⚠ NCSC: Week 18: Parcel phishing with a devious twist – The "double phishing" scam 🔴 CVE: CVE-2026-40393 (CVSS 8.1) — In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can o… 📰 New article: The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could ⚠ NCSC: Week 18: Parcel phishing with a devious twist – The "double phishing" scam 🔴 CVE: CVE-2026-40393 (CVSS 8.1) — In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can o… 📰 New article: The CISO Game in Chiasso: What a Simulated Cyber Crisis Teaches That No Presentation Ever Could
← Back to articles
Threat Intel 23 March 2026 9 min read

AI-Driven Fraud in Switzerland: Deepfakes, Voice Cloning, and the New Social Engineering Threat

From a multi-million franc voice deepfake case in canton Schwyz to AI-powered CEO fraud.

MS

Marco Scarito

23 March 2026

9 min read

In January 2026, a businessman from canton Schwyz transferred several million Swiss francs to a bank account in Asia. The transfer was authorised after a series of phone calls conducted over two weeks from someone who sounded exactly like a trusted business partner. The voice was a deepfake — AI-generated audio cloned from publicly available recordings. The fraud was not discovered until multiple transfers had already cleared. The case, reported by SRF, joins a growing body of evidence that AI-assisted fraud has moved from theoretical threat to operational reality in Switzerland.

The Industrialisation of Deepfake Fraud

What changed in 2025 is not the concept of fraud — it is the tooling. Deepfake-as-a-service platforms became widely accessible, offering ready-to-use voice cloning, video generation, and persona simulation for a fraction of the cost of traditional social engineering operations. According to Cyble's Executive Threat Monitoring report, AI-powered deepfakes were involved in more than 30% of high-impact corporate impersonation attacks in 2025. The Entrust 2026 Identity Fraud Report found that deepfakes now account for one in five biometric fraud attempts — with deepfake selfies alone increasing 58% in 2025.

The Swiss Threat Landscape: What the NCSC Data Shows

The NCSC Annual Report 2025 provides the clearest picture of how fraud is evolving in Switzerland. CEO fraud reports rose from 719 in 2024 to 970 in 2025 — a 35% increase. Investment fraud emerged as the fastest-growing category in the second half of the year, offsetting a decline in fake police call scams. TWINT-targeted phishing became a significant attack vector, with criminals using classified ad platform scams to capture banking credentials and drain TWINT accounts — which execute payments immediately and without the reversal options available in traditional bank transfers.

◆ Key Takeaway

AI-assisted fraud in Switzerland is no longer primarily a volume game — it is a precision game. Fewer attacks, higher conviction rates, and significantly larger losses per incident define the current threat environment. Organisations must shift from volume-based detection to behaviour-based verification.

Defensive Priorities for Swiss Organisations

  • Implement out-of-band verification for high-value transactions: Any wire transfer, credential change, or sensitive data release should require confirmation via a pre-established, independent channel — not a callback to a number provided in the suspicious communication itself.
  • Update your awareness training curriculum: Traditional phishing indicators are now insufficient. Training must include deepfake audio and video scenarios, TWINT fraud patterns, and identity impersonation of company leadership.
  • Review your KYC and authentication architecture: Most KYC systems still rely on visual cues that fail against AI-generated faces and voices. Multi-factor authentication that does not depend solely on voice or video should be evaluated for high-risk processes.
  • Monitor your company's digital footprint: Register your domain variants proactively. Set up alerts for new domain registrations that closely resemble your company name. Monitor commercial register entries for any unauthorised use of your company identity.
  • Engage your board: Gartner predicts that by 2026, 30% of enterprises will no longer consider standalone identity verification and authentication solutions reliable in isolation. This is a governance issue, not only a technical one.