LEGALAUDIT
Cyber Coach

AI fraud

Vishing and voice cloning: CEO fraud by phone

Calls that imitate your CEO, bank manager or family member. 30 seconds of audio is enough to clone a voice.

10 min readIntermediate

Red flags to recognize

  • Familiar voice but unusual phrasing, unnatural pauses or artefacted breathing
  • Urgent transfer, OTP code or remote access request
  • Vague references to 'a confidential case' or 'do not tell anyone'
  • Spoofed caller ID to appear internal or bank-side
  • Background noise that switches abruptly or is totally absent
  • Insistence on staying on the line until the operation completes
  • The voice repeats the same sentence with identical inflection (TTS limit)

What to do now

  • Hang up and call back the verified official number
  • Set a family and corporate codeword for sensitive requests
  • Mandatory double signature on transfers above a low threshold
  • Record the call if local law permits, for forensic analysis
  • Never confirm personal data or codes by phone
  • Train the team: the CFO never approves by voice, only by traced channel

Real case

Cloned-voice CEO fraud, Lombardy 2025

An Italian subsidiary of a Swiss group receives a WhatsApp call from its CEO: voice, intonation and mannerisms are perfect. The CEO asks the CFO for an urgent 280,000 EUR transfer to a Hong Kong supplier to close a confidential acquisition.

The CFO sends the transfer in 40 minutes. Only at the end of the day, hearing the real CEO in the office, does he discover the fraud. The criminals had collected three minutes of CEO audio from a public YouTube interview and cloned the timbre with a commercial model.

Mythos audio analysis flagged the voice as synthetic: spectrogram with too-regular harmonics, coherent formants but missing breathing, synthesis micro-pauses at sentence start. The dossier supported the SWIFT recall request within 72 hours.

What Mythos can do on this case

  • Audio spectral analysis: harmonics, formants, synthesis micro-pauses
  • Comparison with authentic samples when available (speaker verification)
  • Detection of patterns from major commercial TTS engines
  • Audio metadata extraction (codec, sample rate, container)
  • Caller-ID cross-check with known spoofing databases

Next steps

Analyze the audio with MythosLesson: when the phone lies