Deepfake Voice Scams: The AI Fraud Threat Perth Businesses Can't Ignore

AI can now clone a voice from seconds of audio, and businesses are losing millions to fake 'CEO' calls. Here's how deepfake scams work, why Perth SMBs are targets, and the simple process that stops them. From Computer Mechanics, Perth IT specialists since 1997.

Garry BloomGarry Bloom · Founder & Senior IT Manager
13 July 2026
5 min read
Cybersecurity
AI
Deepfakes
Scams
Perth Business
A deepfake voice scammer impersonating a company executive to defraud a business

Imagine your accounts person gets a phone call. It's the director's voice — unmistakable, right down to the way they clear their throat — asking them to urgently push through a payment to a new supplier account before close of business. They do it. The problem is, the director never called. It was AI, and the money is gone.

This isn't a hypothetical for the future. In 2026, deepfake voice and video fraud is one of the fastest-growing threats to Australian businesses, and — contrary to what most owners assume — small and medium businesses are squarely in the firing line. Here's what's actually happening, and the surprisingly simple thing that stops it.

What a deepfake scam is

A deepfake uses artificial intelligence to imitate a real person — cloning their voice, or even putting their face on a live video call. Criminals use it to make a fraudulent request look and sound completely genuine, because it appears to come from someone the victim knows and trusts: a manager, a director, an accountant, or a supplier.

What's changed is how cheap and easy this has become. Cloning a convincing voice used to need studios and expertise. Today, a few seconds of someone's audio — lifted from a voicemail greeting, a webinar recording, a podcast, or a social media clip — is enough to produce a clone good enough to fool a colleague over the phone.

Why small businesses are now targets

There's a persistent myth that cybercriminals only bother with big corporations. Deepfake fraud proves the opposite. Attackers go where the defences are weakest, and smaller businesses typically have fewer financial controls, less security awareness training, and more informal ways of approving payments — exactly the conditions a deepfake scam exploits.

The numbers are sobering. Globally, businesses have lost hundreds of millions of dollars to AI-enabled voice and video fraud — including one engineering firm tricked into transferring roughly US$25 million after a video call with what staff believed were senior executives. The rise of remote and hybrid work makes it worse: when face-to-face contact is rare, a convincing voice on the phone is often all the "proof" anyone gets before acting.

What it looks like in practice

Deepfake fraud usually shows up as an urgent, high-pressure request to move money or change details:

  • The fake "CEO" call — a voice that sounds exactly like your boss, asking for an urgent transfer, a gift-card purchase, or a payment to a new account.
  • The supplier "bank change" — a voice message or call confirming that a supplier's payment details have changed, redirecting your next invoice to a criminal's account.
  • The video-call authorisation — a manager appearing on a call to approve a payment or a sensitive data request.

In every case, the attacker is banking on two things: that the request sounds legitimate, and that urgency will stop the victim pausing to check. This is the same playbook as business email compromise — just with AI making the impersonation far more convincing.

Why "train staff to spot the fake" isn't enough

The instinctive response is to teach people to listen for tell-tale signs. The uncomfortable truth is that good deepfakes are now very hard to detect by ear or eye — and they're getting better every month. Relying on your team to catch a flawless fake, under time pressure, is a losing strategy.

So the defence has to shift from detection to process. You stop assuming that sounding right is proof of being right.

The one habit that defeats it: verify out-of-band

The single most effective control costs nothing and works no matter how convincing the fake is: out-of-band verification.

Any request to move money, change bank details, or reset access must be confirmed through a separate, trusted channel before anyone acts. In practice that means: hang up, and call the person back on the number you already have saved for them — never a number supplied in the message. If the request is genuine, a 30-second call confirms it. If it's a scam, that call is exactly where it collapses, because the real person has no idea what you're talking about.

Wrap a few more controls around that habit:

  • Dual authorisation for payments above a set amount, so no one person can approve and send a large transfer alone.
  • A written approval process for any change to payment or banking details.
  • Short, regular security-awareness training so staff expect these scams and feel safe slowing down to check.
  • A no-blame culture, so an employee can question an "urgent" request from the "boss" without fear of getting in trouble.

