Deepfakes are AI-generated audio, video, or images designed to look and sound real—even when they aren’t. For small and medium-sized businesses (SMBs), that matters because trust is operational. When an employee believes the “CEO” on a call is real, or a customer believes a fake video is authentic, the business can lose money, data, and credibility fast. This article explains how deepfake-enabled scams are showing up in day-to-day SMB risk, what controls actually work, and where insurance fits (and doesn’t). What “deepfake risk” really looks like for SMBs Most deepfake incidents don’t start with a perfect Hollywood-quality video. They start with a believable moment: A panicked voice note that sounds like an owner: “Wire this payment now—don’t delay.” A video call that looks like a leader approving an urgent vendor change. A fake “customer testimonial” that convinces prospects—or a fake complaint that triggers a PR fire. Deepfakes are rarely the entire attack. They’re an upgrade to scams SMBs already face (phishing, vendor fraud, business email compromise). They make social engineering more convincing and harder to dismiss. The broader environment is getting worse, too: the FBI’s Internet Crime Complaint Center (IC3) reported $16.6B in losses in 2024 across internet crime and fraud, emphasizing how pervasive these schemes have become.( ic3.gov ) The four ways deepfakes hit SMBs 1) Payment fraud and “executive impersonation” This is the most direct, most expensive path. Deepfake voice (and increasingly video) can be used to impersonate an owner, controller, or executive and push a finance team toward: urgent wire transfers “new bank account” updates for vendors payroll diversions gift card and cryptocurrency payments The FBI has specifically warned about audio deepfakes being used in impersonation campaigns to manipulate targets into taking actions that benefit the attacker.( arstechnica.