The video call looked completely normal.
The CFO was there. Three senior executives were on camera. Everyone looked right. Everyone sounded right. The finance employee recognized every face.
Over the next few hours, they authorized 15 wire transfers.
Total sent: $25 million. Every single person on that call was a deepfake.
This was not a Hollywood-level hack. It was not a nation-state cyberattack. It was a group of criminals with access to publicly available AI tools, a few hours of prep time, and a target who had no reason to doubt what they were seeing.
The victim was Arup, a global engineering firm with 18,500 employees. Rob Greig, their Global Chief Information Officer, told The Guardian shortly after: “The number and sophistication of these attacks has been rising sharply in recent months.”
That was February 2024.
By 2025, Entrust’s fraud monitoring network was flagging a deepfake-related identity fraud attempt once every five minutes across its systems. By Q1 2025, industry estimates put deepfake-enabled losses in North America at over $200 million in a single quarter.
Now think about your accounting firm. You hold Social Security numbers, tax returns, payroll records, and detailed financial histories for dozens or hundreds of clients. You have staff who are trained to be helpful, efficient, and responsive to client and partner requests. You operate under immense deadline pressure during tax season.
To a deepfake fraudster, that is not a random target. That is a jackpot.
Table of Contents Show
The Threat Is Accelerating Faster Than Most Firms Realize
Here is a number that should stop you cold: deepfakes went from representing 0.1% of all detected fraud cases in 2022 to 6.5% in 2025. That is a 2,137% increase in three years.
And it is not slowing down.
- 3,000% rise in deepfake fraud attempts in 2023 alone (Onfido)
- Industry estimates put deepfake-enabled losses in North America at over $200 million in Q1 2025 (Resemble AI) — these are modeled estimates, not consolidated regulatory figures, but the directional scale is consistent across multiple sources
- Nearly 1 in 3 businesses reported direct financial losses from deepfake incidents, with a larger share reporting confirmed deepfake attempts (Regula Deepfake Trends 2024, cited in CFO Magazine)
- Entrust’s fraud monitoring network logged a deepfake-related identity fraud signal once every five minutes across its systems in 2024 (Entrust Identity Fraud Report 2024)
- Generative AI fraud is projected to hit $40 billion in the U.S. by 2027, growing at a 32% compound annual rate (Deloitte Center for Financial Services)
Documented individual losses range from the $243,000 UK energy firm CEO voice clone in 2019 to the $25 million Arup attack in 2024. In financial services, 23% of organizations reported deepfake-related losses exceeding $1 million (Regula Deepfake Trends 2024). There is no single established average loss figure, but six-figure losses are now routine in documented cases.
And the most disturbing part? The cost to execute one of these attacks is less than the cost of a lunch. Voice cloning tools can generate a convincing replica of someone’s voice from as little as 3 seconds of audio (McAfee research). The deepfake robocall that disrupted the 2024 New Hampshire primary cost $1 to create and took 20 minutes. A sophisticated CFO voice clone that could pass a phone verification check can be built for less than $2.
“As CPA firms, we are among the most trusted professionals in the landscape. We are entrusted with a lot of client information from financials to controls. That responsibility means we need to be especially vigilant.”
Chris Tait, Principal, Cybersecurity Risk Management, Baker Tilly (Journal of Accountancy, October 2025)
The attackers know exactly who you are. The question is whether your firm knows what is coming.
Why Accounting Firms Are an Especially Valuable Target
Every industry faces deepfake risk. But accounting firms sit at a uniquely dangerous intersection of factors that make them prime targets.
You hold multi-victim data. A single successful breach of a CPA firm does not yield one victim’s data. It yields dozens or hundreds. Social Security numbers, bank accounts, tax filings, payroll data, business financials. One breach, hundreds of identities. Fraudsters understand this math.
You have payment authority. Unlike many professional services firms, accounting staff regularly execute or approve financial transactions. Wire transfers, payroll runs, vendor payments. That authority is exactly what deepfake attackers are trying to exploit.
You operate under intense deadline pressure. Tax season creates a perfect cognitive environment for fraud. Staff are overwhelmed, response times are compressed, and the cost of saying “let me verify this” feels higher than the cost of just getting it done. Attackers know this and time their strikes accordingly.
