Ask Jack: Is Deep Fake Voice Tech A Data Risk For Employers?

By Jack McCalmon, The McCalmon Group, Inc.

I am reading about deep faked images. What else should I be concerned about?


Deep fake technology is advancing rapidly because of AI. This generates a lot of risk for employers.

The one risk that concerns me the most is deep fake voice replication and wire scams. Criminals are already using AI for voice replication to scam parents and grandparents – specifically by replicating a loved one's voice.

Recently, a 73-year-old grandmother and her husband were scammed with voice replication into believing that her grandson needed bail money. The caller on the other line was not her grandson, but a scammer. The elderly couple wired money and were planning to wire even more money when a banker trained in these scams intervened to warn them of a possible fraud leading to the discovery of the scam. The tech used was so good that the elderly couple was convinced they were speaking to their grandson.

The same issue exists for employers. Deep fake voice technology has been used to convince bankers to provide access to accounts and likely will be used in other ways as well.

Of real concern is coupling deep fake voice tech with business email compromise. For example, if CEO Joe has spyware on this computer and is out of the country negotiating a deal, a criminal may send a carefully crafted email to Emily, head of account payables, asking for a wire transfer of $500,000. Having been trained to spot email compromise scams and with wire transfer security standards in place, Emily does not respond to the email without voice confirmation from Joe. Using deep fake voice tech, the scammer calls Emily, sounding just like Joe (having heard voice mails from Joe via the spyware), providing details of the deal (having learned of it through spyware) and Emily wires the money - scam complete.

The final takeaway is that voice replication technology is a real risk for everyone from grandparents to CEOs. To counteract wire transfer scams, organizations must incorporate the use of codes before money is wired. To be effective, however, the code needs to be disseminated by voice in-person just in case malware is monitoring email and text communications.

This is one of the ironies of communication technology - the more we depend on tech to communicate, the more we have to rely on more old-fashioned methods to avoid the scams.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.


Finally, your opinion is important to us. Please complete the opinion survey:


Ask Jack: Can Trusted Agents And Contractors Play An Unknowing Part In E-Mail Compromise Attacks?

Are internal breaches the main concern for email compromise attacks? Jack explains why such attacks go beyond office walls. Read More

Ask Jack: Can Dating Scams Cross Over Into The Workplace?

Scammers are using dating apps to scam money from people looking for love. How can that creep over to employers? Learn why the leap is pretty easy. Read More

Ask Jack: Is Disconnecting From The Internet A Smart Move If You Think You Opened Malware?

Jack explains the value of disconnecting and shutting down if you think you have selected a bad link or opened a questionable attachment. Read More