Deepfake Voices Stealing Millions from Executive Suites

7 Min. Read

In February 2024, a finance employee at British engineering firm Arup transferred USD 25 million to fraudsters’ accounts. The reason: a video call in which the CFO and other executives approved the transfer. The problem: none of the people on the call were real. All of them were AI-generated deepfakes. This case marks the turning point at which CEO fraud through artificial intelligence shifted from a theoretical risk to a concrete corporate threat.

Key Takeaways

• In the Arup case, AI-generated deepfakes of a CFO video call were enough to steal USD 25 million (February 2024, Hong Kong).
• Deepfake-based fraud losses in the USA reached a total of USD 1.1 billion in 2025, triple the USD 360 million the previous year.
• Just three seconds of audio material are enough to create a voice clone with 85 percent accuracy.
• Humans correctly identify high-quality deepfake videos in only 24.5 percent of cases.
• 85 percent of all companies experienced at least one deepfake-related security incident in the past twelve months.

How the Arup Attack Worked

The Arup case in Hong Kong is so instructive because it shows how professional deepfake attacks have become. The attackers created AI-generated video and audio replicas of the CFO and other executives of the global engineering firm. These deepfakes were deployed in a live video call – not as a pre-recorded video, but as a real-time conference with multiple participants.

The finance employee saw and heard his superiors in what appeared to be a normal conference situation. The instructions came through clearly and consistently. Urgency was created by framing the situation as a supposed corporate acquisition. Within a single session, he approved 15 individual transfers to various accounts in Hong Kong. Only after the final transfer and an internal follow-up did it emerge that the entire conference had been staged. The real executives knew nothing about it. The money was gone for good.

This attack did not succeed because the employee was gullible. It succeeded because the technology has reached a level where visual and acoustic authentication is no longer sufficient. Trust in what we see and hear is no longer a reliable security mechanism.

Why Classic Defenses Fail

Business Email Compromise (BEC) has been one of the most costly forms of fraud for years. The mechanism was relatively straightforward: an attacker spoofs an email from the CEO or CFO and demands an urgent transfer. Defense was comparatively simple and often effective: email authentication with DMARC, callback procedures for unusual requests, and the four-eyes principle for transfers above a defined threshold.

Deepfakes dismantle these proven controls one by one. A callback by phone does not help if the voice on the other end is cloned. A video call for verification provides no protection if the video is being faked in real time. And the four-eyes principle fails if both reviewers are sitting in the same manipulated call, watching multiple supposed executives approve the transaction. The attackers have not changed the attack itself – they have switched the channel through which trust and authority are established.

Particularly insidious: the attackers use publicly available information to prepare. CEO interviews on YouTube, CFO podcasts, LinkedIn videos, and conference appearances all supply audio material for voice cloning. Corporate org charts on company websites show who reports to whom. Press releases about acquisitions or partnerships provide the narrative frame for the supposed transfer request. The entire attack is assembled from publicly accessible sources.

The underlying technology has become frightening accessible. Deepfake-as-a-Service platforms offer voice cloning and video synthesis as commercial services. According to a report by Cyble, the availability of such services exploded in 2025. The entry cost for a convincing voice clone sits in the low three-digit range. The barrier to entry for attackers has practically disappeared. What three years ago required specialist expertise can today be set up by anyone with a laptop and internet access in a few hours. The democratization of AI tools has brought with it the democratization of attack capabilities.

According to Deloitte, fraud losses enabled by generative AI will grow from USD 12.3 billion in 2024 to USD 40 billion by 2027 – an annual growth rate of 32 percent. Deepfake-assisted attacks on the C-suite represent the area with the highest per-incident damage potential, because they target decision-makers who hold transfer authority directly.

In Germany, the BSI is observing a rising number of AI-assisted social engineering attacks. The BKA’s 2024 Cybercrime Situation Report documents that social engineering combined with AI-generated content is among the fastest-growing threat categories. For German mid-market companies, the threat is particularly relevant because flat hierarchies and personal relationships between management and accounting create exactly the trust structures that deepfake attackers exploit.

The Escalation Since 2019: A Timeline

What Companies Must Do Now

Defending against deepfake attacks requires a combination of technical controls, process changes, and awareness training. Technology alone is not enough – nor are processes alone. Both must work together. The following measures are prioritized by effectiveness and can be implemented step by step.

Technical Controls

• Multi-factor verification for all transfers above a defined threshold: no single communication channel should ever be sufficient. Transfer approvals must be confirmed through a separate, pre-agreed channel.
• Code word systems: pre-agreed passwords requested during sensitive transactions. The code word is established in person or via encrypted message and rotated regularly.
• Deepfake detection tools: solutions such as Reality Defender, Sensity, or Intel FakeCatcher analyze audio and video streams for manipulation artifacts. The technology is still maturing and not infallible, but it adds an additional security layer.
• AI-assisted behavioral analysis: systems that learn the typical communication patterns of executives and flag deviations – such as unusual transfer requests outside normal business operations.

