment Details: Always confirm bank account or UPI information directly from trusted internal records or contacts before transferring funds.

5. Monitor Digital Footprint: Keep track of public digital content about executives to minimize data that scammers can collect for deepfake creation.

6. Implement Fraud Detection Systems: Use transaction monitoring and anomaly detection tools to flag suspicious activity immediately.

7. Limit Sharing of Sensitive Data: Avoid broadcasting corporate events or sensitive interviews widely on social media platforms.

What to Do If You've Been Targeted

• Immediately report suspicious transactions to your bank to attempt a freeze or recall.
• Notify your company’s IT and security teams and inform senior management without delay.
• File a complaint with local police cybercrime cells and register at cybercrime.gov.in for faster coordination.
• Contact the 1930 cybercrime helpline for assistance.
• Change credentials and review systems for any unauthorized access or Aadhaar linkage misuse.
• Preserve evidence—such as call recordings, WhatsApp chats, and transaction details—to aid investigations.

Frequently Asked Questions

Q: Can deepfake calls really fool me even if I'm cautious?
A: Yes. Deepfake technology has advanced to replicate voices and facial movements very convincingly, making it challenging to detect impersonation without additional verification steps.

Q: Is it safe to rely on WhatsApp for official communication?
A: WhatsApp is widely used but not designed for high-stakes financial approvals. Important transactions should be verified through more secure and official channels.

Q: What if I already transferred money to someone after a deepfake call?
A: Contact your bank immediately to stop or reverse the transaction if possible, and report the incident to police and the cybercrime helpline. Early action increases the chances of recovery.

For any suspicious messages or calls, always verify before you act. Visit BharatSecure.app for trusted guidance and report any suspected fraud to the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.