What's the actual control when you're ALREADY in a live Zoom call with your CFO asking for urgent action — codeword/callback doesn't apply mid-call does it?
We've updated our exec impersonation controls after a near-miss. For async requests (email, voice note), callback to a known number makes sense — end the suspicious call and verify through a separate channel.
But for a live video call that's already in progress — the CFO is on screen, has been talking for 10 minutes, asking you to initiate a wire transfer — what's the actual control? Codewords feel awkward mid-meeting when the person on screen looks and sounds exactly like your boss. And calling them back when they're "already on the call" doesn't make sense.
Is the answer just "don't approve wires from a video call full stop"? Or do people have a usable real-time verification step that doesn't require killing the call or confronting the exec?