Home/Learn/Threats
Threats

Deepfake Wire Fraud: How AI Voice and Video Scams Trick Businesses Into Sending Money

AI can now clone a CEO's face and voice convincingly enough to authorize a wire transfer. Here is how the scam works, the real cases behind it, and the out-of-band verification that stops it.

9 min read·Updated 2026-07-01·10 sources

What is deepfake wire fraud?

Deepfake wire fraud is a scam in which criminals use AI-generated voice or video to impersonate a trusted executive, colleague, or client and pressure an employee into sending a wire transfer to an account the attacker controls. It is a modern form of business email compromise, and it targets the one human who can move money.

The mechanics are simple and the psychology is old. Attackers harvest a few seconds of a leader's voice from a webinar, earnings call, or social video, clone it, then place a call or join a video meeting posing as that person. The request is always urgent, confidential, and framed to discourage the employee from checking. In Naples and Southwest Florida, where title companies, family offices, and real estate closings move large sums on short timelines, the pattern fits the local economy uncomfortably well.

$16.6B
Total losses reported to the FBI's Internet Crime Complaint Center in 2024, a 33% increase over 2023 and the highest ever recorded.
FBI IC3 Annual Report, 2024 ↗

Deepfake wire fraud sits at the intersection of two trends: cybercrime losses are climbing fast, and the tools to fake a person are now cheap and public. That combination is why our AI security services treat identity verification, not just email filtering, as the core control.

How does a deepfake wire fraud attack actually work?

A typical attack runs in four stages: reconnaissance, impersonation, pressure, and payment. Criminals research who authorizes wires, clone a voice or face, contact that employee with an urgent confidential request, and rush the transfer before anyone can verify it through a second channel.

Stage one is research. Attackers study a company's leadership, org chart, and vendor relationships, often from public sources like LinkedIn and press releases. Stage two is the fake itself. A short audio sample is enough for a convincing voice clone, and screen-shared video calls can now feature synthetic faces of multiple people at once.

  • Reconnaissance: identify the finance staff who can send wires and the executives they trust.
  • Impersonation: clone the executive's voice or face from public audio and video.
  • Pressure: invoke urgency, secrecy, and authority to shut down normal checks.
  • Payment: direct funds to a mule account, often split across several fast transfers.
Every 5 minutes
How often a deepfake fraud attempt occurred in 2024, alongside a 244% year-over-year rise in digital document forgeries.
Entrust Identity Fraud Report, 2024 ↗

The final stage is designed for speed. Money is often moved in multiple transactions so that each one looks routine and so the total leaves the country before anyone reconciles the books. Verifiable controls on the payment step, which we build into enterprise deployments, are what break this chain.

What are the real cases of deepfake wire fraud?

The most cited case is the 2024 Arup incident, in which a finance employee in Hong Kong wired the equivalent of about $25 million after a video call filled with deepfaked colleagues. The Ferrari case the same year shows the opposite outcome: one verification question stopped the scam cold.

At the global engineering firm Arup, an employee received a message purporting to be from the UK-based chief financial officer about a secret transaction. Initially skeptical, the worker joined a video call where the CFO and other colleagues looked and sounded real. They were deepfakes. The employee then made 15 transfers totaling roughly $25 million before the fraud was discovered.

$25M
Wired by an Arup employee across 15 transactions after a video call in which the CFO and colleagues were AI deepfakes.
Fortune / CNN Business, 2024 ↗

Contrast that with Ferrari. In July 2024, an executive received WhatsApp messages and a call using the CEO's cloned voice, pushing an urgent confidential acquisition. The executive asked a question only the real CEO could answer, the title of a book he had recommended days earlier. The caller could not answer and hung up. The scam failed because of a human out-of-band check, not a piece of software.

The Arup employee saw and heard trusted colleagues on video. They were all synthetic. Seeing is no longer believing, so verification has to move to a channel the attacker does not control.
53%
Share of US and UK businesses targeted by a deepfake-powered financial scam, with 43% falling victim, per a survey of 1,533 finance professionals.
Medius survey via CFO Dive, 2024 ↗

Why are deepfake scams growing so fast?

Deepfake scams are growing because the technology is now cheap, fast, and realistic enough to defeat the informal trust checks businesses have relied on for decades, such as recognizing a boss's voice. Fraud that once needed a skilled forger now needs a laptop and a few seconds of audio.

The economics are brutal for defenders. When a convincing fake costs almost nothing to produce, attackers can attempt many targets and profit from a single success. Business email compromise, the category deepfake wire fraud extends, has drained billions from US organizations across every state.

$2.9B
Reported losses to business email compromise in the US in 2023 across 21,489 complaints, the category deepfake wire fraud now supercharges.
FBI IC3 Annual Report, 2023 ↗

Forecasters expect the trend to accelerate. Deloitte's Center for Financial Services projects that generative AI could push US fraud losses from about $12.3 billion in 2023 to $40 billion by 2027, a compound annual growth rate of roughly 32%. For a region like Southwest Florida with concentrated wealth and high-value transactions, that curve is a planning problem, not a headline.

$40B
Projected US generative-AI-enabled fraud losses by 2027, up from $12.3 billion in 2023 (about 32% annual growth).
Deloitte Center for Financial Services, 2024 ↗

What are the warning signs of a deepfake wire fraud attempt?

The warning signs are behavioral, not technical: urgency, secrecy, a change in payment details, pressure to skip normal approvals, and a request that arrives through an unusual channel. The fake face or voice is the bait; these pressure tactics are the hook you can actually recognize.