The numbers reflect this vulnerability directly:
- In 2024, the IRS received 250+ data breach reports from tax professionals, impacting more than 200,000 clients
- Data breaches in the financial industry carry an average cost of $5.56 million, significantly above the cross-industry average of $4.4 million (IBM Cost of Data Breach Report 2025)
- 26% of executives targeted by deepfakes reported the fraudster’s aim was specifically financial and accounting data (CFO.com)
This is not background noise. This is a direct warning to every CPA, tax preparer, and accounting firm principal in the country. The 2026 Risk Outlook from CPA Practice Advisor puts deepfake fraud explicitly at the top of the list of emerging exposures for accounting firms this year.
How Deepfake Attacks Actually Reach Accounting Firms
Forget the image of a hooded hacker in a dark room. Modern deepfake fraud against accounting firms looks like normal business communication. Here are the three most likely attack vectors your firm will face.
Attack Vector 1: The Cloned Managing Partner or Senior CPA
An attacker finds your firm’s website, LinkedIn profile, conference recordings, or YouTube appearances. They feed 15 to 30 seconds of audio into a voice cloning tool. Within minutes, they have a synthetic voice that sounds exactly like your managing partner.
A junior staff member gets a call. It sounds like the boss. It is urgent. It is confidential. “Do not run this through the normal process, we need to move fast.” Wire transfer. Payroll change. Access credentials.
In documented voice-clone scams, fraudsters have triggered six-figure wire transfers by impersonating executives and pressuring staff to bypass normal verification. The pattern is consistent: urgency, authority, and a request to skip the usual process.
Attack Vector 2: Vendor or Client Impersonation
Your firm works with the same vendors and clients for years. That familiarity is a vulnerability. Attackers research your relationships, then call or message posing as a known contact.
“We updated our banking details, can you update our payment records?” “This invoice needs to be processed today before the deadline.” “The client needs a wire sent before close of business.”
The voice is convincing. The context is familiar. The request seems routine. And by the time the real vendor or client calls to ask where their payment went, the money is already in an untraceable account.
This attack type is especially dangerous during tax season when your team is processing high volumes of payments and verifying every call feels like a bottleneck. Our guide on accounts payable controls for accounting firms covers why vendor payment protocols are your first line of defense.
Attack Vector 3: Synthetic Document Fraud and Fake Audit Trails
This one is newer and underreported, but it is worth understanding now.
Deepfakes are not limited to voices and video. AI-generated invoices, synthetic client identities, and manipulated financial documents are emerging as a serious threat to accounting firms specifically. The 2026 Risk Outlook from CPA Practice Advisor raised a direct warning: an embezzler can use deepfake technology to forge financial documents or manipulate the audit trail to fool an auditor.
Imagine a client whose books have been manipulated with AI-generated supporting documentation. Your firm attests to financials that have been synthetically altered. The liability implications alone should get every CPA’s attention.
The Psychology Behind Why Deepfakes Keep Working
Understanding why these attacks succeed is just as important as understanding what they are.
Deepfake fraud exploits four psychological triggers that are deeply wired into professional behavior:
- Authority — “The CFO is calling. I need to respond appropriately.”
- Urgency — “This needs to happen before close of business. There is no time to verify.”
- Familiarity — “I recognize this voice. I recognize this face. This is real.”
- Fear of consequences — “If I slow this down and it is legitimate, I am in trouble.”
These are not weaknesses unique to inexperienced employees. They are normal human responses to professional pressure. And they are exactly what attackers engineer for.
Here is the sobering reality: even under controlled conditions, human detection accuracy for high-quality deepfake video drops sharply compared to lower-quality fakes. Research consistently shows detection rates fall well below 50% for the most convincing synthetic media — and the tools available in 2026 are far more convincing than those tested in earlier studies. And even when AI detection tools flag a suspicious call, research shows that 25% of employees still comply with the fraudulent request.
The human layer is not enough on its own. It never was. But it is especially insufficient when the attacker is using tools that your team has never been trained to recognize.
The Infrastructure Problem Nobody Talks About
Here is the framing that most cybersecurity conversations miss.
Yes, you need protocols. Yes, you need training. Yes, you need verification procedures. All of that matters.
But when a deepfake attack successfully tricks an employee into sharing credentials or approving access, what matters enormously is what is on the other side of that door.
If your systems run on an aging local server, an unsegmented network, or a generic public cloud environment with default configurations, one successful social engineering attempt can expose everything. Every client file. Every tax return. Every payroll record. Every financial document your firm has ever touched.
The deepfake is just the key. Your infrastructure is the lock.
