What was the giveaway?

The executive asked the caller to name the book the real Vigna had recently recommended to him. The attacker couldn't answer. The call ended.

Was Vigna's voice actually convincing?

Yes — the executive confirmed he initially believed it was the real CEO. The Southern Italian accent, cadence, and vocabulary all matched. The cloning quality was high enough that voice-ID alone wasn't the defense.

Deepfake case study · Audio

The Ferrari CEO Deepfake Call Attempt (July 2024)

An attacker tried to impersonate Ferrari CEO Benedetto Vigna on a WhatsApp call to a senior executive. The executive asked a question only the real Vigna would know the answer to — and the call ended immediately.

Incident date: Jul 2024
Target: Ferrari (Ferrari N.V.)
Outcome: Attack foiled by shared-knowledge verification; no funds lost

Updated Apr 16, 2026 · 2 min read

In late July 2024, a senior Ferrari executive received WhatsApp messages and an audio call from someone sounding unmistakably like CEO Benedetto Vigna. The caller discussed a confidential acquisition and asked the executive to help with urgent currency hedging. The voice was convincing — accent, cadence, and speaking style all matched Vigna's.

The executive asked the caller to name the book Vigna had recommended to him a few days earlier. The attacker couldn't answer. The call ended.

No money was lost.

The attack

Textbook CEO-fraud-via-voice-clone:

Voice cloning of Vigna built from public audio (earnings calls, keynote interviews). Quality was high — the executive confirmed the voice alone was not the tell.
Confidential-acquisition framing to explain unusual urgency and discourage verification through normal channels.
WhatsApp vector — avoiding the corporate email system and its monitoring.
Likely OSINT reconnaissance — the attacker targeted a specific executive who would plausibly have access to treasury operations.

What the attacker didn't have: the shared tacit knowledge that defines a real ongoing working relationship.

Why the defense worked

The executive's question exploited something voice-cloning attacks structurally can't defeat: shared context the attacker doesn't have access to. A public-audio-trained voice clone can produce Vigna's accent and style perfectly, but can't know what book the real Vigna recommended last week to this particular colleague.

This pattern is sometimes called shared-secret verification in the CEO-fraud-prevention literature, though "secret" is too formal — it's usually ordinary shared-relationship knowledge that the attacker simply doesn't have.

The generalizable defense

Any firm building defenses against voice-clone CEO fraud can implement a version of this:

Pre-agreed verification questions between executives. Not a password — a question the attacker would need to have been in the relationship to answer.
Cultural permission to ask such a question on any call involving financial commitment. "Of course I trust you; let me still verify."
Procedural requirement to verify on out-of-band channel (callback on known-good number) for any call over a risk threshold — see the WPP case.

The Ferrari case is frequently cited in banking-sector CISO education because it's a clean, public, positive example of a low-tech defense against a high-tech attack.

What detection would have added

Ferrari didn't run real-time audio deepfake detection on the call. If detection had been available, it would have been a confirmatory signal. But the real defense was the executive's willingness to ask a question the attacker couldn't answer — which is a process defense, not a detection one.

The broader pattern

Combined with the Arup case (attack succeeded) and the WPP case (attack foiled by procedure), the Ferrari case completes a trilogy that the financial-security community now teaches as a unit: verification procedure is the control, detection is the assist.