Can You Tell Which Is Real? Deepfakes, Fraud & the Future of AP Risk

September 10, 2025

Share

59
16 min
Whether you're a finance leader, AP manager, or frontline processor, this is a must-listen conversation on the next frontier of fraud—and how to defend against it.
Debra Richardson
Debra Richardson
Grace Chlosta
Grace Chlosta, Senior Content Manager, IOFM

Deepfake fraud is no longer a futuristic fear, it’s here, and it’s targeting accounts payable teams. With AI-powered voice, video, and image manipulation getting scarily convincing, finance professionals need to be ready.

In this eye-opening episode, Debra Richardson breaks down how deepfakes are being used to manipulate vendor payments, impersonate executives, and bypass traditional fraud controls. She shares real-world examples and delivers practical tips AP teams can use to stay one step ahead.

Whether you're a finance leader, AP manager, or frontline processor, this is a must-listen conversation on the next frontier of fraud—and how to defend against it.


Debra Richardson

Debra is an Accounts Payable speaker, consultant, and trainer with over 20 years of experience in AP, AR, general ledger, and financial reporting for Fortune 500 companies including Verizon, General Motors, and Aramark.

For over a decade, Debra has focused on Global Vendor Maintenance, and implemented a vendor self-registration portal for 140k+ global vendors across seven ERPs. In her consultancy, she focuses on authentication techniques, internal controls and best practices to prevent fraud in the vendor master file.  She is the President of the Central Atlantic Region IOFM Chapter and the IOFM Ask the Expert for the Vendor Master File Category.

A Certified Fraud Examiner (CFE), Debra works with vendor management teams to clean their vendor data and update their vendor processes so they pay the right vendor.

She has a YouTube channel where she posts vendor master file tips every Tuesday and hosts a weekly podcast: “Putting the AP in hAPpy”.


Grace Chlosta
Senior Content Manager, IOFM

Grace is the Senior Content Manager at the Institute of Finance & Management (IOFM), where she has led content strategy and development since 2022. In this role, she oversees all aspects of IOFM’s digital and event-based content, ensuring it remains timely, relevant, and actionable for all financial operations professionals.

Grace manages IOFM’s robust library of site content, leads the organization’s editorial and member webinar programming, and hosts IOFM’s podcast series. She also oversees a team of subject matter experts who contribute thought leadership and educational articles. In additional, Grace curates and manages all speaker content for IOFM’s in-person and virtual events, ensuring consistency and quality across every touchpoint. With nearly three years in the role, Grace brings a deep understanding of the financial operations landscape and a passion for delivering content that empowers professionals to excel in their roles.

Subscribe Today

Listen below and subscribe on Apple Podcasts today.

b65d517b-5d22-47a4-b892-eac317be49e6.png.small.300x300.png


Transcription

Grace Chlosta: Welcome to the IOFM podcast. This is a podcast for accounts payable and accounts receivable professionals who want to stay in the know with current AP and AR trends and ideas. We'll be interviewing professionals in this space on a wide variety of subjects, including automation, artificial intelligence, career growth, compliance, leadership, and much more.

Debra Richardson: Am I on?

00:00:31

Grace Chlosta: Yeah, you're on. Can you hear yourself and everything?

Debra Richardson: Yes, yes.

Grace Chlosta: Okay, cool. All righty. Do-do-do.

00:00:37

Hey, Debra. How's it going? 

Debra Richardson: Oh, my God. It is amazing. It's going great today.

Grace Chlosta: I know! We're on site at IOFM Spring. It's been a busy couple of days. A full day of workshops yesterday and you've had a couple of sessions today. Well me about how things are going. We're in a new location at Universal. How are you finding everything?

Debra Richardson: So, first of all, let me just say that, when I walked into, right, our new location, Loews Sapphire, it was the smell. And I'm like, "I need to know what that is because I'm going to put it all through my house."

Grace Chlosta: That's a good way to start -- yeah, right?

Debra Richardson: And I'm like, if I ask them, they're going to think I'm crazy, but they didn't. They get that question all the time -- and they had a QR code that I could scan so that I could buy that. I'm like, yes! They were prepared.

Grace Chlosta: Oh, my gosh. They probably get it all the time and they were like, "We've got to make a QR code." That's funny. Okay, cool.

