A finance employee takes a video call. On the other side is the chief financial officer, with his face and his voice, joined by several colleagues the employee also recognises. They ask for an urgent, confidential transfer. He makes it. Fifteen transfers in all, worth the equivalent of 25.6 million dollars. The catch: none of the people on that call was real. Every one of them was an AI-generated deepfake.
This is not a hypothetical script. It happened to the engineering consultancy Arup, which publicly confirmed the fraud in May 2024, and it has become the reference case for a threat that in 2026 is no longer exceptional: impersonating executives with synthetic voice and video. It is, in essence, the same old CEO fraud, but with a layer of credibility that breaks the defences we assumed were sound.
Why voice cloning is the new CEO fraud
CEO fraud, or business email compromise (BEC), has worked for years: an attacker poses as a senior figure and orders an urgent payment. What has changed is not the scam but its wrapping. It used to arrive by email, with typos and haste an alert employee could catch. Now it arrives by phone or video call, with the boss's voice and face, and that audiovisual layer switches off suspicion exactly when it is most needed.
The raw material is within anyone's reach. Every public appearance by an executive — an investor presentation, an interview, a podcast, a corporate video — is free training data. A voice can be cloned convincingly from very few seconds of audio, and the tools to do it have become cheap and widespread. The consequence is that the voice, which for decades we have used as proof of identity, no longer is one.
Anatomy of the deception, at a conceptual level
It is worth understanding how the trap is built without turning it into a manual. These frauds rest on three levers acting at once.
Public raw material
The attacker gathers audio and video of the executive to be impersonated from open sources, and uses it to train a model that reproduces their voice and, in the most elaborate cases, their image. No access to any company system is needed: all the necessary material is usually already published.
A story of urgency and secrecy
The technique is not technological but psychological, and it is the same old social engineering. A believable pretext is manufactured — a confidential acquisition, a payment that cannot wait, an instruction that "comes from the top" — and combined with time pressure and a request to tell no one. Urgency and secrecy exist to stop the victim from verifying.
The channel that lends credibility
The cloned voice or synthetic video is the final stamp of authenticity. In the Arup case, the employee had been suspicious of a first email, but set his doubts aside after the video call, because the people he saw looked and sounded like his colleagues. That is the characteristic trail: an unusual request "confirmed" through a channel that appears maximally trustworthy, when in fact it is the most manipulated.
The facts, with their source
These are the verifiable facts behind the analysis, each with its origin:
- The Arup fraud involved fifteen transfers worth around 25.6 million dollars (200 million Hong Kong dollars) after a video call with fake participants, according to CNN and Fortune.
- In May 2025 the FBI warned of a campaign impersonating senior officials through text and AI-generated voice messages to win victims' trust, according to its IC3 public announcement.
- The same alert was covered by outlets such as CNBC and Cybersecurity Dive, which stress that a voice can be cloned from very few seconds of audio.
- Industry analysts describe voice cloning as the natural successor to classic BEC, with average per-incident losses well above those of traditional phishing, according to CybelAngel.
One note of honesty: many "percentage growth" figures for deepfakes come from vendor reports with their own methodology and should be treated with caution. The hard facts behind this analysis — the Arup case and the FBI alert — are documented by independent sources and do not depend on any commercial estimate.
Who is in the firing line
Not every profile carries the same risk. The attacker seeks the combination of access to money and credibility of the instruction, and tunes the attack towards wherever that combination pays best.
- Finance and treasury. Whoever executes payments is the direct target, because a single convincing order can move funds at once.
- Executives with a public profile. The more audio and video there is of a person, the easier they are to clone; leaders who speak at events or in the media are the best raw material.
- Suppliers and their accounts. The fraud does not always impersonate the boss: sometimes it mimics a trusted supplier to slip a change of bank account into a legitimate invoice.
- Moments of exception. Quarter-end, confidential acquisitions, management on holiday or any situation that justifies haste and discretion are the windows the attacker prefers.
Why traditional defences fail
The trouble is that almost all our defences assume that seeing and hearing someone amounts to verifying their identity. On that premise we have built entire processes: approving a payment because "the director asked me on the phone", trusting a video call because "I saw his face". Deepfakes attack precisely that premise, and they do it with no malware, no suspicious links and nothing a technical filter can block.
Nor is it wise to rely on people "spotting" the deepfake. The quality of the synthesis improves faster than the human ability to tell it apart, and asking an employee to decide in seconds whether a face is real is a fragile defence. What does work is stripping value from the impersonation itself: if the process does not depend on recognising a voice or a face, fooling the senses is no longer enough to move the money.
Defence in practice
The measures are ordered by effectiveness. The key is to design processes that do not break even when the voice and the face are perfect.
- Verify through a second channel, always. No payment order or change of bank details should be executed on a call or video call alone. A call back to a number known in advance, or confirmation through a separate, independent channel, dismantles the deception.
- Harden the payment process with dual authorisation. Requiring two approvals for transfers above a threshold, and for any change to a supplier's account, means a single deceived employee cannot move funds alone.
- Agree a verification word or question. A code shared in advance between management and finance, requested whenever an urgent and unusual instruction arrives, is a simple barrier an outside attacker cannot know.
- Reduce the raw material and the identity surface. You cannot withdraw all of an executive's public audio, but it is worth being aware of how much there is and reinforcing accounts with phishing-resistant authentication and passkeys, so that a cloned voice does not come paired with stolen credentials.
- Train the workforce with real cases. Effective cybersecurity training does not teach people to "hunt" deepfakes, but to apply the verification procedure without fear of inconveniencing a supposed executive. The same approach we take against other social engineering traps such as ClickFix.
What to do if it has already happened
If the transfer has gone through, the first hours are decisive. Contacting the bank immediately to try to stop or reverse the payment, preserving the evidence — call logs, emails, destination accounts — reporting to the authorities and activating the incident response plan is the difference between a contained loss and an irreversible one. It is also worth checking whether the deception came paired with compromised credentials, because CEO fraud is sometimes the visible tip of a wider intrusion.
The close: trust can no longer rest on the senses
Deepfake CEO fraud forces an uncomfortable shift in mindset: to stop treating voice and face as proof of identity and start treating them as what they now are, data that can be forged. The good news is that the defence does not depend on expensive technology but on sensible processes: verify through another channel, split the authorisation and train people so that verifying feels like part of the job rather than a discourtesy. This is where expert eyes on social engineering and on artificial intelligence security help redesign the processes before the phone rings, not after.