If I was the attacker, I'd use credential-stuffing or something to get access to some random employee's account. Doesn't have to be anyone important.

Then I'd set up a short-notice multi-way meeting between the target, the CEO and the hacked account. The deepfake 'CEO' then turns up with no alarms raised, except one wrong name - easily dismissed as a glitch, or an assistant having booked the meeting.