00:01:27

Debra Richardson: Yeah, so it smells amazing, and the place is amazing. And as usual, the atmosphere here and doing the sessions here, IOFM members are always so engaging. It's been a great time with the sessions I've had so far.

Grace Chlosta: I'm so glad. So we are going to talk today a little bit about deep fake and that sort of fraud. Was that a session you did today, or is that one you're doing tomorrow?

Debra Richardson: That's one that I am doing tomorrow.

Grace Chlosta: Okay, that's what I thought, and you're going to do that as like a 20-minute, correct, like power session?

00:01:53

Debra Richardson: Well, last time, it was 20 minutes. This time it's 30 minutes. But I will tell you, that is the one. I love all my session, but that's the one we're going to have some fun in.

Grace Chlosta: See, that's what I love. You said that last time and everyone had really positive feedback on the power sessions, just for like quicky, punchy content, and I feel like you handled it exactly the right way, in having a little fun with it. So tell me about what that session's like, and then we'll get into a little bit about -- if they're not sure what deep fakes are, and we can get into the weeds just a little bit.

Debra Richardson: Yeah, so tomorrow it's still a learning session, right? So I'll talk about the types of deep-fake fraud, what's been trending with them, some recent scams that they've been successful with using deep fakes. And then I will talk about some telltale signs that you can look for to try to identify deep-fake images, deep-fake videos, deep-fake voice/audio. And then, with the images, we're going to play a little game.

00:03:02

Grace Chlosta: Oh, it's scary.

Debra Richardson: Yeah, that's the last --

Grace Chlosta: See which one can they guess, or something, like which one is which?

Debra Richardson: Yes. And what's funny is, I don't know the answer either. [chuckles] So we'll see who gets what right.

Grace Chlosta: How successful have people been in the past? Is it easy to spot, or no?

Debra Richardson: It's not so easy to spot because, with deep-fake technology, it's always changing, it's always improving. There are a lot of different tools. Some are good. Some are bad. Just like with anything. Yeah, so I always end the session with that and everyone is like, "Oh!" so it's always -- it's always very engaging.

Grace Chlosta: It gets the crowd going. I love that. So how are deep fakes -- getting a little into the weeds, how are they being used to target AP/AR departments right now?

Debra Richardson: Well, so the thing with deep fakes -- or even if we go back to like the fraudulent emails -- what they're trying to do is to get us off our guard, so we do something -- whatever it is they want us to do, mostly fraudulent -- so that we do it without questioning it.

00:04:04

Grace Chlosta: Okay.

Debra Richardson: And that's the thing, right? Because you're dealing with humans, social engineering is much more effective if you can, let's say, do it over the phone or do it with deep-fake videos because the audio -- I mean, voice is the oldest form of communication, right? And it is very -- it's easier, right, to manipulate and to social engineer when you are using deep-fake audio, deep-fake videos, and really even deep-fake images, too, because you attach that to a social profile and you think that's the person.

Grace Chlosta: It is scary. I mean, just on the personal level, I feel like I've seen videos come out of celebrities saying or doing things, and I feel like everyone at least has seen something like that now, so it's scary to think that that sort of thing can now target your actual career, right?

00:04:53

Debra Richardson: And it's not just AP; it's everywhere. There was a viral -- I don't know if it was viral, but it was shared a lot of times. On LinkedIn, there was a post about a random manager having an interview with someone, and he posted the pic -- actually, he posted the whole video, but the preview of the video or the image before you start playing it, you could see that something was wrong, but how he handled it was absolutely great. So I'm going to talk about that tomorrow, too, right, how he found out and what he actually made him do. That's going to be one of the examples tomorrow. It's not just us. But because AP holds the money, where do you go to get money?

Grace Chlosta: Absolutely. I was going to say --

Debra Richardson: Yes, we are very targeted.

Grace Chlosta: Yeah, what are some of the vulnerabilities in AP teams? What can you be doing, or what are people not doing to protect against something like this, and what can they be doing?

