In 2023, a Hong Kong finance worker authorized a $25 million wire transfer after a video call with who appeared to be his company's CFO and multiple colleagues. Every person on the call was a deepfake. The fraud was the solutions require action before an incident, not after.
"Be as shrewd as snakes and as innocent as doves." - Matthew 10:16
Current voice-cloning technology can produce convincing results with as little as three to five minutes of audio. Any pastor whose sermons are available as a podcast, on YouTube, or archived on the church website has already provided more than enough. The solution is to build verification practices that make voice alone insufficient authorization for financial decisions.
Stop and verify through a separate channel before taking any action. Call the pastor's personal cell phone number directly (not any number provided in the message), send a text, or walk to their office. If you cannot reach them, do not act until you can. Any legitimate emergency can wait the few minutes it takes to verify. If a request insists you act immediately without verification, treat that insistence itself as a warning sign.
Should churches stop publishing sermon audio and video to protect against voice cloning?
No. The pastoral and evangelistic value of online content far outweighs the voice-cloning risk, and removing content would not eliminate the risk since older recordings remain available. The right response is robust verification protocols, not content restriction. Treating all urgent financial requests with mandatory secondary verification defeats the attack regardless of how realistic the voice clone sounds.