Consider what “good enough” security actually looks like for most small accounting firms today:
- Local servers that have not been patched in months because tax season got in the way
- Staff accessing client files from home networks on personal devices
- Generic cloud storage with shared credentials and no MFA enforcement
- No 24/7 monitoring, because there is no dedicated IT staff to do it
- A Written Information Security Plan (WISP) that was drafted years ago and has not been updated since
Meanwhile, the FTC Safeguards Rule and IRS Publication 4557 now mandate written security plans and specific controls for all tax professionals. Non-compliance carries fines of up to $100,000. Third-party breaches doubled year-over-year according to Verizon’s 2025 Data Breach Investigations Report. Ransomware attacks jumped 126% in Q1 2025.
The math is not complicated. A firm with unmanaged infrastructure, no isolation between client environments, and no real-time monitoring is not a firm that will survive a targeted deepfake attack intact.
We break down the full risk picture in our cybersecurity guide for accounting firms and our accountant’s guide to cybersecurity in 2026. The threat landscape has changed substantially even in the last 12 months.
What Real Protection Looks Like in 2026
Protecting your firm from deepfake-driven financial fraud requires a layered approach. No single control stops every attack. But the right combination of human protocols and hardened infrastructure dramatically shrinks your exposure.
Layer 1: Verification Protocols (The Human Layer)
The most immediate and lowest-cost defense is a set of iron-clad authorization rules that cannot be bypassed, regardless of who appears to be asking.
- Establish a code word system for any wire transfer, payroll change, or sensitive data request. If someone calls claiming to be a partner or senior staff member and cannot provide the code word, the request stops there.
- No financial transaction gets authorized by a single voice or video call alone. Ever. Even if it sounds exactly like your CFO.
- Set a multi-person approval threshold for any transfer above a defined dollar amount.
- If you receive an urgent request by phone or video: hang up, then call back independently using the number you have on file. Do not use the callback number provided in the call.
- Urgency is a red flag, not a reason to skip verification. Legitimate requests can wait for proper authentication.
Our deepfake scam prevention checklist for accounting and tax firms walks through each of these protocols in detail with step-by-step implementation guidance.
Layer 2: Staff Training That Reflects 2026 Realities
Annual compliance training will not protect your firm from deepfake fraud. The threat has evolved too quickly.
Your team needs to be trained specifically on:
- What voice clone vishing sounds like and how it is deployed
- Why fake vendor payment requests are surging and how to spot them
- The authority-urgency pressure tactic and how to interrupt it
- How to use verification code words without embarrassment or friction
This training needs to be ongoing and scenario-based, not a once-a-year checkbox. The firms that come through this era intact will be the ones whose staff can say “let me verify this” without hesitation, even when the voice on the other end sounds exactly like their boss. The Journal of Accountancy’s February 2026 Technology Q&A specifically recommends asking callers to turn on their camera and hold up an ID to defeat video deepfakes on active calls.
Layer 3: Zero Trust Access Controls
Zero Trust means one thing: never trust, always verify. It is now the standard recommended by IRS Security Summit advisors for accounting firms specifically.
In practice, this means:
- Multi-factor authentication (MFA) on every system that contains client data. Microsoft research found that over 99.99% of MFA-enabled accounts remained secure during the study period.
- Principle of Least Privilege: staff access only the data they need for their specific role. A deepfake attack that gains one employee’s credentials should not unlock the entire firm.
- Regular access reviews to remove stale credentials and overprivileged accounts.
- Encrypted communications for all client-sensitive data transfers. Verito’s platform implements 256-bit AES encryption as a baseline standard.
Layer 4: A WISP That Actually Addresses Modern Threats
Your Written Information Security Plan is not optional. Under both the FTC Safeguards Rule and IRS Publication 4557, CPA firms are required to have one. But most WISPs in circulation today were written before deepfakes became an operational threat.
Your WISP should specifically address:
- AI and deepfake impersonation procedures and response protocols
- Voice and video verification requirements for financial transactions
- Vendor payment change authorization requirements
- Incident response steps if a deepfake fraud attempt is suspected
A WISP that checks the compliance box but does not address the actual threat landscape of 2026 is a false sense of security. If you need to build or update yours, Verito’s VeritShield WISP service creates a customized plan built specifically around the FTC Safeguards Rule and IRS Publication 4557 requirements. You can also explore our top WISP templates for accounting firms to see what a strong plan actually looks like.
Layer 5: Secure, Isolated, Monitored Cloud Infrastructure
This is where the architecture of your IT environment determines how much damage a successful attack can actually cause.
Dedicated private servers with completely isolated customer environments mean that even if an attacker gains access to one area, they cannot move laterally to other client data. Generic shared cloud hosting does not offer this isolation. When attackers breach one environment in a shared setup, every other tenant on that server becomes a potential victim.
