Hire Me
Justice Ugo
Justice Ugo
Cybersec Engineer
← Back to Blog
Research / AI Deepfakes Nigeria Fraud AI security Africa

That video of your CEO is fake but you already sent the money.

Justice Ugo
Justice Ugo
28 May 2026 · 10 min read

(Disclaimer: This is not a true story, but stay with me now). A finance officer working in an office in Lagos got a WhatsApp video call. The managing director appeared on the screen. Same voice, same gestures, same way he tilted his head when he was serious. He needed her to transfer urgently. The banks were closing. It was time-sensitive. She transferred the money.

The managing director never made that call. He was at a seminar in Abuja; his phone was off. By the time anyone realised what was going on, the money had vanished through three accounts in three different countries, making it impossible to trace.

This is what deepfake fraud looks like in 2026. This is not science fiction. Not just happening to American banks. This is happening here, it's happening now, and it works.

screenshot 1

Caption: Hong Kong finance worker duped into sending $25m after deepfake video chat pretending to be firm bosses. Source: CNN, Feb 2024

What exactly is a deepfake?

A deepfake is a video, audio clip or image that has been edited using artificial intelligence to make it appear as if someone said or did something they never said or did. The name comes from “deep learning", the artificial-intelligence technique used to create them.

The system works by training an AI model on footage of a real person, their face from multiple angles, their speaking patterns, and their facial expressions. Once trained, the model can create brand new videos of that person saying anything the attacker wants them to say. The more video the AI has to learn from, the more believable the output.

A few years ago, making a convincing deepfake required technical know-how and expensive technology. There are apps now that will do it for free in minutes. There is basically zero barrier to entry. Your face is a training data on Instagram. Your voice on that podcast is training data. That video you posted congratulating yourself on your birthday is a training data.

screenshot 2

Caption: Can you tell which face is real? The Detect Fakes project at MIT shows just how sophisticated modern deepfakes are. Source: MIT Media Lab

"It used to take a Hollywood studio and six months of post-production, today it fits on a smartphone and takes six minutes.”

How it’s being used to steal money in Africa

Use cases are outrunning organisations' ability to defend themselves against. Here are the ones now taking place in Nigeria and the rest of Africa:

CEO fraud on video call. This is the scenario that opened this article. An attacker calls a member of the finance team on video, clones the face and voice of a corporate leader and requests an urgent transfer. The psychological stress of being able to watch and listen to your employer live on a call is tremendous. Most people comply.

False investment recommendations. Public figures, politicians, preachers, and business leaders have their looks cloned and their voices cloned to endorse investment schemes and cryptocurrency platforms they have never heard of. Viewers see someone familiar and credible asking for money. That has cost tens of thousands of lives in West Africa alone.

KYC bypass fraud. A lot of fintech platforms in Nigeria ask for a video selfie to verify your identity. Now, attackers are using deepfake video production to bypass these checks with stolen identity documents, creating fully fake “live” verification videos that fool automated systems.

Fake remote job interview There are documented cases of candidates wearing a fake face during remote job interviews, with the real person (or an AI) answering questions, according to the EFCC and foreign cybersecurity authorities. Companies have hired workers who aren’t even in office.

Political and reputational manipulation. Videos of politicians making statements they never made are being circulated ahead of elections. Faking audio of corporate execs to influence stock prices and business decisions. Sometimes the damage isn’t even monetary; sometimes it’s just chaos. And disorder has its own purpose.

screenshot 3

Caption: Investment frauds using deepfakes and cloned faces of public figures are becoming increasingly popular in West Africa. Source: TheCable

By the numbers

  • $25 million in a single deepfake video call scam in Hong Kong, 2024
  • Africa ranks third globally for identity fraud, including deepfake KYC bypass attempts

Why Nigeria and Africa are particularly vulnerable

The same features that make African fintech so exciting – rapid digital adoption, mobile-first banking, video-based KYC and a growing middle class transacting online – are the same factors that make the continent an appealing target.

Most Nigerian organisations lack deepfake detection tools. Most people have never been told what a deepfake is, never mind how to spot one. Most companies are still talking about phishing emails and bad passwords when it comes to cybersecurity. Not wrong, but not everything either.

There’s also a cultural dimension that attackers are actively exploiting. The hierarchy is so real in Nigeria. You return your MD’s calls. When your MD says it’s urgent, you move fast. Deepfake attackers are not just using technology. They are also leveraging trust, authority and the velocity of hierarchical societies when a superior asks for something.

How to spot a deepfake from the real thing

Deepfake technology is incredible today, but it’s not perfect. There are tells, and knowing them can save you or your organisation a lot of money:

Blinking unnaturally. The first deepfakes barely blinked. Modern ones blink too often or at odd intervals. See the eyes.

Lighting issues. The face and background are often lit differently. Look for shadows that are out of place or a face that looks too bright or too flat.

Edges around the face are blurred. In deepfakes the edge between the face and the hair or the face and the background is often a little blurry or distorted.

Audio slightly out of sync. Lip movements are slightly ahead of or behind the speech. Artificial pauses. Flat tone of feeling, even when dealing with urgent material.

Weird channel or urgency. Your MD has never asked for a transfer over WhatsApp. The request is urgent. You are told not to tell anybody else. These are social engineering flags regardless of the technology.

screenshot 4

Caption: Common visual artefacts of deepfake videos: blurry edges around the face, unbalanced features, fake skin texture Source: Detect Fakes, MIT Media Lab

What organisations need to do now

The good news is that most deepfake fraud does not require sophisticated detection systems to be prevented. It requires work.

Create a verbal codeword system. for CEOs and finance teams. Any request for an urgent transfer, however made, must be confirmed by a pre-agreed codeword on a different channel. No code word, no transfer. “Period.”

Set a two-person rule. for any transfer above a threshold. No individual can ever authorise alone. The attacker can deepfake one person on a call, but not two persons phoning each other over separate channels.

Train employees on what deep fakes look like. Give examples. Conduct internal simulations. The financial officer of our introductory anecdote has never seen a deepfake presentation in her life. In her eyes, there was no reason to suspect.

Minimise your digital footprint wherever possible. The less footage you have of your executives in the public domain, the less training data attackers have. In an age of LinkedIn videos and company YouTube channels, it’s a hard thing to do, but it’s worth thinking about.

The painful truth

We are not in the middle of this problem; we are only at the beginning. The technology is progressing faster than we can see it. The visual artefacts that currently give away deepfakes, such as hazy edges and weird blinking, will largely disappear within two to three years. We will exist in a universe where seeing is no longer believing. Where a video call with a familiar face is not proof that they are who they say they are.

That sounds scary, and it is. But the answer has always been less tech and more process. Banks don’t allow big transfers on just caller speech recognition; they have many layers of verification. Now that logic has to be applied to all organisations that move money, that make decisions and have people in positions of responsibility whose faces are publicly available.

That money came from the financial officer. He wasn't a fool. She was dependable. Trust is no longer a security protocol in 2026