  • Urgency and secrecy: a deal is confidential, must close today, and you are told not to discuss it internally.
  • New or changed banking details, especially a last-minute change before a closing or vendor payment.
  • A request to bypass normal approvals or the usual dual-authorization process.
  • Contact on a new number, new app, or a video call that replaces a request you would normally get in person.
  • Slight audio or visual oddities: off tone, unnatural pauses, lip-sync lag, or stiff facial movement on video.
  • Emotional pressure or appeals to authority that discourage you from calling the person back.

Real estate and title fraud in Southwest Florida already leans on last-minute wiring-instruction changes, and deepfake audio makes the follow-up call more convincing. Treat any change to payment details as a red flag until it is confirmed out of band. Our deepfake defense guidance builds these checks into closing and payment workflows.

92%
Share of businesses that reported experiencing financial loss due to a deepfake, per a Regula survey of organizations.
Regula via CFO.com, 2024 ↗

How does a Naples business stop deepfake wire fraud?

The single most effective control is out-of-band verification: before any wire, confirm the request through a separate, pre-established channel using a known phone number or a shared secret phrase, never a number or link supplied in the request itself. This is exactly what saved Ferrari.

The FBI's own guidance for the wave of AI voice-cloning impersonations is to independently find a trusted number and call the person back to verify, rather than trusting the incoming contact. Some teams now establish shared secret phrases so a caller can prove identity in a sensitive moment.

  • Require callback verification on a known number for any wire above a set threshold or any change to banking details.
  • Set a shared verification phrase or challenge question for executives and finance staff.
  • Enforce dual authorization so no single person can release a large transfer.
  • Train staff that urgency plus secrecy equals stop and verify, not comply.
  • Log and verify approvals so every payment decision leaves an auditable, tamper-evident record.
Since 2023
The period over which the FBI documented AI-generated voice and text campaigns impersonating senior US officials, prompting formal callback-verification guidance.
FBI Public Service Announcement I-051525-PSA, 2025 ↗

We take the honest position that no control makes a business unhackable. The goal is verifiable trust: making every high-value action provable and every approval independently confirmable, so a synthetic voice cannot substitute for a real decision. That principle runs through our AI governance and post-quantum work, and we help Naples and SWFL teams put it in place through a consultation.

FAQ

Threats — common questions

Can you tell a deepfake voice from a real one on a call?
Sometimes, but you should not rely on it. Early clones had robotic tone, odd pauses, or mismatched background noise, and careful listeners occasionally catch these. But the FBI notes that AI-generated voices can now sound nearly identical to a known contact. The safer assumption is that you cannot reliably distinguish a good clone by ear. Instead of trying to detect the fake in real time, shift the burden to verification: hang up and call the person back on a number you already have, or ask a pre-agreed challenge question. Ferrari stopped a deepfake CEO scam in 2024 precisely this way, with a question only the real CEO could answer.
Is deepfake wire fraud the same as business email compromise?
It is an evolution of it. Business email compromise, or BEC, traditionally used spoofed or compromised email to impersonate an executive or vendor and redirect a payment. Deepfake wire fraud adds AI-generated voice or video to that playbook, making the impersonation far more convincing when the target asks for a call or meeting to confirm. The FBI's Internet Crime Complaint Center tracked about $2.9 billion in BEC losses in the US in 2023, and deepfakes are now layered on top of that same social-engineering structure. The defense is largely the same: verify payment requests and changes to banking details through a separate, trusted channel before moving money.
Are small businesses in Naples really targets, or just big firms like Arup?
Small and midsize businesses are frequent targets, not exceptions. Large losses like Arup's roughly $25 million make headlines, but the volume of attacks falls on smaller organizations that lack dedicated fraud teams. A Medius survey of finance professionals found 53% of US and UK businesses had been targeted by deepfake-powered financial scams and 43% had fallen victim. In Southwest Florida, title companies, law firms, medical practices, and family offices routinely move large sums on tight deadlines, which is exactly the profile attackers seek. The good news is that the core defense, out-of-band verification of every wire, costs little and works regardless of company size.
What should we do the moment we suspect a deepfake wire fraud attempt?
Stop the transaction and verify before doing anything else. Do not use any contact details from the suspicious message; independently call the executive or vendor on a number you already trust. If a wire has already gone out, contact your bank immediately to request a recall and report it to the FBI at ic3.gov, whose Recovery Asset Team can attempt to freeze funds if you act fast. Preserve the emails, call logs, and any recordings. Then review how the request bypassed your controls so you can close the gap. Speed matters: stolen funds are often split across several transfers and moved abroad within hours.

Sources

  1. 2024 Internet Crime Report · FBI Internet Crime Complaint Center (IC3)
  2. 2023 Internet Crime Report · FBI Internet Crime Complaint Center (IC3)
  3. A deepfake 'CFO' tricked British design firm Arup in $25 million fraud · Fortune
  4. Arup revealed as victim of $25 million deepfake scam · CNN Business
  5. Ferrari exec foils deepfake attempt with a security question only the CEO could answer · Fortune
  6. Generative AI is expected to magnify the risk of deepfakes and other fraud in banking · Deloitte Center for Financial Services
  7. Deepfake Attacks Strike Every Five Minutes Amid 244% Surge in Digital Document Forgeries · Entrust
  8. Deepfake scams escalate, hitting 53% of businesses · CFO Dive (Medius survey)
  9. 92% of companies have experienced financial loss due to a deepfake · CFO.com (Regula report)
  10. Senior US Officials Impersonated in Malicious Messaging Campaign (PSA I-051525-PSA) · FBI Internet Crime Complaint Center (IC3)
Get started

Protect your Naples business against this.

RankShield turns the ideas in this guide into verifiable defense for your Southwest Florida business. Get a no-obligation assessment.