00:06:00

Debra Richardson: I think the biggest thing is that, one, yes, it is great to be able to recognize when a fraudulent email or a deep fake comes through. That's great. But you're not going to recognize all of them, and so if you're reliant on your people, if you're reliant on your eagle eye, that might be a problem because this technology is improving every day. And so what really needs to be done is, if you can't spot that deep fake, if you can't spot that fraudulent email, you should have processes in place. So as you move throughout the process to change that bank account, to add that vendor, to change that remittance address, that it still will not result in fraud, because you should have authentication techniques, controls, best practices, validations in place so that, at some point, that will be found without having to rely on people that might be overworked, that might be in a time crunch, that might be busy with other things, or may just have other things on their mind, right?

00:07:10

You can't always spot it, so you have to have processes, controls, validations, techniques, best practices in place so that, even if it's not found initially, it still will not result in a fraudulent payment. 

Grace Chlosta: That's amazing advice. So I feel like deep fakes, it all stems from AI, right? It's all being made from AI, so people may be hearing this and hearing about this sort of thing, and it's only adding to this fear factor of AI. So what could you say to someone who's hearing this now and they're like, "Oh, great. Just another thing for me to be worried about, about AI."

Debra Richardson: You know what the great thing is? It's that, again, if you have these processes in place as the, let's say, change of bank request flows through, then, even if you don't spot it, then it should not result in a fraud. I will also say, too, that there are so many AI tools out there. I don't mean to scare everybody, but they're free. There's a website out there that, every time I look at it, it has more free AI tools.

00:08:18

And so they're coming. They're here. We've already heard of the scams that have been successful with AI. They are here. But my thing is: Have a process in place and make sure everybody is doing that process 100% of the time, and that is your best fraud-prevention advice that I can give against any type of fraud. 

Grace Chlosta: Yeah, so have your documentation. Have your internal control. Have everything all set up and in place. That's amazing, amazing advice. So what can you be doing? I guess you're hearing this now. We know the steps that you should be taking in the long term -- today they're listening. What could they do right now to be protected?

00:09:00

Debra Richardson: Hmm, I would say the most important thing that they can do is to make sure that they know who they are communicating with, whether they are getting vendor documentation to set up a new vendor or change existing vendor by email, or whether a vendor or fraudster is calling, asking how I can change my banking information or my remittance address. Make sure you know who you're talking to. Make sure you know that you are talking to your vendor or your internal team member (if they're calling on behalf of your vendor) and not a fraudster. Make sure that you are asking those identifying questions.

00:09:45

I'll give you a great example. Ferrari -- I don't have one of those. 

Grace Chlosta: Don't we wish? [laughter] Maybe one day.

Debra Richardson: However, its finance worker was contacted using deep-fake audio, so contacted via phone, and the fraudster pretended to be -- I think it was the CEO, Benedetto, if I remember that correctly. There was an article out there where the fraudster was pretending to be the CEO, and so called the finance worker and wanted to wire some funds. The finance worker, by the way, knew the CEO, [had] met him in person. I wouldn't say friendly, but knew him in real life and, as a matter of fact, had just met with him a few weeks back at some in-person, whatever they did with their company.

00:10:44

Benedetto, the CEO, recommended a book for him to read, and so all of this is in his mind while he's getting this call from "Benedetto." You can see the air quotes. Using the power of identification (or authentication is what I say), he said, "I am sorry, Benedetto, but I have to identify you first." He asked him the name of the book that he recommended the last time they saw each other. And do you know what the fraudster did? 

Grace Chlosta: What?

Debra Richardson: He hung up because he doesn't know. And so that's what you want to do is make sure you cut it off at the beginning, before the fraud even starts (if you can). A great way to do that is with authentication.

Grace Chlosta: And that's so interesting because you might be nervous to do that. Okay, what if you did get an actual all from your CEO? Your CEO is only going to say, "Thank you for verifying. Now I can trust you. I know you're doing the right steps." So, please, just ask.

00:11:50

Debra Richardson: Exactly. And they know that if they pretend to be an authority figure that there's a cognitive bias out there with behavior, and we're going to try to please. We're going to maybe -- and shouldn't do this, but maybe, because of that authority bias, might override some of the controls and processes you have in place. But don't do that. You can even tell the way that the finance worker did. He apologized first, but you know what? He still did it.

Grace Chlosta: Right? You've got to still do it. It's impressive.

Debra Richardson: I'm sorry.

Grace Chlosta: I mean, that's an impressive way to think -- his mind's probably reeling on the phone, thinking, okay, what did I talk to him about? So, yeah, try to get those little personal anecdotes, too, right? Talking about CEOs, how do you get your leadership team or your IT team to buy into this sort of thing, to make sure that they understand that it's a real threat?

