Generative artificial intelligence is rapidly becoming a transformative tool in creative industries, enabling productions to achieve complex visual effects with unprecedented speed and cost-efficiency. Media giants are leveraging the technology to complete projects that would have otherwise been financially unfeasible. This advancement showcases the immense potential of AI to enhance content creation and streamline operations across the business world.
However, the same technology that fuels creative breakthroughs is also being weaponized for sophisticated corporate fraud. Criminals are deploying AI-driven deepfakes to impersonate senior executives with startling accuracy, manipulating employees into transferring large sums of money or divulging sensitive information. These attacks exploit human trust and bypass traditional cybersecurity measures, creating a new and urgent threat landscape that has already led to staggering financial losses and forced companies to rethink the very nature of identity verification.
A New Frontier in Media Production
The entertainment industry has been one of the earliest and most visible adopters of generative AI’s creative capabilities. Netflix recently made history by using the technology to generate final-footage visual effects for its Argentine science fiction series, The Eternaut. The production team was tasked with creating a sequence depicting a building collapse, a scene that would typically require extensive and costly special effects work.
By employing generative AI, the team completed the sequence 10 times faster than was possible with traditional methods. According to Netflix co-CEO Ted Sarandos, the efficiency gains were so significant that they made the scene viable for a show with its specific budget. He noted that the creators were thrilled with the result, which marked the first instance of generative AI-created final footage appearing in a Netflix original production. This application highlights how AI can democratize high-end visual effects and accelerate production timelines, opening new possibilities for storytellers.
The Anatomy of a Deepfake Heist
While AI drives innovation in some sectors, it enables deception in others. Corporate deepfake scams involve criminals using AI to create synthetic audio or video that convincingly mimics real individuals. These impersonations are then used in social engineering schemes that target employees with access to finances or confidential data. Recent incidents at major global companies reveal a disturbing pattern of methodical and highly personalized attacks.
The Ferrari Deception
Luxury automaker Ferrari recently thwarted an elaborate deepfake attempt targeting one of its executives. The incident started with WhatsApp messages from an unknown number, with the sender posing as CEO Benedetto Vigna and using his photograph as a profile picture. The messages alluded to a major, confidential acquisition and instructed the executive to prepare to sign a non-disclosure agreement. The scammer then escalated the attack to a phone call, using voice-cloning technology to replicate Vigna’s southern Italian accent. The impersonator claimed to be using a different phone because of the deal’s sensitive nature. However, the executive grew suspicious after noticing subtle mechanical intonations in the voice. To verify the caller’s identity, the executive asked a personal question about a book the real Vigna had recently recommended. Unable to name the book, the scammer abruptly ended the call, and a potential financial disaster was averted.
High-Stakes Corporate Impersonations
Other corporations have not been as fortunate. WPP, the world’s largest advertising group, saw its CEO, Mark Read, impersonated by fraudsters who used his photograph for a fake WhatsApp account and deployed voice-cloning software during a Microsoft Teams meeting. The attackers impersonated Read and another senior executive in an attempt to solicit money and personal details from an agency leader. In an internal email, Read warned staff to be vigilant for techniques that go beyond email, such as requests for passport information or references to secret transactions.
In a particularly severe case, the multinational engineering firm Arup lost HK$200 million (US$26 million) after an employee was deceived during a video conference. Scammers used deepfake technology to create fabricated representations of the company’s chief financial officer and other executives, convincing the staff member to authorize the transfers. This incident underscores the growing sophistication of video-based deepfakes, which can overcome the suspicions that might arise from an audio-only call.
Human Intelligence as the Last Defense
The Ferrari case highlights what experts believe is the most effective defense against deepfake scams: human verification. The executive’s quick thinking and curiosity—traits that AI lacks—were instrumental in foiling the attack. As these threats grow, companies are being urged to implement multi-layered verification strategies that do not rely solely on technology for detection. Rachel Tobac, CEO of the cybersecurity training firm SocialProof Security, has noted a significant increase in criminals attempting to use AI for voice cloning.
The most practical defense involves establishing firm protocols for any high-stakes communication. This includes requiring callback procedures to a known, trusted phone number or using a secondary confirmation channel before executing financial transactions or sharing sensitive data. Employee education is another critical component. Staff must be trained to recognize the warning signs of a deepfake, which can include poor audio quality, unusual speech patterns, or requests that deviate from standard operating procedures. The goal is to instill a culture of pausing to verify instead of reacting immediately to urgent-sounding requests, even when they appear to originate from a high-level executive.
Fighting Artificial Intelligence with AI
While human protocols are foundational, technology also plays a role in combating AI-generated fraud. Companies are increasingly deploying advanced systems designed to detect synthetic media, effectively using AI to fight AI. These technologies form a crucial part of a modern cybersecurity framework.
Automated Detection and Biometrics
AI-driven deepfake detection platforms can analyze video and audio for subtle artifacts and inconsistencies that are invisible to the human eye. These systems can also spot behavioral anomalies during verification processes. However, experts caution that attackers’ capabilities often advance faster than detection technologies can keep up. To supplement this, liveness detection technology is being integrated into many security systems, particularly for digital onboarding in the financial sector. This tech verifies a user’s presence by prompting them for subtle movements like blinking or slight facial expressions, actions that are difficult for many deepfakes to replicate convincingly.
Behavioral biometrics offer another sophisticated layer of protection. These systems analyze unique patterns in user behavior, such as typing cadence, mouse movements, and navigation habits. Because these patterns are distinct to each individual and hard to mimic, they provide a strong signal of a user’s true identity, helping to flag fraudulent access attempts even if an attacker has legitimate credentials.
The Escalating Financial and Social Costs
The threat posed by generative AI fraud is projected to grow exponentially. Deloitte’s Center for Financial Services predicts that annual losses in the United States from this type of fraud could reach US$40 billion by 2027. The Arup case, with its US$26 million loss, serves as a stark warning of the financial devastation a single successful attack can cause. Beyond the monetary cost, these scams erode trust, which is the bedrock of corporate communication and transactions.
What makes deepfake attacks particularly dangerous is their ability to exploit human psychology. Unlike traditional cyberattacks that target technical vulnerabilities, these scams prey on personal vulnerabilities, using fabricated media to evoke emotional responses like urgency, fear, or a desire to be helpful. This social engineering component makes them difficult to defend against with purely technical solutions. As Rob Greig, the Chief Information Officer at Arup, stated, humans rely heavily on audio and visual cues, and these technologies are designed to manipulate that reliance. His advice reflects the new reality: “I think we really do have to start questioning what we see.” The most resilient organizations will be those that blend technological defenses with rigorous human verification and continuous employee training.
