If your finance team receives a voicemail from someone who sounds exactly like your chief executive, asking for an urgent payment before a meeting starts, the safe assumption in 2026 is not that the voice is real. AI voice cloning has become cheap, accessible and convincing enough that a familiar voice is no longer a reliable credential. It is a starting point that needs verification through a different channel before anyone moves money.
That single rule, verify through a different channel, is the most important thing in this article. The rest is how the scam works, why London is exposed, and the specific verification habits that actually catch it.
Here is a scenario that mirrors what we hear from clients. A management accountant at a London firm opens her inbox at 9.10am and sees a missed call notification with a voicemail attached. She plays it. It is the chief executive’s voice, calm and recognisable, saying he is about to step into a board meeting and needs her to release the payment to the supplier they discussed yesterday. He references a real project. He uses her first name. The voicemail is 40 seconds long. There is no number to call back, just the voicemail and a follow-up email with bank details. She has done this kind of thing for him before. She nearly pays.
The bit that catches people out is not just that the voice is convincing. It is that the rest of the context is convincing too. Attackers research before they call, and modern social engineering wraps a cloned or synthetic voice in real details that make the request feel ordinary rather than odd.
Why London is seeing more of this
Three things put London in the firing line. The first is the sheer volume of executive audio that is already public. Earnings calls, conference talks, podcast interviews, LinkedIn videos, panel events and recorded professional sessions all produce clean, recognisable speech. A founder who has done a 30-minute podcast may already have given an attacker more source material than they need.
The second is concentration. London has a high density of financial services, professional services and head offices, which means a high density of payment authorisers close to a high density of public-facing executives. Attackers go where money moves quickly.
The third is the way voicemail is delivered now. Few people pick up unknown numbers, so voicemail-to-email, Teams voicemail and unified messaging route audio attachments straight into inboxes. The scam is no longer “a strange phone call”. It is an audio file sitting in your inbox alongside everything else, with the same familiar framing that makes it feel routine.
UK Finance’s half-year report for 2025 put authorised push payment fraud losses at £257.5 million, a 12 per cent rise on the same period in 2024. It also reported that 17 per cent of APP fraud cases started through telecommunications networks, while 66 per cent began online. That matters because voice scams often sit between the two: the pressure arrives by phone or voicemail, while the supporting context may arrive by email, Teams or a compromised inbox.
How the technology got here
Modern voice cloning tools can produce a convincing replica from a short sample of clear audio, with longer recordings improving quality. The tools are now widely available, and some require little technical skill to use.
The 2026 International AI Safety Report warned that AI-generated content is already being used for scams, fraud and impersonation. It also cited research showing that people can struggle to tell real voices from AI-generated voice clones. The uncomfortable conclusion is simple: the human ear is not the defence it used to be.
The high-profile cases show the range. In Hong Kong in early 2024, a finance worker at a multinational was deceived during a deepfake video conference and transferred about HK$200 million, roughly £20 million. In January 2026, a Swiss businessman was reportedly persuaded to transfer several million Swiss francs after criminals used a cloned voice. A UK energy firm also lost around €220,000 in an earlier well-documented voice impersonation case.
These are not the only cases. They are the ones that became public. Many do not, because no business likes admitting it fell for a fake executive.
Why email security does not catch this
A voicemail attachment is just an audio file. It may carry no malicious link and no executable payload, so many email security tools have little to block. The follow-up email might come from a spoofed address, a lookalike domain, or a compromised mailbox belonging to someone the recipient trusts.
This is the same pattern that makes business email compromise so effective in general, and the techniques for how to spot a phishing email only get you so far when the credential being abused is a voice rather than a link. Strong technical controls still matter, which is why anti-phishing controls, the foundations in anti-phishing basics, and the practical steps to create an anti-phishing policy all earn their place. They reduce the volume reaching your people. But voice fraud is mostly a process problem on the human side, not just a filter problem.
The verification rules that actually work
The fix is process, not technology. Any payment instruction that starts through a voice channel, voicemail, phone call or video call, should be verified through a separate, pre-established channel before money moves. Not a reply to the email. Not a callback to the number in the message. A separate channel.
| Trigger | Verification step | Who confirms |
|---|---|---|
| Voice or voicemail instruction to pay | Call back on the executive’s known mobile or office line, not the one in the message | The person being asked to pay |
| New beneficiary added to a payment | Confirm bank details by voice on a pre-agreed number, separate from any email | Finance manager or above |
| Change to existing supplier bank details | Independent confirmation with the supplier on a known number, plus internal sign-off | Two named people |
| Urgent payment outside normal process | Pause until the executive is reachable in person, by Teams call you initiate, or in the office | Authorising executive in real time |
| Payment above a defined threshold | Dual approval by two named individuals, regardless of who requested it | Two named approvers |
A few practical points make this stick. First, a callback rule only works if everyone has the right number stored already. Second, urgency should be treated as a reason to slow down, not speed up. Third, the dual approval threshold needs to be low enough to catch the payments fraudsters actually try, not just headline-level transfers.
A code word or challenge phrase between key staff and named executives is also worth setting up. Use it only in voice channels and only when verifying an instruction. Keep it short, memorable and never written in email.