24/7 real-time monitoring means threats are identified and contained before they escalate, not discovered days later during a manual review. The average time to identify a breach without continuous monitoring is measured in weeks. In 2026, weeks is all the time an attacker needs to do irreversible damage. Our top IT services overview for accounting firms explains what continuous monitoring actually looks like in practice.
SOC 2 Type II certification means an independent auditor has verified your hosting provider’s security controls are not just claimed but actually operating as described. For a CPA firm that stakes its reputation on accuracy and verification, it should matter that your IT infrastructure meets the same standard.
Built-in FTC and IRS compliance means your hosting environment actively supports your WISP requirements, your encryption standards, your MFA enforcement, and your audit trail documentation. You are not building compliance on top of a generic infrastructure. The compliance is baked in. See our full breakdown of IRS Publication 4557 compliance for accounting firms to understand exactly what your infrastructure needs to support.
This is exactly what Verito’s platform is built for. Purpose-built for accounting and tax professionals, with SOC 2 Type II certified infrastructure, completely isolated customer environments, sub-1-minute support response times, and 24/7 monitoring from VeritCertified engineers who understand accounting software. Not generic cloud. Not “close enough.” Infrastructure designed from the ground up for firms that cannot afford the cost of getting it wrong.
“It just works. Securely.”
That is not a tagline. In the deepfake era, that is a survival requirement.
Why 2026 Is the Year That Separates Prepared Firms from Exposed Ones
Several factors are converging in 2026 that make this the highest-risk year yet for accounting firms specifically.
Real-time deepfakes are now the standard. The Arup attack in 2024 used sophisticated pre-recorded deepfakes. By 2025, live real-time video deepfakes on active Zoom and Teams calls had become mainstream attack infrastructure. Your staff cannot tell the difference between a real video call and a synthetic one at a glance.
The attacker skill bar has hit zero. Deepfake tools are open-source, freely available, and require no technical expertise. The fraudster targeting your firm does not need to be a cybersecurity expert. They need 15 seconds of your voice and a $20/month subscription. Our top cybersecurity stats for 2026 tracks how the accessibility of these tools has changed the threat math for small firms.
Prior breaches have enriched attacker intelligence. Every major data breach from the past five years has seeded attacker databases with the kinds of personal and professional details that make deepfake social engineering more convincing. They may already know your clients’ names, their relationships with your firm, and the typical cadence of financial requests.
Tax season amplifies every vulnerability. The combination of compressed timelines, high transaction volumes, and staff under pressure creates the exact environment deepfake fraud is engineered to exploit. January through April is not just busy season. It is high-risk season. Our 2026 tax season preparation guide covers the full security checklist your firm needs before the filing crunch hits.
Deloitte projects AI-driven fraud will reach $40 billion in the U.S. by 2027. That trajectory means the firms that do not get ahead of this in 2026 will be managing the consequences of it for years.
The FinCEN Alert FIN-2024-DEEPFAKEFRAUD, issued in November 2024, was the U.S. Treasury’s first formal warning specifically addressing deepfake fraud in financial contexts. It is not a background advisory. It is a signal that regulators view this as a systemic risk, and that firms without documented response protocols are already behind.
The Question That Matters for Your Firm
Deepfake fraud is not an abstract future threat. It hit a Texas accounting firm’s managing partner. It hit one of the world’s largest engineering firms for $25 million. It is hitting firms with five employees and firms with five hundred.
The question is not whether your firm will be targeted. The question is whether your infrastructure and protocols can contain the damage when it happens.
CPA firms are in the trust business. A data breach, a fraudulent wire transfer, or a compromised client file does not just cost money. It can end client relationships built over decades. It can trigger regulatory action. It can destroy a reputation that took a career to build.
The firms that come through this era intact will not necessarily be the biggest or the most sophisticated. They will be the ones who made the right infrastructure and protocol decisions before the attack happened.
If you are not sure whether your current hosting environment would contain a deepfake-driven intrusion, or whether your security posture meets the 2026 FTC and IRS standards, start here.
Your clients trusted you with the most sensitive financial information of their lives. That trust deserves infrastructure that takes it as seriously as you do.
Frequently Asked Questions
1. What is a deepfake attack, and how does it apply to accounting firms?
A deepfake attack uses AI-generated synthetic audio, video, or documents to impersonate a trusted person. In the context of accounting firms, this typically means a fraudster clones the voice or video likeness of a managing partner, CFO, client, or vendor, then contacts staff to request a wire transfer, payment change, or sensitive data. The request sounds legitimate because it sounds exactly like someone the employee trusts. The Journal of Accountancy’s May 2025 piece on deepfake fraud covers the mechanics in depth for accounting professionals.
