imadethisup.org Retain →
05 / 09 — THE WAR ROOM

When the call sounds like the CEO, but isn't.

Synthetic voice and video are now within budget for ordinary fraud crews. The question is no longer if, but which protocol fires first. Below: the case data that should change your finance controls, a six-step authentication protocol, and the regulatory framework you can lean on after the fact.

01 · The case that changed corporate posture

Arup Hong Kong, late January 2024 — fifteen wires, twenty-five million dollars, four minutes per transfer.

The finance employee in Arup's Hong Kong office initially received an email from an account claiming to be the firm's UK-based CFO, asking that several confidential transactions be deployed. The employee suspected phishing — the right instinct. He was reassured when he joined a video conference where the CFO and several colleagues appeared on camera, looked and sounded like themselves, and walked him through the transfers in real time.[1]

Every other participant on the call was an AI-generated deepfake. Over the course of the call he authorized fifteen separate wire transfers, totaling approximately USD 25 million, to five accounts controlled by the perpetrators.[2] Arup confirmed the incident publicly in May 2024. The firm's chief information officer, Rob Greig, framed it explicitly: “None of our systems were compromised and there was no data affected... this was technology-enhanced social engineering.”[3]

The relevant lesson is operational, not technical. Every Arup system was intact. The break point was the company's payment-approval workflow — specifically, that a video call could substitute for an out-of-band callback above the wire-transfer threshold.

02 · Patterns from the public record

Three more incidents that did not make the front page.

2019 VOICE · €220K LOSS UK energy firm — voice-clone CEO

A UK-based managing director, insured through Euler Hermes, was talked into wiring €220,000 (≈ USD 243,000) to a Hungarian supplier after a phone call with what he believed was his German parent-company CEO — recognizable by “slight German accent” and the “melody” of the voice. Funds were laundered through Mexico. A second attempted call was rebuffed when the originating number was identified as Austrian, not German.

Wall Street Journal, August 2019. Sophos analysis

2024 VOICE+TEXT · ATTEMPT FOILED Ferrari — “Hey, did you hear about the big acquisition?”

In July 2024 a Ferrari executive received WhatsApp messages from a number resembling but not matching CEO Benedetto Vigna's, then a phone call using a deepfake of Vigna's voice and accent. The attempt failed when the executive asked the caller to name the title of a book Vigna had personally recommended a few days earlier — an answer the synthetic system did not have.

Bloomberg, 26 July 2024. Bloomberg coverage

2024 VOICE · ATTEMPT FOILED LastPass — voicemail of “Karim”

In April 2024 a LastPass employee received calls, texts, and a voicemail using an audio deepfake of CEO Karim Toubba — over WhatsApp, outside normal company communication channels. The employee flagged the channel choice and forced urgency as social-engineering hallmarks and reported to internal security; LastPass disclosed the attempt to share lessons.

LastPass blog, April 2024. LastPass disclosure

03 · The protocol

Six controls. Adopt the lot.

Each step below is operational, not technical, and addresses a specific failure mode visible in the incidents above. The protocol assumes that the synthetic media will eventually look and sound flawless.

INBOUND "the call" voice / video / message 01 Out-of-band callback number from your directory 02 Challenge phrase pre-shared, rotated quarterly 03 Liveness on video 90° head turn, hand occlusion 04 Provenance check verify C2PA Content Credential 05 Slow the wire 30-min soft hold above $X 06 Document & report log + IC3 within 24 h

Fig. 04 · Each control breaks a specific failure mode visible in the Arup, Ferrari, LastPass, and 2019 Euler Hermes cases above.

