That Zoom call with your CFO might not actually be your CFO.
In early 2024, a finance worker at a multinational firm in Hong Kong sat through a full video meeting with what looked like the company’s CFO and several other colleagues. Every single face on that call was an AI deepfake. By the time the employee figured it out, they had already wired about 25 million dollars across 15 transactions. The number is hard to even picture.
For a small business in Fort Myers or Cape Coral, the dollar amount is smaller. The mechanism is the same. And the attacks have nearly doubled year over year heading into 2026.
Here’s whats happening, why local businesses are getting picked off, and what you can actually do this week.
How a deepfake video scam in Fort Myers actually works
The attacker scrapes 30 seconds of clean audio and a few photos of an executive. Could be from a podcast, a LinkedIn video, even a Chamber of Commerce panel recording. That’s enough to clone the voice. For video, they use face-swap models that run in close to real time on a gaming laptop.
Then they set up a fake Zoom or Teams call. They invite an employee in accounting, in HR, or whoever signs off on wires and payroll. The “CEO” joins. Sometimes the “CFO” joins too. The boss says something urgent: a vendor switch, a tax deposit, a confidential acquisition. The transfer needs to happen now, before the markets close, before the deal leaks. Don’t tell the other partners yet.
The employee follows instructions because the face and the voice match. The whole call lasts maybe nine minutes.
By the time someone calls the real CEO to confirm, the money is gone and bouncing through three banks in Hong Kong or Dubai.
Why Fort Myers small businesses are easy targets
Bigger firms have wire fraud controls, callback rules, and finance teams that ask questions. A 12 person company in Cape Coral usually has one bookkeeper, the owner, and an external accountant. The wire approval flow is a phone call or a text. Sometimes its just one email.
Local visibility makes it worse. A Fort Myers business owner showing up on a Chamber panel, at a Gulf Coast Business Review interview, or on a popular Facebook page is leaving audio and video samples in public for free. Anyone with 20 minutes can pull that down. The attackers don’t need to break into anything to start.
And the staff arent watching for this. Most folks I talk to still think of “phishing” as a sketchy email with a weird link. They don’t know a video call can lie to them.
Five signs the person on the call probably isnt who they say they are
Some signals to watch for during a live meeting:
The face on the call won’t turn fully sideways. Real-time deepfakes break down at sharp profile angles, so the model keeps the head mostly forward.
Lip sync drifts slightly during long sentences. Watch the mouth on a five second clip and you’ll see a half-beat offset that doesn’t match natural speech.
The lighting on the face doesn’t match the background. Background is dim, face is flat-lit. Or the other way around.
The “executive” pushes urgency hard and asks you to keep the request quiet. Real bosses sometimes do this too, which is part of the problem. But its the most consistent feature of every deepfake CEO scam reported in the last 18 months.
Background details glitch when the person moves. Earrings disappear and reappear. The chair shifts. A coffee cup duplicates.
If you see two of these signs on the same call, end the meeting and call the person back on their normal phone number. Not the one the meeting invite came from.
What Fort Myers businesses can do this week
A handful of practical moves that genuinely help:
Set a callback rule for any money movement. Any wire, ACH, vendor change, or large purchase requires a phone callback to a known number, not a number in the email or chat thread. Train the staff to do this even when the request comes from the owner. Especially when the request comes from the owner.
Pick a verbal code word. Choose a phrase only the bookkeeper and the owner know. If a video call asks for a wire, the bookkeeper just casually drops “by the way, whats the code?” If the boss can answer, fine. If the boss panics or sidesteps, hang up.
Lock down your public audio. You don’t have to delete your speaking videos. But assume any video of you talking for more than 30 seconds can be cloned. Plan your wire approval flow with that in mind.
Get phishing-resistant MFA. Push-based MFA can still get bombed. FIDO2 keys (YubiKey or similar) and passkeys actually shut down the credential side of these attacks. We’ve been moving local clients to passkeys this quarter and the difference is real. More on MFA push bombing here.
Run a tabletop drill. Spend 20 minutes with the team. Walk through a scenario where the boss appears to send an urgent wire request on Teams. See who would catch it, who wouldn’t. Most teams find at least two holes the first time they try this.
Need help locking this down before something happens?
Most of our clients in Fort Myers, Cape Coral, Bonita Springs, and Naples find out their wire approval flow has gaps the day before something bad happens. We can run through yours in an hour. We’ll look at MFA, wire callback rules, email gateway settings, and what your real exposure looks like based on whats already public about you.
Call HenkTek at (239) 234-2334 or grab a free consultation at henktek.com/contact. We work with small businesses across Southwest Florida, and we’d rather help you set this up now than clean up a wire fraud later.
For more background on the broader threat, CISA tracks AI-driven social engineering attacks and the FBI’s IC3 page publishes the latest financial impact numbers across the country.