top of page
Search

Deepfake Scams Hit Chicago: 7 Mistakes You're Making with Employee Training (and How to Fix Them)

  • Writer: Jahmar Childs
    Jahmar Childs
  • Aug 28, 2025
  • 5 min read

Here's something that'll keep you up at night: your employees just received a video call from your CFO asking them to wire $50,000 to a "critical vendor." The voice sounds right, the face looks familiar, and the urgency feels real. There's just one problem—your CFO is sitting in a meeting three floors down, completely unaware of what's happening.

Welcome to 2025, where deepfake scams have moved from science fiction to your company's biggest security threat. In Chicago, small and mid-sized businesses are getting hit hard by these AI-generated deceptions, and most don't even realize how vulnerable they are.

Just ask the folks at Arup, a British engineering company that lost $25 million to deepfake scammers who convinced an employee they were talking to the real CFO on a video call. Or consider WPP, the world's largest advertising agency, where scammers used cloned voices and old video footage to impersonate their CEO during fraudulent meetings.

If you think your current employee training is enough to stop these attacks, think again. Here are the seven critical mistakes Chicago businesses are making with deepfake training—and how to fix them before it's too late.

Mistake #1: Treating Deepfakes Like Regular Phishing Scams

Most Chicago businesses are still using the same old security training they've had for years. You know the drill: "Don't click suspicious links, use strong passwords, watch out for Nigerian princes." But deepfakes aren't your typical phishing email—they're sophisticated, personalized, and incredibly convincing.

The Fix: Start treating deepfake awareness as its own category of security training. Your employees need to understand that they can no longer trust their eyes and ears when it comes to digital communications. This means questioning even video calls and voice messages from people they think they know.

Mistake #2: Running Training Once a Year and Calling It Good

Here's a reality check: your annual security training is probably forgotten within a few weeks. Meanwhile, deepfake technology is advancing every single month. By the time your next training session rolls around, the techniques your employees learned are already outdated.

The Fix: Switch to quarterly deepfake awareness sessions with monthly micro-trainings. Send out short, 5-minute videos showing real deepfake examples. The key is repetition and staying current with the latest tactics scammers are using.

Mistake #3: Not Showing Real Deepfake Examples

Most training programs talk about deepfakes in theory but never actually show employees what they look like in practice. It's like teaching someone to spot counterfeit money without ever showing them a fake bill. Your team needs to see these things to believe how convincing they can be.

The Fix: Create a library of deepfake examples—both obvious fakes and subtle ones. Show your employees deepfake videos of celebrities first (they're easier to find and less threatening), then move to business-focused examples. The goal is to build that healthy skepticism muscle.

Mistake #4: Ignoring Voice-Only Deepfakes

Everyone's focused on deepfake videos, but voice cloning is often the real threat for businesses. A scammer can create a convincing voice clone of your CEO with just a few minutes of audio from your company's website, social media, or podcast appearances.

The Fix: Include voice deepfake examples in your training. Teach employees to listen for subtle signs like monotone delivery, slight delays in responses, or phrases the real person wouldn't typically use. Most importantly, establish verification protocols for any unusual voice-only requests involving money or sensitive information.

Mistake #5: Not Teaching Practical Detection Skills

Your employees can't just rely on gut feelings to spot deepfakes. They need specific, actionable techniques to identify red flags. Without these skills, they're sitting ducks for sophisticated attacks.

The Fix: Train your team to look for:

  • Mismatched lip movements or facial expressions

  • Inconsistent lighting or shadows on the face

  • Unnatural blinking patterns (too much or too little)

  • Audio that doesn't quite sync with mouth movements

  • Background inconsistencies or digital artifacts

Make this practical by having employees practice with real examples during training sessions.

Mistake #6: Failing to Create Clear Verification Procedures

Even if an employee suspects something's off, they often don't know what to do next. Many are afraid to question what appears to be a legitimate request from leadership, especially when there's pressure to act quickly.

The Fix: Establish crystal-clear verification procedures that employees can follow without fear of repercussion. For example:

  • Any financial request over $1,000 requires two-factor verification through a separate communication channel

  • Employees can always pause and verify unusual requests, regardless of apparent urgency

  • Create a "safe word" system that real executives use to verify their identity in urgent situations

Mistake #7: Not Preparing for the Emotional Manipulation Factor

Deepfake scammers don't just rely on technology—they use emotional manipulation to override logical thinking. They create urgency, exploit trust, and make employees feel like heroes for "helping" in a crisis situation.

The Fix: Include psychological awareness in your deepfake training. Teach employees that legitimate leaders rarely create artificial urgency around financial decisions. Help them recognize when they're being emotionally manipulated and give them permission to slow down and verify, even when pressured to act quickly.

Beyond Training: Building a Deepfake-Resistant Culture

Training is just the beginning. You also need to create a company culture where questioning and verification are celebrated, not discouraged. This means:

  • Leadership modeling good verification behavior

  • Rewarding employees who catch suspicious activity

  • Never punishing someone for double-checking what turns out to be legitimate

  • Regularly updating your incident response plan to include deepfake scenarios

The Chicago Connection

Why are Chicago businesses particularly vulnerable? Our city's thriving business ecosystem makes us attractive targets. Scammers can easily research local companies through social media, news articles, and public records. They can create convincing scenarios using local landmarks, recent news events, or industry-specific challenges that make their deepfakes more believable.

Plus, Chicago's mix of traditional industries and tech-forward companies creates a perfect storm. Companies that are digitally sophisticated enough to use video conferencing regularly, but not necessarily up-to-date on the latest security threats.

The Bottom Line

Deepfake scams aren't a future threat—they're happening right now. The question isn't whether your business will encounter one, but whether your employees will be ready when it happens.

The good news? With proper training and clear procedures, deepfakes are still detectable. The technology hasn't reached the point where perfect fakes are easy to create. But the window for staying ahead of this threat is closing fast.

Don't wait until you're reading about your company in the news as the latest deepfake victim. Start fixing these seven training mistakes today, and give your employees the tools they need to protect your business from this rapidly evolving threat.

Your future self—and your company's bank account—will thank you for taking action now rather than waiting until it's too late.

Schedule your free IT risk assessment today.

 
 
 

Comments

bottom of page