Automatic Speaker Verification (ASV) systems are vulnerable to various attacks, especially spoofing attacks, and therefore are typically protected by spoofing countermeasures. However, both spoofing countermeasures and ASV models are vulnerable to adversarial attacks. We propose DoubleDeceiver - a novel black-box attack method that incorporates text-to-speech synthesis and adversarial attack to deceive ASV systems even with the protection of spoofing countermeasures. Although the surrogate models and victim models differ in architectures, DoubleDeceiver achieved a successful attack rate (SAR) as high as 98.3%. DoubleDeceiver identified the vulnerabilities of ASV systems and issued a warning that solely relying on the spoofing countermeasures is not reliable to protect ASV systems' security. This work encourages the development of more secure anti-spoofing and ASV systems by highlighting the need to consider composite attacks in future designs.