top of page
perceptive_background_267k.jpg

Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know

Published:

27 April 2026 at 13:00:09

Alert date:

27 April 2026 at 14:02:21

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Emerging Technologies, Identity & Access, Email & Messaging

Cybercriminals can now clone voices using just three seconds of audio to conduct sophisticated fraud attacks. These deepfake voice calls are successfully tricking employees into transferring real money to attackers. Current security defenses are proving inadequate against this emerging threat. Adaptive Security research demonstrates how these attacks bypass traditional detection methods. The technology has advanced to the point where voice cloning is accessible and highly effective for social engineering attacks.

Technical details

Deepfake voice attacks use AI to clone voices with just 3 seconds of audio from sources like voicemails, podcasts, earnings calls, or LinkedIn videos. The AI models can generate fully interactive voice replicas in real time, run offline, require no technical background, and are available as free downloads on public repositories. Voice deepfake incidents rose 680% year-over-year in 2025 with over 100,000 attacks recorded in the US alone. Attackers prepare by mapping organizational charts, identifying financial authorities, and studying approval workflows before making calls. AI personas are also being used in hiring processes, created from stolen LinkedIn profiles to pass video interviews and gain access to internal systems.

Mitigation steps:

Implement verbal passcodes for high-value financial requests, establish callback requirements on pre-stored numbers before approving wire transfers, create standing policy that urgency in financial requests is reason to slow down, train employees to pause and verify before acting regardless of how familiar requests sound, conduct regular deepfake simulation training, implement personalized training based on failed tests, build verification habits before attacks occur, establish protocols for scrutinizing requests from unofficial channels

Affected products:

Zoom
Signal
LinkedIn

Related links:

https://www.adaptivesecurity.com/demo/security-awareness-training?utm_source=other&utm_medium=other&utm_campaign=2026_04_NA_Bleepingcomputer_organic_article&utm_id=701Rd00000gQjcPIAS&utm_term=other
http://adaptivesecurity.com/?utm_source=other&utm_medium=other&utm_campaign=2026_04_NA_Bleepingcomputer_organic_article&utm_id=701Rd00000gQjcPIAS&utm_term=other

Related CVE's:

Related threat actors:

IOC's:

Urgent financial transfer requests via unofficial channels, Voice calls requesting immediate wire transfers, Video calls with multiple AI-generated faces, Voice messages via consumer messaging apps like Signal, Unexpected calls from executives requesting credential resets

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page