Corporate Deepfakes: The US$1.1 Billion Fraud Reshaping Executive Security

In March 2025, a CFO from a multinational company in Singapore joined what appeared to be a routine Zoom call with the company's senior leadership. He was presented with an urgent request to transfer US$499,000. Every face in the video call was a deepfake. Every voice was artificially generated. The transaction was completed before any verification could be requested.

The Singapore case was not isolated. In January 2024, Arup, a global engineering firm, suffered 15 fraudulent transfers totalling US$25.6 million in a single day after a finance employee participated in a video call where all attendees were AI-generated executives. Early in 2025, a coordinated wave of deepfake attacks struck high-profile Italian entrepreneurs, including the designer Giorgio Armani.

The Scale of the Problem in 2025-2026

Deepfake frauds drained US$1.1 billion from American corporate accounts in 2025, tripling from US$360 million the previous year. The FBI recorded more than 22,000 complaints of AI-related fraud in 2025, with losses exceeding US$893 million. The total number of deepfakes increased from 500,000 in 2023 to over 8 million in 2025.

The technological barrier has vanished. A convincing voice clone can now be created from just three seconds of audio. Every earnings call, conference presentation, podcast, and interview that an executive has ever recorded is available as training data. The CFO who participated in a public webinar in 2023 could have his voice cloned without ever realising it.

Deepfake-as-a-Service

The fraud market has democratized the technology. Deepfake-as-a-Service platforms, available on the dark web for as little as US$20 per month, allow attackers with no technical skills to create convincing videos and audios of any notable public executive. The result is that the threat is no longer restricted to state actors with advanced resources.

The Organisational Response

Only 32% of corporate executives believe their organisations are prepared to deal with a deepfake incident. The preparedness gap is structural: most financial authorisation processes were designed for a world where voice and video identity were sufficient for verification.

Countermeasures that are being adopted by more advanced organisations include: out-of-band verification passcodes for financial requests above certain thresholds, the requirement for confirmation via an alternative channel (text message or phone call to a previously registered number) for any transfer requested via video or audio, and periodic training with deepfake attack simulations for financial teams.

Security providers estimate that projected losses from AI-enabled fraud could reach US$40 billion by 2027. For organisations that have not updated their identity verification protocols, the question is not whether they will be targeted. It is when.