A finance manager at a mid-sized manufacturing company in Pune recently transferred 47 lakh rupees to a fraudulent account after receiving a video call from who appeared to be his company’s CEO — giving him direct instructions to process an urgent payment to a new supplier. The CEO’s face was convincing. His voice was convincing. His mannerisms were convincing. None of it was real. It was a deepfake, and it cost the company nearly half a crore rupees before anyone realised what had happened.
This is not an isolated incident. Deepfake fraud — the use of AI-generated video, audio, or images to impersonate real people — is rapidly becoming one of the most serious and fastest-growing cybersecurity threats facing Indian businesses of all sizes. What was once a sophisticated attack requiring significant technical expertise and expensive equipment can now be executed by relatively low-skilled fraudsters using freely available AI tools that cost nothing to access.
The implications for businesses are severe, and the window for getting ahead of this threat is narrowing quickly.
How deepfake attacks work
The most common form of deepfake fraud targeting businesses is what security professionals call Business Email Compromise evolved — or BEC 2.0. In traditional BEC attacks, fraudsters impersonate executives via email to trick employees into transferring money or sharing sensitive information. Deepfake fraud takes this a step further by adding convincing video or audio to the deception, dramatically increasing the likelihood that a target will comply with a fraudulent request.
Attackers typically gather publicly available video and audio footage of a target executive — from LinkedIn, YouTube interviews, conference presentations, and social media — and use AI tools to create a convincing synthetic version that can be used in a fake video call or voice message. The entire preparation process can take as little as a few hours with modern AI tools.
The Indian business risk
India’s rapid digitalisation, combined with a relatively low baseline of employee cybersecurity awareness in many organisations, makes Indian businesses particularly attractive targets for deepfake fraud. The combination of growing business transaction volumes, increasing use of video communication tools post-pandemic, and the widespread availability of executive content on Indian social media platforms creates an environment where deepfake attacks can be executed with relatively low effort and high success rates.
Small and medium businesses are especially vulnerable because they typically lack the security awareness training programmes, verification protocols, and technical defences that larger enterprises have implemented. Fraudsters know this and actively target SMEs as softer targets than large corporations.
