Deepfake Wire Fraud: How AI Voice and Video Scams Trick Businesses Into Sending Money
AI can now clone a CEO's face and voice convincingly enough to authorize a wire transfer. Here is how the scam works, the real cases behind it, and the out-of-band verification that stops it.
What is deepfake wire fraud?
Deepfake wire fraud is a scam in which criminals use AI-generated voice or video to impersonate a trusted executive, colleague, or client and pressure an employee into sending a wire transfer to an account the attacker controls. It is a modern form of business email compromise, and it targets the one human who can move money.
The mechanics are simple and the psychology is old. Attackers harvest a few seconds of a leader's voice from a webinar, earnings call, or social video, clone it, then place a call or join a video meeting posing as that person. The request is always urgent, confidential, and framed to discourage the employee from checking. In Naples and Southwest Florida, where title companies, family offices, and real estate closings move large sums on short timelines, the pattern fits the local economy uncomfortably well.
Deepfake wire fraud sits at the intersection of two trends: cybercrime losses are climbing fast, and the tools to fake a person are now cheap and public. That combination is why our AI security services treat identity verification, not just email filtering, as the core control.
How does a deepfake wire fraud attack actually work?
A typical attack runs in four stages: reconnaissance, impersonation, pressure, and payment. Criminals research who authorizes wires, clone a voice or face, contact that employee with an urgent confidential request, and rush the transfer before anyone can verify it through a second channel.
Stage one is research. Attackers study a company's leadership, org chart, and vendor relationships, often from public sources like LinkedIn and press releases. Stage two is the fake itself. A short audio sample is enough for a convincing voice clone, and screen-shared video calls can now feature synthetic faces of multiple people at once.
- Reconnaissance: identify the finance staff who can send wires and the executives they trust.
- Impersonation: clone the executive's voice or face from public audio and video.
- Pressure: invoke urgency, secrecy, and authority to shut down normal checks.
- Payment: direct funds to a mule account, often split across several fast transfers.
The final stage is designed for speed. Money is often moved in multiple transactions so that each one looks routine and so the total leaves the country before anyone reconciles the books. Verifiable controls on the payment step, which we build into enterprise deployments, are what break this chain.
What are the real cases of deepfake wire fraud?
The most cited case is the 2024 Arup incident, in which a finance employee in Hong Kong wired the equivalent of about $25 million after a video call filled with deepfaked colleagues. The Ferrari case the same year shows the opposite outcome: one verification question stopped the scam cold.
At the global engineering firm Arup, an employee received a message purporting to be from the UK-based chief financial officer about a secret transaction. Initially skeptical, the worker joined a video call where the CFO and other colleagues looked and sounded real. They were deepfakes. The employee then made 15 transfers totaling roughly $25 million before the fraud was discovered.
Contrast that with Ferrari. In July 2024, an executive received WhatsApp messages and a call using the CEO's cloned voice, pushing an urgent confidential acquisition. The executive asked a question only the real CEO could answer, the title of a book he had recommended days earlier. The caller could not answer and hung up. The scam failed because of a human out-of-band check, not a piece of software.
The Arup employee saw and heard trusted colleagues on video. They were all synthetic. Seeing is no longer believing, so verification has to move to a channel the attacker does not control.
Why are deepfake scams growing so fast?
Deepfake scams are growing because the technology is now cheap, fast, and realistic enough to defeat the informal trust checks businesses have relied on for decades, such as recognizing a boss's voice. Fraud that once needed a skilled forger now needs a laptop and a few seconds of audio.
The economics are brutal for defenders. When a convincing fake costs almost nothing to produce, attackers can attempt many targets and profit from a single success. Business email compromise, the category deepfake wire fraud extends, has drained billions from US organizations across every state.
Forecasters expect the trend to accelerate. Deloitte's Center for Financial Services projects that generative AI could push US fraud losses from about $12.3 billion in 2023 to $40 billion by 2027, a compound annual growth rate of roughly 32%. For a region like Southwest Florida with concentrated wealth and high-value transactions, that curve is a planning problem, not a headline.
What are the warning signs of a deepfake wire fraud attempt?
The warning signs are behavioral, not technical: urgency, secrecy, a change in payment details, pressure to skip normal approvals, and a request that arrives through an unusual channel. The fake face or voice is the bait; these pressure tactics are the hook you can actually recognize.
- Urgency and secrecy: a deal is confidential, must close today, and you are told not to discuss it internally.
- New or changed banking details, especially a last-minute change before a closing or vendor payment.
- A request to bypass normal approvals or the usual dual-authorization process.
- Contact on a new number, new app, or a video call that replaces a request you would normally get in person.
- Slight audio or visual oddities: off tone, unnatural pauses, lip-sync lag, or stiff facial movement on video.
- Emotional pressure or appeals to authority that discourage you from calling the person back.
Real estate and title fraud in Southwest Florida already leans on last-minute wiring-instruction changes, and deepfake audio makes the follow-up call more convincing. Treat any change to payment details as a red flag until it is confirmed out of band. Our deepfake defense guidance builds these checks into closing and payment workflows.
How does a Naples business stop deepfake wire fraud?
The single most effective control is out-of-band verification: before any wire, confirm the request through a separate, pre-established channel using a known phone number or a shared secret phrase, never a number or link supplied in the request itself. This is exactly what saved Ferrari.
The FBI's own guidance for the wave of AI voice-cloning impersonations is to independently find a trusted number and call the person back to verify, rather than trusting the incoming contact. Some teams now establish shared secret phrases so a caller can prove identity in a sensitive moment.
- Require callback verification on a known number for any wire above a set threshold or any change to banking details.
- Set a shared verification phrase or challenge question for executives and finance staff.
- Enforce dual authorization so no single person can release a large transfer.
- Train staff that urgency plus secrecy equals stop and verify, not comply.
- Log and verify approvals so every payment decision leaves an auditable, tamper-evident record.
We take the honest position that no control makes a business unhackable. The goal is verifiable trust: making every high-value action provable and every approval independently confirmable, so a synthetic voice cannot substitute for a real decision. That principle runs through our AI governance and post-quantum work, and we help Naples and SWFL teams put it in place through a consultation.
Threats — common questions
Can you tell a deepfake voice from a real one on a call?
Is deepfake wire fraud the same as business email compromise?
Are small businesses in Naples really targets, or just big firms like Arup?
What should we do the moment we suspect a deepfake wire fraud attempt?
Sources
- 2024 Internet Crime Report · FBI Internet Crime Complaint Center (IC3)
- 2023 Internet Crime Report · FBI Internet Crime Complaint Center (IC3)
- A deepfake 'CFO' tricked British design firm Arup in $25 million fraud · Fortune
- Arup revealed as victim of $25 million deepfake scam · CNN Business
- Ferrari exec foils deepfake attempt with a security question only the CEO could answer · Fortune
- Generative AI is expected to magnify the risk of deepfakes and other fraud in banking · Deloitte Center for Financial Services
- Deepfake Attacks Strike Every Five Minutes Amid 244% Surge in Digital Document Forgeries · Entrust
- Deepfake scams escalate, hitting 53% of businesses · CFO Dive (Medius survey)
- 92% of companies have experienced financial loss due to a deepfake · CFO.com (Regula report)
- Senior US Officials Impersonated in Malicious Messaging Campaign (PSA I-051525-PSA) · FBI Internet Crime Complaint Center (IC3)
Protect your Naples business against this.
RankShield turns the ideas in this guide into verifiable defense for your Southwest Florida business. Get a no-obligation assessment.