The cyberattack that convinced a finance employee to transfer nearly $25 million after joining what appeared to be a legitimate video meeting did more than expose a new fraud technique. It demonstrated that one of the oldest assumptions in business, that seeing and hearing a trusted colleague is enough to establish identity, can no longer be relied upon.
That incident, involving global engineering firm Arup, has become one of the defining examples of how artificial intelligence is reshaping financial crime. It also illustrates the broader trend highlighted in a new guide published by Resemble AI, which argues that deepfakes have evolved from isolated demonstrations into a mainstream security risk affecting enterprises, financial institutions and government agencies.
The report brings together recent research from Gartner, the FBI, the World Economic Forum and academic institutions to map how synthetic media is being used in fraud, why traditional cybersecurity tools struggle to detect it, and what organizations need to do to defend themselves.
Deepfakes Have Become A Financial Risk
For years, deepfakes were largely associated with manipulated celebrity videos and internet hoaxes. That perception has changed rapidly as generative AI models have become more realistic, cheaper and easier to use.
According to Gartner research cited in the report, 62% of organizations experienced a deepfake attack during the previous 12 months. Nearly seven in ten attacks targeted video systems, while 67% targeted voice-based communications. Meanwhile, the FBI’s 2025 Internet Crime Complaint Center report estimated AI-enabled scams generated approximately $893 million in reported losses.
Researchers also estimate that around eight million pieces of synthetic media were circulating online during 2025, representing explosive growth from only a few years earlier. While estimates vary depending on methodology, every major study points in the same direction: AI-generated deception is expanding at a pace that existing security controls were never designed to handle.
For financial institutions, the implications extend well beyond social media misinformation. Every process that depends on voice recognition, video verification or trust in digital identity becomes a potential attack surface.
The $25 Million Wake-Up Call
The Arup incident has become the industry’s defining case study.
A finance employee initially suspected a phishing email requesting a confidential transaction. Rather than acting immediately, the employee joined what appeared to be a video conference with the company’s chief financial officer and several colleagues.
Everyone looked authentic.
Everyone sounded authentic.
The meeting appeared entirely legitimate.
Following instructions received during the call, the employee authorized multiple wire transfers totaling roughly $25 million.
Only later did investigators determine that nearly every participant on the call had been generated using AI.
The attack succeeded because it bypassed the technical controls organizations have spent decades improving. There was no malware, compromised endpoint or malicious attachment. Instead, the attackers exploited something much harder to secure: human trust.
The employee had correctly identified the suspicious email. What overrode that judgment was the apparent confirmation provided by familiar faces and voices during the video meeting.
Identity Is Becoming Harder To Verify
The report argues that organizations should stop viewing deepfakes as isolated cybersecurity events and instead treat them as an identity problem.
Voice cloning technology now requires only seconds of publicly available audio to produce convincing imitations. Conference presentations, earnings calls, podcasts and interviews effectively become training material for attackers seeking to impersonate executives.
Video generation has undergone similar improvements. What once required expensive visual effects can now be produced using consumer AI tools capable of generating convincing facial expressions, synchronized speech and realistic video calls.
That evolution is beginning to challenge the assumptions underlying identity verification.
Gartner has previously predicted that by 2026, 30% of enterprises would no longer consider identity verification reliable on its own because of AI-generated deepfakes, a forecast the report highlights as increasingly relevant as attacks become more sophisticated.
Rather than simply stealing passwords, attackers can increasingly impersonate trusted individuals themselves.
Financial Services Have Become A Prime Target
Although deepfake attacks affect multiple industries, financial services face unique exposure because so many high-value decisions rely on trusted communications.
Payment approvals, account recovery, remote onboarding, wealth management consultations and customer support interactions increasingly occur over digital channels where identity has traditionally been established visually or through voice recognition.
The guide identifies several recurring attack patterns already affecting organizations.
Executive impersonation remains the highest-value category, using cloned executives to authorize fraudulent payments.
Investment scams continue to use AI-generated videos of politicians, celebrities and financial personalities promoting fake trading or cryptocurrency platforms.
Hiring fraud has emerged as another growing concern, with synthetic identities and AI-generated applicants attempting to gain employment inside organizations to access sensitive systems or information.
Meanwhile, consumer fraud continues evolving through AI-generated voices that imitate family members during so-called virtual kidnapping scams or customer-service impersonation attacks.
Collectively, these incidents demonstrate that deepfakes are no longer confined to media manipulation. They are increasingly becoming financial crime tools.
Why Traditional Security Tools Miss The Threat
The report argues that most cybersecurity investments focus on detecting malicious software, suspicious emails or compromised devices.
Deepfakes operate differently.
Instead of attacking networks, they attack perception.
When a legitimate employee authorizes a payment using a trusted laptop during what appears to be a normal video meeting, conventional security controls often observe nothing unusual.
There is no malicious attachment to quarantine.
There is no compromised device.
There is simply a human making what appears to be a legitimate business decision based on fraudulent visual and audio evidence.
That distinction explains why enterprises increasingly view deepfake detection as a separate security discipline rather than an extension of existing anti-phishing technologies.
Building Multiple Layers Of Defense
Rather than relying on a single solution, the report recommends a layered approach combining four complementary capabilities.
The first focuses on identity verification through liveness detection and continuous authentication.
The second establishes provenance using technologies such as Content Credentials and digital watermarking to verify where content originated.
The third employs AI detection systems capable of analyzing audio, video and images for artifacts associated with synthetic generation while providing explainable results that security teams can investigate.
The final layer extends beyond detection to continuous monitoring, allowing organizations to identify executive impersonation, fraudulent brand usage and other deepfakes circulating publicly before they gain traction.
According to the report, no individual layer can eliminate the threat. Instead, organizations should assume attackers will eventually bypass individual controls and design security programs accordingly.
Deepfakes Are Becoming An Enterprise Problem
The race between generative AI and cybersecurity has entered a new phase.
Early deepfakes could often be identified through distorted hands, unnatural blinking or poor lip synchronization. Those visual clues are disappearing as AI models improve.
As a result, enterprises are increasingly shifting from asking whether AI-generated fraud is possible to determining how quickly they can detect and respond when it inevitably occurs.
For brokerages, banks, payment providers and fintech companies, that shift could prove especially significant. As more customer interactions, onboarding processes and payment approvals move online, identity itself is becoming one of the industry’s most valuable assets and one of its most vulnerable.
The $25 million Arup incident demonstrated that even cautious employees can be deceived when AI convincingly recreates trusted colleagues. As synthetic media continues improving, the challenge for financial institutions may no longer be recognizing fake content with the human eye, but building systems capable of verifying trust before decisions involving millions of dollars are made.