None of this is expensive or technical. It's a small change to how your business approves money and access — and it neutralises the scam regardless of how real the voice sounds.

The technology layer still matters

Process is the frontline defence, but strong fundamentals shrink the attack surface that makes these scams possible. Phishing-resistant multi-factor authentication and passkeys stop the credential theft that often precedes a targeted deepfake. Good email security filters the messages that set these attacks up. And aligning to the ASD Essential Eight raises your baseline resilience across the board.

The bottom line for Perth businesses

Deepfake fraud has moved the goalposts: the biggest risk is no longer a weak password, but a request that looks and sounds completely legitimate and isn't. You can't out-listen a good fake — but you can make it your firm, boring, non-negotiable policy that voice and video alone never authorise money or data. That one rule protects you no matter how good the AI gets.

If you'd like help putting the right verification processes, training and security controls in place — before a convincing voice costs your business real money — talk to the Computer Mechanics team or call (08) 9325 1196. We've kept Perth businesses secure since 1997, and we're happy to explain it all in plain English. (If you're ever hit by a scam, contact your bank immediately to attempt a recall, and report it via ReportCyber at cyber.gov.au.)

Garry Bloom
Written by
Garry Bloom
Founder & Senior IT Manager · 25+ years in IT

Garry founded Computer Mechanics — the business behind IT Support Perth — in 1997. With more than 25 years in IT management and support across internal and external service environments, he leads the team's technical direction and its cybersecurity and managed-IT strategy for Perth businesses.

Meet the IT Support Perth team →
Garry Bloom
13 July 2026
5 min read
Cybersecurity
AI
Deepfakes
Scams
Perth Business

Stay Updated with IT Insights

Get the latest cybersecurity tips and technology insights delivered to your inbox

Related Articles

Passkeys vs Passwords: A Plain-English Guide for Perth Businesses

Passwords are behind most account breaches. Here's how passkeys work, why they're safer, and how your Perth business can start using them. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

Building an Essential Eight Stack: The Tools That Actually Do the Work

There's no single product that 'implements' the ACSC Essential Eight — you build a layered stack of tools, each carrying one or more controls. A practical guide to the tools worth shortlisting and the combination we'd recommend for a mid-sized Australian organisation. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

What's Included in a Managed IT Contract? Hidden Costs Perth Businesses Should Watch For

A plain-English buyer's guide to managed IT contracts for Perth businesses — how MSP pricing works, what should be in the monthly fee, the hidden costs to watch for, and the one question that cuts through it all. From Computer Mechanics, Perth IT specialists since 1997.

5 min read

Need Expert IT Support?

Get personalized advice from our Perth IT experts. Free consultation available.

Related Content

Continue Reading

Explore more insights and expert advice on IT support, cybersecurity, and digital transformation

Your Messages Are "Encrypted" — But the FBI Just Read Them Anyway. Here's What Every Perth Business Needs to Know.
CyberSecurity
ITSupportPerth

Your Messages Are "Encrypted" — But the FBI Just Read Them Anyway. Here's What Every Perth Business Needs to Know.

Most small business owners believe end-to-end encryption means their messages are completely private. A recent FBI case proves that assumption is dangerously incomplete.

5 min read
4/15/2026
What’s new in SMB1001:2026?
SMB1001
SMB10012026

What’s new in SMB1001:2026?

SMB1001:2026 updates for Perth SMBs: Mandatory DMARC from Silver tier, 5 maturity levels, Essential Eight alignment. Get certified, cut insurance costs, win tenders—start your roadmap today!

5 min read
2/25/2026
Passkeys vs Passwords: A Plain-English Guide for Perth Businesses
Cybersecurity
Passkeys

Passkeys vs Passwords: A Plain-English Guide for Perth Businesses

Passwords are behind most account breaches. Here's how passkeys work, why they're safer, and how your Perth business can start using them. From Computer Mechanics, Perth IT specialists since 1997.

5 min read
7/13/2026