Voice impersonation attacks began to gain traction in 2024. In 2026, they are commonplace, driven by the acceleration in the availability of AI tools. In response, businesses have added additional layers of confirmation, including Zoom, FaceTime, etc. for live video verification. However, deepfake video technology is also rapidly proliferating, producing lifelike results cheaply. Attackers and bad actors are outpacing our adoption of defensive measures.

In just one example of deepfake financial scams, in March 2025 a finance director at a multinational firm in Singapore received an urgent request from the CFO to execute a $499K transfer for a “confidential project.” The CFO then initiated a Zoom with the finance director and “other senior executives.” The faces and voices matched and the body language was natural but the C-level “executives” were all deepfakes and, in the end, the finance director authorized a $499,000 transfer at their request to a money-mule account controlled by the criminals. Straits Times, April 2025

The next attack on your office won't announce itself as a scam but it may look like a slightly off conversation with someone you know. Family offices that act now won't be in next year's case studies.

Banks run large fraud teams, behavioral monitoring, and 24/7 security operations. Most single-family offices do not. A deepfake video call is far more likely to land without challenge at a family office than at a major institution.

For principals, data is being trained on their public presence — conference panels, speeches, philanthropy galas, podcasts, LinkedIn, press coverage — all used to develop virtual profiles. Additionally, advisors, staff, and family members are often a search away. Security through obscurity is not a strategy.

Additionally, family office staff are trained to respond with speed and efficiency — and to act when the principal asks. A request that arrives with the right voice, the right face, and a plausible reason for urgency is expected to be executed with confidence.

PEOPLE AND PROCESS OVER TECHNOLOGY 

The best defense is not better technology — it’s properly defined processes and expectations set with principals, staff, and teams. 

CULTURE SHIFTS 

Create a culture of inquiry and curiosity. Prevented attacks are stopped by individuals who slow down and ask questions. Principals and family office leaders must set the precedent that pausing to verify is encouraged and supported. 

AGREE BEFORE NEED

The decision of how to verify must be made when no one is asking for anything. Develop code words known only to the principal and a small circle of family office staff. Plan for request verifications on channels you control. 

TREAT VIDEO AS CONTEXT, NOT CONFIRMATION 

Three out of four people cannot detect deepfake video. For any transaction above your agreed threshold, treat a video call as just one part of the verification process.

RIGHT-SIZED PROCESSES

A family office is not a Fortune 500 compliance department. Sit with each principal, define the threshold above which speed yields to verification, document it, revisit it regularly. Most losses don't happen because a process was bypassed — they happen when there is no process.

In our next Intelligence Briefing, we’ll take a closer look at ShinyHunters, one of the most active cybercriminal groups operating today, responsible for breaching more than 400 organizations in 2025 and 2026, including family offices. Stay tuned.

Our TCF Insights Series, a 3-part discussion of our survey report and findings, kicks off on May 20, 2026. Register below!

Start a conversation with us about where your family office stands.

TCF Confidence Checks Talk to us about where you are with your cybersecurity program.