00:12:44

Debra Richardson: Yeah, so I am hoping that the IT team, that the leadership team, knows that. But in a lot of organizations, they think that cybersecurity awareness training is enough for the AP team. And not that you don't need it -- you absolutely do -- but it's not enough for the AP team. You need further training to make sure that you have all the tools that you need, all the steps that you need, all the manual processes that you need to avoid fraud. And, unfortunately, in a lot of cases, it takes a fraud to happen for that to be realized.

Grace Chlosta: That's scary.

Debra Richardson: So I'm talking to you today. I am speaking at this conference today. But I try to speak at conferences where the IT teams, the information security teams, where they hang out, and I am telling them, "Hey, what you're doing? That's great and all. Keep doing what you're doing, but add this."

Grace Chlosta: You can do more.

00:13:44

Debra Richardson: Yes. This accounts payable team, the accounts receivable team, any of the finance team, they need more because the fraudsters know that's where you go to get the money.

Grace Chlosta: Yeah, it's almost setting them up to fail if you don't have -- right? You can have so many steps in place, but even the best AP teams can have fraud happen.

Debra Richardson: Right. And one of the best examples I give is that you know the cybersecurity awareness training, the recommendation is: If you weren't expecting an email and you got an attachment, don't click it. Well, dang it. We're never expecting, right, a lot of the times, a lot of the invoices or the vendor-supporting documentation, but we have to click on it because that's how we get what we need to do our job.

Grace Chlosta: Right, absolutely.

Debra Richardson: Depending on how big you are, sometimes you have relationships with your vendor; sometimes you don't.

Grace Chlosta: Totally.

Debra Richardson: And you need that documentation so you can set that vendor up, so you can get that invoice paid, so you can get what you need for your company so you can keep the lights on, so everyone's not working and all of a sudden the lights go because you weren't supposed to click that link that had your utility bill on it.

00:14:53

Grace Chlosta: Yeah.

Debra Richardson: Cybersecurity awareness training is great. It's not just enough for this team. You need more.

Grace Chlosta: You do. You absolutely do. Any final thoughts to leave us with, whether it's conference [or] deep-fake specific? How are you feeling at the end of this day?

Debra Richardson: So let me just say, if anyone is attending the conference at Loews Sapphire, go to the front desk and get the QR code so you can get the smell.

Grace Chlosta: If there's one thing you can leave this podcast with, you've got to go get the smell! [laughter]

Debra Richardson: You've got to go get the smell.

Grace Chlosta: Forget about the deep-fake stuff.

Debra Richardson: You've got to go get the smell. But, seriously, though, make sure that you get the training, the tools, the steps that you need so that even if you do not recognize a fraudulent email, that deep-fake audio, deep-fake image, deep-fake video, that you still will not have a fraudulent payment, because it's getting harder to recognize.

00:15:46

Grace Chlosta: It is and that's why you're here. You're on our podcast. Every couple of months, we have you on webinars and writing articles for us, so [we're] a big, big fan of you over here at IOFM. You're a great member of our team, and we really need you. Thank you so much for being on the podcast today.

Debra Richardson: All right, thank you, Grace. Thanks for having me.

Grace Chlosta: Yeah, of course.

Thank you so much for listening to the IOFM podcast. Remember to head on over to the Member Forum to discuss today's episode and provide ideas for our next one. And to stay up to date on IOFM's current events, both in-person and virtually, head on over to IOFM.com.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

AP CertificationPP-OC_seal_APP_outline.FNLReceive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.

Continuing Education Credits available:

Receive 1 CEU per hour of listening time towards IOFM programs:

AP CertificationPP-OC_seal_APP_outline.FNLReceive 1 CEU per hour of listening time towards maintaining any AP and P2P related program through IOFM! These programs are designed to establish standards for the profession and recognize accounts payable and procure-to-pay professionals who, by possessing related work experience and passing a comprehensive exam, have met stringent requirements for mastering the financial operations body of knowledge.

Subscribe to our Monthly Insider

You may unsubscribe from our mailing list at any time. Diversified Communications | 121 Free Street, Portland, ME 04101 | +1 207-842-5500