{"id":7515,"date":"2024-01-18T09:00:00","date_gmt":"2024-01-18T09:00:00","guid":{"rendered":"https:\/\/www.securitytoday.de\/2026\/04\/02\/post_id-5059\/"},"modified":"2026-05-10T19:05:43","modified_gmt":"2026-05-10T19:05:43","slug":"deepfake-fraud-in-companies-when-the-ceo-on-the-phone-isnt-the-ceo","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2024\/01\/18\/deepfake-fraud-in-companies-when-the-ceo-on-the-phone-isnt-the-ceo\/","title":{"rendered":"Deepfake Fraud in Companies: When the CEO on the Phone Isn&#8217;t the CEO"},"content":{"rendered":"<p><strong>In February 2024, a financial officer in Hong Kong transferred $25 million &#8211; after a video call with the supposed CFO. All participants in the call were deepfakes. This case marks a turning point: social engineering is no longer limited to email and phone. AI makes real-time identity fraud possible.<\/strong><\/p>\n<h2>TL;DR<\/h2>\n<ul>\n<li>25 million dollar deepfake fraud in Hong Kong (February 2024)<\/li>\n<li>Voice cloning requires only 3 seconds of audio material (Microsoft VALL-E)<\/li>\n<li>Human deepfake detection: less than 50 percent accuracy<\/li>\n<li>CEO fraud damages in 2023: $2.7 billion worldwide (FBI IC3)<\/li>\n<\/ul>\n<h2>From Phishing Email to Deepfake Video Call<\/h2>\n<p>Classic CEO fraud works via email: \u201cTransfer \u20ac200,000 to this account immediately &#8211; confidentially.\u201d As awareness has grown, success rates have dropped. Deepfakes raise the stakes: when the CEO personally calls &#8211; via video or phone &#8211; suspicion plummets.<\/p>\n<p>The technology is alarmingly accessible. Voice cloning tools like ElevenLabs or Resemble AI produce convincing voice replicas from just a few seconds of audio. Real-time video deepfakes are more complex, but for high-value targets, the investment pays off.<\/p>\n<h2>The Anatomy of a Deepfake Attack<\/h2>\n<p>The Hong Kong case followed a familiar pattern: first, a phishing email as reconnaissance, then an invitation to an urgent video call. In that call, multiple participants appeared &#8211; all AI-generated. The familiar setting (Teams or Zoom), recognizable faces, and group dynamics erased any lingering doubt.<\/p>\n<p>Attackers gather training data from publicly available sources: LinkedIn profiles, YouTube interviews, podcast appearances, and corporate websites &#8211; all feeding the models that replicate voice and appearance.<\/p>\n<h2>Why Technical Detection (Still) Isn\u2019t Enough<\/h2>\n<p>Deepfake detection is an arms race. Today\u2019s detectors scan for telltale artifacts: unnatural blinking, inconsistent lighting, or audio-video desynchronization. Yet each new generation of AI models erases those flaws. Human detection rates hover below 50 percent &#8211; little better than chance.<\/p>\n<p>Technical safeguards &#8211; like content provenance, the C2PA standard, or digital watermarks &#8211; are still in development and far from universal adoption. For now, human-driven processes remain our strongest line of defense.<\/p>\n<h2>Countermeasures: Processes Over Technology<\/h2>\n<p>The most effective defense? Enforce the four-eyes principle for all financial transactions above a defined threshold; require callback via an independent channel (\u201cI\u2019ll call you back on your office number\u201d); pre-agree on code words for sensitive instructions; and uphold one clear rule: no video call or phone conversation alone authorizes a payment.<\/p>\n<p>These measures cost nothing and can be rolled out immediately. They\u2019re also the only defense guaranteed to hold up against future, even more sophisticated deepfakes &#8211; because they verify identity through a second, independent channel.<\/p>\n<h2>Key Facts<\/h2>\n<p><strong>Hong Kong Case:<\/strong> $25 million in losses from a deepfake video call (February 2024)<\/p>\n<p><strong>Total CEO Fraud:<\/strong> $2.7 billion in global losses in 2023 (FBI IC3 Report)<\/p>\n<p><strong>Voice Cloning:<\/strong> Just 3 seconds of audio are enough for a convincing voice replica (VALL-E)<\/p>\n<h2>Frequently Asked Questions<\/h2>\n<h3>Can I detect deepfakes?<\/h3>\n<p>It\u2019s extremely difficult. Watch for unnatural lip movements, erratic lighting shifts, absence of subtle facial micro-movements, or slight audio lag. But never rely solely on visual or auditory cues &#8211; always confirm through a second, independent channel.<\/p>\n<h3>Are we, as a midsize company, at risk?<\/h3>\n<p>Yes. Voice cloning demands minimal effort and resources. Even without video deepfakes, a convincing call \u201cfrom the CEO\u201d to finance or accounting is often enough to trigger action. The barrier to entry keeps falling &#8211; and procedural safeguards matter just as much for small and midsize firms as they do for enterprises.<\/p>\n<h3>Does cyber insurance cover deepfake fraud?<\/h3>\n<p>It depends on your policy. Many cyber insurance plans cover social engineering losses &#8211; but often with sublimits (typically \u20ac250,000-\u20ac500,000). CEO fraud may fall under crime or fidelity policies instead. Scrutinize your contract for explicit coverage of \u201cidentity fraud\u201d or \u201csocial engineering.\u201d<\/p>\n<h2>Related Articles<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/03\/06\/post_id-3837\/\">Cybersecurity Trends 2026: The 7 Developments Security Decision-Makers Need to Know<\/a><\/li>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/03\/01\/post_id-3841\/\">Hybrid Warfare and Disinformation: The Underestimated Cyber Threat to Companies<\/a><\/li>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/02\/25\/post_id-3835\/\">Palantir and the Future of Cyber Defense: AI as a Strategic Weapon<\/a><\/li>\n<\/ul>\n<h2>More from the MBF Media Network<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.cloudmagazin.com\">Cloud Magazine<\/a>  &#8211;  Cloud, SaaS &amp; IT Infrastructure<\/li>\n<li><a href=\"https:\/\/www.mybusinessfuture.com\">myBusinessFuture<\/a>  &#8211;  Digitalization, AI &amp; Business<\/li>\n<li><a href=\"https:\/\/www.digital-chiefs.de\">Digital Chiefs<\/a>  &#8211;  C-Level Thought Leadership<\/li>\n<\/ul>\n<p><em>Header Image Source: Pexels \/ Markus Winkler<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"In February 2024, a financial officer in Hong Kong transferred $25 million &#8211; after a video call with the supposed CFO. All participants in the call were deepfakes. This case marks a turning point: social engineering is no longer limited to email and phone. AI makes real-time identity fraud possible. TL;DR 25 million dollar deepfake [&hellip;]","protected":false},"author":55,"featured_media":5058,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"deepfake fraud","_yoast_wpseo_title":"Deepfake Fraud in Companies: When the CEO on the Phone Isn't the CEO","_yoast_wpseo_metadesc":"Deepfake fraud: How AI scams cost companies millions\u2014learn to protect your business and prevent financial loss. Act now to secure your team.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"_evm_translation_lang":"","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":["post_id-5059"],"footnotes":""},"categories":[251],"tags":[248,236],"class_list":["post-7515","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-ki","tag-phishing"],"evm_reading_time_minutes":4,"wpml_language":"en","wpml_translation_of":5059,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/7515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=7515"}],"version-history":[{"count":3,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/7515\/revisions"}],"predecessor-version":[{"id":10118,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/7515\/revisions\/10118"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/5058"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=7515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=7515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=7515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}