2. How realistic are deepfake voice clones in 2026?
Extremely realistic, and getting more convincing every month. Current AI tools can generate a convincing voice clone from as little as 3 to 15 seconds of source audio. Research from McAfee confirms that 3 seconds is enough for a passable replica. Studies consistently show that human detection accuracy for high-quality synthetic media drops significantly below 50%, and the tools available in 2026 are considerably more advanced than those used in prior research. Your staff will not reliably spot the difference by ear alone. This is why protocol-based verification (code words, callback requirements, multi-person approvals) matters far more than human judgment.
3. Why are CPA firms specifically targeted by deepfake fraud?
Three reasons. First, CPA firms hold multi-victim data: one successful breach gives attackers access to dozens or hundreds of clients’ financial identities simultaneously. Second, accounting staff regularly execute or approve financial transactions, which is the direct goal of most deepfake fraud. Third, the pressure of tax season creates cognitive conditions that make careful verification feel like a liability. Attackers understand all three of these dynamics and exploit them deliberately. See our full breakdown of CPA firm security and compliance risks for more on why the accounting sector is uniquely exposed.
4. What is the average financial loss from a deepfake attack?
There is no single verified industry average, and figures vary widely depending on the attack type and target size. What the documented cases do show is that six-figure losses are now routine. The 2019 UK energy firm CEO voice clone cost €220,000. The 2024 Arup attack cost $25 million. In financial services, 23% of organizations reported deepfake-related losses exceeding $1 million (Regula Deepfake Trends 2024). For accounting firms specifically, the exposure is compounded by the fact that a single breach can affect dozens or hundreds of clients simultaneously.
5. What is the FTC Safeguards Rule, and does it apply to my accounting firm?
Yes. The FTC Safeguards Rule classifies tax preparers and accounting firms as “financial institutions” under the Gramm-Leach-Bliley Act. This means all covered firms are required to maintain a Written Information Security Plan (WISP), implement specific data security controls, and designate a qualified individual to oversee the program. Non-compliance can trigger significant civil penalties under GLBA/FTC enforcement frameworks (often cited as up to $100,000 per violation, depending on circumstances). IRS Publication 4557 provides additional specific guidance for tax professionals. Verito’s VeritShield WISP service and our guide on the true cost of IRS WISP compliance are designed specifically to help accounting firms meet these requirements efficiently.
6. How does secure cloud hosting reduce deepfake fraud exposure?
A deepfake attack is only as dangerous as the systems it can access once it succeeds. If an employee is tricked into sharing credentials, a secure cloud hosting environment with isolated customer environments, strict access controls, MFA enforcement, and 24/7 monitoring limits how far an attacker can move and how quickly the breach is detected. Dedicated private servers eliminate the lateral movement risk that exists in shared environments. SOC 2 Type II certification means the security controls are independently verified, not just claimed. The right hosting environment does not prevent social engineering, but it dramatically shrinks the blast radius. Our comparison of cloud hosting vs. local servers for accountants breaks down the security gap in detail.
7. What should a CPA firm do right now to protect against deepfake fraud?
Start with four immediate actions:
1. Implement a code word protocol for any financial transaction or sensitive data request, regardless of who is asking. Our deepfake scam prevention checklist gives you a ready-to-implement framework.
2. Enforce MFA on every system that touches client data. No exceptions.
3. Update or create your WISP to specifically address AI-driven threats, deepfake verification requirements, and vendor payment change protocols. Start with Verito’s WISP guide for accounting firms.
4. Evaluate your hosting infrastructure. If your data is on an unmonitored local server or generic cloud environment, the risk is structural, not just behavioral. Verito’s platform is built specifically for accounting firms that need enterprise-grade security without the enterprise IT overhead.8. What makes Verito different from generic cloud hosting for accounting firms?
Verito is purpose-built for tax and accounting professionals, which means the security architecture, software support, and compliance infrastructure are all designed around the specific threats and regulatory requirements CPA firms face. Verito maintains SOC 2 Type II certified infrastructure, completely isolated customer environments (no shared resources, no lateral movement risk), 99.999% uptime, and 24/7 monitoring from VeritCertified engineers who understand accounting software. The platform natively supports QuickBooks, Lacerte, Drake Tax, CCH Axcess, UltraTax, and other industry-standard applications. There are no annual contracts and pricing is transparent. Generic cloud hosts offer none of this specialization.