Process Changes

• Callback procedures using pre-registered numbers: callbacks are made exclusively to internally stored phone numbers, not to the number displayed during the incoming call.
• Time delay on unusual transfers: any transaction outside normal business operations receives a minimum waiting period of four to eight hours before execution.
• Escalation protocol: if an executive requests an urgent transfer by video or phone and applies time pressure, this is automatically treated as elevated risk and requires additional approval.

Awareness and Training

• Integrate deepfake awareness into regular security awareness training. Employees in finance, HR, and assistant roles must understand that voices and videos can be manipulated.
• Run regular tabletop exercises with deepfake scenarios: the security team simulates a deepfake call to the accounts department and tests whether defined processes and escalation paths actually hold.
• No blame after incidents: the quality of today’s deepfakes is so high that reliable detection by humans is no longer possible. The process must provide the protection – not the individual employee. A blame culture leads to incidents being concealed rather than reported.
• Include executives in awareness efforts: CEOs and CFOs must understand that their public appearances serve as templates for deepfakes. This does not mean restricting public communication, but designing internal processes so that even a perfect imitation of their behavior cannot trigger an unauthorized transaction.

The Role of Cyber Insurance

Cyber insurance policies do not automatically cover deepfake-based fraud losses. Many policies distinguish between social engineering fraud and classic cyberattacks. Deepfake attacks often fall into a grey area: technically they are social engineering, but the tools deployed are highly technical in nature. Companies should specifically review their policies for coverage of AI-assisted fraud and negotiate a dedicated add-on if necessary.

At the same time, insurers are increasingly requiring proof of preventive measures. Companies that can demonstrate two-channel verification, code word systems, and regular awareness training receive not only better terms but also avoid claim rejections. The investment in prevention therefore pays off twice: it reduces the risk of a successful attack and secures insurance coverage for the worst case.

Conclusion: Trust Neither Your Eyes Nor Your Ears

Deepfake attacks on the C-suite are no longer a future threat. They are happening now, they cause multi-million dollar losses, and they are getting better and cheaper. The Arup case showed that even experienced finance professionals cannot distinguish reality from forgery in a well-staged deepfake call.

The consequence is clear: companies must design their transfer approval processes so that they remain secure even when the voice and face of the person giving instructions are perfectly faked. In concrete terms, this means: never accept a single communication channel as authentication. Always confirm through a separate, pre-agreed channel. And treat any time pressure during financial transactions as a warning signal rather than a reason to expedite approval.

Start this week by reviewing your transfer approval processes. Ask yourself one simple question: would this process hold even if the CEO on the phone is not real? If the answer is not an unequivocal yes, you have found your first action item. The attackers’ technology is evolving faster than human perception can keep up. Only robust processes can close the gap that our senses can no longer close.

Frequently Asked Questions

What is a deepfake attack on a company?

A deepfake attack uses AI-generated audio or video imitations of executives to manipulate employees. Typically, finance staff are induced during a fake video call or phone conversation to execute transfers. The technology can replicate a person’s voice to 85 percent accuracy using just three seconds of audio material.

How much damage do deepfake attacks cause?

Deepfake-based fraud losses in the USA amounted to USD 1.1 billion in 2025. Individual cases such as the Arup incident (USD 25 million) or the Fortune 500 case in early 2026 (USD 28 million) illustrate the per-incident damage potential. Deloitte projects that generative-AI-based fraud will grow to USD 40 billion by 2027.

Can humans detect deepfakes?

Studies show that humans correctly identify high-quality deepfake videos in only 24.5 percent of cases. 70 percent of respondents said they cannot reliably tell whether a voice is real or cloned. Human detection is therefore not a reliable protective mechanism. Technical controls and process safeguards must carry the main burden.

How can companies protect themselves against deepfake fraud?

The most effective measures are: two-channel verification for all transfers above a defined threshold, pre-agreed code words for sensitive transactions, callback procedures using internally registered numbers, time delays on unusual transactions, and the integration of deepfake awareness into regular security training.

Is voice cloning technology freely available?

Yes. Since 2022, voice cloning tools have been available as open-source projects. Commercial Deepfake-as-a-Service platforms also offer ready-made solutions at low cost. The barrier to entry for attackers sits in the low three-digit range in euros. Three seconds of a person’s audio material are enough to create a convincing voice clone.

Image source: Pexels / Suki Lee (px:17194838)

About the author: Benedikt Langer

More articles by Benedikt Langer