The wider hygiene that supports it
Voice fraud sits inside a wider attack pattern. If an attacker can phish a Microsoft 365 mailbox, they can read enough real correspondence to make the cloned-voice request feel authentic. So strong password best practices, modern detection through why EDR matters, and proper device control through Microsoft Intune all reduce the chance that an attacker is reading your internal email when they make the call. The same goes for endpoint security for remote teams and the practical endpoint hardening steps that reduce real-world attacks.
Credentials sometimes leak before the call comes. Watching for that gives you early warning. The basics are in dark web monitoring explained, the response in what to do if your company credentials appear on the dark web, and the distinction set out in dark web monitoring versus breach monitoring. Our dark web monitoring company service exists for exactly this kind of early signal.
Tested defences hold up better than assumed ones. So network penetration testing explained, the importance of penetration testing in cybersecurity and the cadence question in how often you should run network penetration testing are all part of the same picture. Cyber Essentials accreditation raises the floor across the rest of your environment, and good tips for securing your small business network close the easy gaps first.
Backup matters because if the scam succeeds in getting access rather than just a payment, you may be looking at data theft or ransomware. So Microsoft 365 backup, cloud to cloud backup, and avoiding the common cloud backup mistakes are part of any sensible posture, with Google Workspace backup for teams on that stack and the small business guide to ransomware as a useful read on recovery. As a cloud backup company for London businesses, we treat these layers as one connected picture rather than separate jobs.
A quick note on training
Training that focuses only on “spot the deepfake” is weak. Train on the process instead. Make the callback rule, the code word and the dual approval threshold so familiar that they happen by reflex when an unusual payment request lands, regardless of how convincing the voice or video looks. That sits naturally inside good IT service management and the wider discipline that explains why IT compliance matters. As an anti phishing testing new york and London businesses use, we have learned that the human-first habits that beat phishing also beat voice fraud, because the underlying trick is the same.
If you are looking at this and thinking it is a lot of process to layer on, that is fair. Outsourcing your IT to an MSP is a sensible route for businesses that do not have the internal capacity, and the case is set out in why businesses should consider an MSP for their IT needs.
Cross-border and multi-site realities
If your business runs across more than one country, voice fraud gets harder to defend because attackers exploit gaps between offices. Local finance teams may not know each other well, time zones make verification feel awkward, and the “I’ll just confirm with London later” reflex is exactly what attackers count on.
The fix is the same set of rules, applied consistently across every office, with no exceptions for senior staff who claim they are too busy for the process. Senior staff are the people the fraud is impersonating, so they have the strongest interest in the rules being followed.
We help businesses spread across borders through our european it services and it services global work. If you are consolidating systems and want to set consistent payment controls at the same time, that is the natural moment for it, which is the kind of work our platform migration company builds in. The broader picture is in our security services and the full range of services we offer as a managed IT support services London business, alongside our consulting team for organisations that want help shaping the policy itself. Continuity matters too, which is why your business needs a business continuity plan covers what happens after the fact.
Frequently asked questions
How much audio does an attacker need to clone a voice?
Some modern tools can generate convincing synthetic speech from a short sample of clear audio, with better results from longer samples. Public sources such as podcasts, conference talks and LinkedIn videos often provide enough material for attackers to work with.
Can voice cloning be detected by listening carefully?
Not reliably. Research and recent AI safety reporting both point to the same issue: people struggle to distinguish real voices from AI-generated or cloned voices. For individual employees, the reliable defence is not listening harder. It is verifying through a separate channel before acting.
What is the single most useful control we can put in place?
A strict callback rule on a pre-agreed number, used for any voice-initiated instruction to pay or to change banking details. That habit blocks a large share of these scams because the attacker controls the channel they contacted you on, but not the channel you control.
Are we covered by our bank if we are deceived into authorising a payment?
Not always. The UK’s authorised push payment reimbursement rules, introduced in October 2024, protect consumers, microenterprises and charities in many cases, but larger business reimbursement is far less guaranteed. Prevention is the safer conversation.
Should we restrict what executives say in public?
Not usually. Cutting your chief executive’s public profile is rarely sensible, and the audio may already be out there anyway. The realistic approach is to assume the voice can be cloned and build the verification process accordingly.
Does multi-factor authentication help against this?
Indirectly. MFA makes it harder for an attacker to access your systems with a stolen password, which reduces the supporting context they can gather. It does not stop someone leaving a convincing voicemail, because no login is involved in that step. MFA is necessary, but not sufficient.
The practical next step
If you do one thing after reading this, agree the callback rule for payment instructions today and make sure every member of your finance team has the right numbers stored. If you do a second thing, set a dual approval threshold that matches the values your fraudsters actually try. If you do a third thing, agree a short code word with the people who routinely approve payments, used only to verify voice instructions and never written down in email.
The technology side matters, but it is the smaller part. The verification habits are what stop the money moving.
If you would like help writing the policy, embedding it across a multi-site business, or stress-testing your wider security so the social engineering is the only attack vector left to defend, speak to Northern Star. We will help you put the rules in place before someone you have never met leaves your finance team a voicemail you cannot tell apart from the real thing.
