About Family Office Clients Financial Intelligence Capabilities Partnerships Leadership Enquire Log In
Back to overview
AI-Enabled Fraud & Executive Impersonation Intelligence · Case Study

$25.6 million.
One video call.
Every face was fake.

Deepfake CEO fraud is now the fastest-growing financial crime targeting US enterprises. A voice can be cloned from three seconds of audio. Every earnings call your executives have ever recorded is already training data. The controls most organisations rely on were built for a threat that no longer exists.

$40B
Projected US AI fraud losses by 2027
+1,600%
Rise in vishing attacks Q4 2024 to Q1 2025
$25.6M
Lost in a single deepfake video call
<5%
Voice clone victims who report losses
Case Timeline

How AI voice fraud went from theoretical risk to operational reality

Pre-2024
Deepfake voice and video tools become freely available, requiring no technical expertise. A voice can be cloned from as little as three seconds of publicly available audio — earnings calls, podcasts, and investor presentations become unwitting training data.
2024
A finance employee transfers $25.6M across 15 transactions after a video call in which every participant — including the apparent CFO — was an AI-generated deepfake. The employee had suspected phishing but the live video overcame his scepticism entirely. AI-powered BEC generates $2.77B in losses across 21,442 FBI-reported incidents.
Q1 2025
Deepfake vishing attacks surge 1,600% quarter-on-quarter in the US alone. The FBI logs 22,000+ AI fraud complaints with losses exceeding $893M. Over half of US organisations report financial losses tied to deepfake or AI voice fraud — average loss per incident exceeds $280,000.
2025–2026
46 US states enact deepfake-specific legislation. 146 bills introduced in 2025 alone. The federal TAKE IT DOWN Act becomes law. Congressional researchers confirm fewer than 5% of voice clone victims ever report losses — official figures represent a significant undercount of actual harm.
By 2027
Deloitte projects US AI fraud losses reaching $40B annually. Gartner warns that 30% of enterprises will no longer consider standalone identity verification solutions reliable in isolation. Multimodal attacks — combining email, voice, and video — become the dominant campaign format.
Scheme Mechanics

The 4-step attack that bypasses every standard control

Free tools. No technical expertise. A preparation phase that begins weeks before the call. The attacker's edge is not sophistication — it is that the verification controls they face were never designed for this threat.

STEP 01

Executive profiling

Attackers map the organisation from LinkedIn, SEC filings, and press releases — identifying who approves wire transfers, which vendors are active, and what a financially plausible pretext looks like right now.

STEP 02

Voice and video cloned

Audio harvested from earnings calls, keynotes, and podcast appearances. A convincing clone assembled using free tools requiring no specialist skill — complete with speech patterns and verbal mannerisms.

STEP 03

Authority pressure applied

Target employee receives a call — or video call — from what sounds and looks exactly like their CEO or CFO. Urgency created. Confidentiality requested. The psychological mechanism is authority compliance, not ignorance.

STEP 04

Transfer authorised

Payment executed before standard verification can intervene. In multimodal campaigns, email, voice, and video are layered sequentially — each channel reinforcing the last until no verification instinct remains to slow the process.

Why Traditional Compliance Failed

Failure mode analysis — layer by layer

Compliance Layer
What Legacy Systems Saw
What They Missed
Result
Caller ID verification
Number matching the executive's known mobile or office line
Number spoofed using free tools — caller ID provides zero assurance
✗ Passed
Email confirmation
Written follow-up from apparent executive domain
Compromised inbox or convincing lookalike domain passed casual visual inspection
✗ Passed
Video call verification
Live video showing familiar faces and synchronised movements
Every participant was AI-generated — video calls are no longer inherently trustworthy
✗ Passed
Security awareness training
Annual training on phishing and social engineering
Exploit is authority compliance — not ignorance. Training has no measurable effect on voice clone susceptibility
✗ Passed
Single-authorisation payments
One employee, one channel, one instruction
No dual authorisation — entire $25.6M transferred on one employee's decision
✗ Passed
The Global AI Fraud Context

The detection gap — at scale

Scale of the problem
Projected US AI losses 2027
$40B
FBI AI fraud complaints 2025
22,000+
Vishing surge Q4-24 to Q1-25
+1,600%
Victims who report losses
<5%
Per-incident cost
Avg deepfake loss per incident
$280K
Incidents over $500K
~20%
Largest single documented loss
$25.6M
DigiDoe executive monitoring
Continuous
DigiDoe vs Legacy Compliance

Head-to-head — what would have changed

Capability
Legacy Institution
DigiDoe
Identity verification on payment instructions
Voice or video call accepted as sufficient authorisation
Out-of-band challenge — pre-agreed codes no clone can answer
High-value transfer authorisation
Single employee, single channel
Dual authorisation — two individuals, two verified channels
Executive digital footprint monitoring
No audit of public audio/video available for cloning
Quarterly executive audio/video audit
Dark web & Telegram monitoring
No visibility into targeting campaigns being assembled
Continuous monitoring — early warning before first call
AI deepfake detection
No detection layer — or standalone tool as primary control
AI detection as one layer in a multi-layer approach
AMLR-2027 readiness
Requires full rebuild
Native architecture
FCA Authorised ISO 27001 ISO 22301 Patented AI Onboarding AMLR-2027 Ready $2B+ Processed Annually

"Deepfake fraud is not defeated by teaching employees to listen more carefully. It is defeated by building verification processes that a perfect imitation still cannot pass."

DigiDoe Financial Intelligence · Built for AMLR-2027

Don't wait for a $25.6 million call to find out.

Executive targeting campaigns detected before the first call is placed. Payment verification that no voice clone can bypass.

Request a BriefingStart Onboarding