When a photo of US Senator Mitch McConnell circulated on social media recently, users immediately accused it of being AI-generated. It was real. But the fact that people could not tell — and that the accusation itself became a news story — highlights a problem that is only getting worse for businesses: the erosion of trust in visual evidence.
Dr Hany Farid, a UC Berkeley professor and deepfake detection expert, told a recent fraud conference that the bigger challenge facing fraud prevention professionals may not be spotting fakes, but proving what is real. His warning has direct implications for Irish businesses of every size, from a one-person trade operation to a fifty-employee professional services firm.
How Deepfakes Are Being Used Now
Deepfake technology has moved beyond celebrity face swaps and political misinformation. Fraudsters are now using it to impersonate company directors in video calls, create fake voice recordings to authorise bank transfers, and produce convincing images of products that do not exist. The technology needed to clone a voice now costs less than €50 and requires just a few seconds of audio — which can be scraped from a company’s YouTube videos, podcast appearances, or even voicemail messages.
In one recent case reported in the UK, fraudsters used a deepfake video of a CEO to authorise a £200,000 transfer. In Ireland, the Garda National Cyber Crime Bureau has warned that voice cloning scams targeting businesses are on the rise. These are not hypothetical risks. They are happening now, and the technology is improving faster than most businesses are updating their defences.
Why Small Businesses Are Particularly Vulnerable
Large corporations have fraud detection teams, multiple approval layers, and verification protocols. A small business with five employees and a single managing director does not. If an email arrives from the MD asking for an urgent transfer, and the phone call that follows sounds exactly like the MD’s voice, it is very hard for a bookkeeper or office manager to question it. That is exactly what attackers are counting on. They target the human relationship, not the technical infrastructure.
Irish small businesses are especially exposed because many operate on trust — the owner knows the staff, the staff know the customers, and formal verification processes can feel unnecessary. Deepfake attacks exploit that trust directly. They do not break into your systems. They become someone your staff already trust.
What Irish Businesses Can Do
The defence against deepfake fraud is not better detection software. It is better processes. Every business should have a multi-person authorisation rule for transfers over a certain amount. It should be company policy that verbal or video instructions to move money must be confirmed through a separate channel — a phone call to a known number, an in-person conversation, or a message through a system the attacker cannot access.
Second, educate your team. Make sure every employee knows that deepfake technology exists and that they should be sceptical of unusual requests, even ones that look and sound convincing. A healthy scepticism is not rudeness — it is good business practice. Third, limit the amount of audio and video of key staff members that is publicly available. A landlord who appears in a property video tour, a tradesman who records customer testimonials, or a shop owner interviewed by a local paper all create raw material for voice cloning.
The Bottom Line
The deepfake problem is getting worse because the technology is getting better and cheaper. There is no perfect defence, but good processes dramatically reduce your risk. Start with the simple rule: money and sensitive data never move based on a single request, no matter how convincing the source appears. That one step will protect you against the vast majority of deepfake fraud attacks.