01
Out-of-band callback All financial requests above an agreed threshold are confirmed via a number stored in your corporate directory — never the number that initiated the request. The Arup attack survives a same-channel callback; this control breaks it.
02
Challenge phrase Pre-shared, rotated quarterly, never spoken on camera or stored in shared documents. The Ferrari attempt was foiled by exactly this technique — applied informally — when the executive asked for a book title only Vigna would know.
03
Liveness on video Ask the caller to turn their head 90° and obscure half the face with a hand. Many real-time face-swap pipelines fail visibly under sharp profile angles or partial occlusion. Active challenge-response is an active research area.
04
Provenance check If the asset arrives with a Content Credentials (C2PA) manifest, verify it cryptographically. If not, treat it as unverified by default. See /provenance.
05
Slow the wire Build a 30-minute soft hold into payments above a defined threshold. Most synthetic-media frauds depend on momentum — Arup's wires cleared in roughly four minutes per transfer.
06
Document & report Log the call. Preserve audio, video, and message metadata. Report to ic3.gov within 24 hours. The IC3 Recovery Asset Team froze 66% of fraudulent BEC transfers in 2024 when alerted promptly.
04 · Regulatory backstop

Federal guidance and rules now address synthetic media directly.

2023 · NSA · FBI · CISA Joint Cybersecurity Information Sheet

Contextualizing Deepfake Threats to Organizations (12 September 2023) — co-authored by NSA, FBI, and CISA. Provides defensive recommendations for media authentication, user awareness, and detection integration.

Defense.gov PDF · CISA alert

2024 · FCC AI voices in robocalls — illegal under TCPA

FCC Declaratory Ruling FCC 24-17 (8 February 2024) confirmed that AI-generated voices in calls fall within the TCPA's restrictions on “artificial or prerecorded voice” and require prior express consent. Effective immediately on adoption.

FCC press · Order PDF

2024 · FBI · IC3 PSA on generative-AI financial fraud

Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud (IC3 PSA, 3 December 2024) — formalizes the threat model and advises individuals and organizations on indicators and reporting.

IC3 PSA241203

05 · Templates & playbooks

Operational artifacts you can adopt today.

TEMPLATE · DOCX Crisis comms — first 60 minutes

Public statement scaffolds for executive impersonation, fraudulent video, and astroturfed campaigns.

Available on request — info@imadethisup.org

PROCEDURE · MD Vendor verification flow

A finance/AP procedure that tolerates voice-clone attacks at the change-of-banking-details step.

Available on request — info@imadethisup.org

CHECKLIST Six-step authentication card

Single-page laminate of the protocol above. Print at desk size for finance and executive assistants.

Available on request — info@imadethisup.org

06 · Annotated reading list

Ten verified sources for this page.

  1. 001
    FBI Internet Crime Complaint Center (2024). 2024 Internet Crime Report. ic3.gov annual report PDF — $16.6B total losses, $2.77B BEC, 21,442 BEC incidents, 33% YoY growth.
  2. 002
    FBI / IC3 (2024). PSA241203 — Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud. 3 December 2024. ic3.gov PSA — formal threat-model statement; reporting indicators.
  3. 003
    NSA / FBI / CISA (2023). Cybersecurity Information Sheet — Contextualizing Deepfake Threats to Organizations. 12 September 2023. defense.gov PDF · CISA alert
  4. 004
    Federal Communications Commission (2024). Declaratory Ruling FCC 24-17. 8 February 2024. FCC order PDF — AI-generated voice calls subject to TCPA “artificial or prerecorded voice” restrictions.
  5. 005
    CNN (2024). “Finance worker pays out $25 million after video call with deepfake 'chief financial officer'.” 4 February 2024. CNN coverage — first reporting of the Arup Hong Kong incident.
  6. 006
    CNN (2024). “Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee.” 16 May 2024. CNN coverage — Arup official confirmation, CIO statement.
  7. 007
    World Economic Forum (2025). “Cybercrime: Lessons learned from a $25m deepfake attack.” February 2025. weforum.org — operational lessons from the Arup case.
  8. 008
    Bloomberg (2024). “Ferrari Narrowly Dodges Deepfake Scam Simulating Deal-Hungry CEO.” 26 July 2024. Bloomberg coverage — voice-clone CEO attempt foiled by personal-knowledge challenge.
  9. 009
    LastPass (2024). “Attempted Audio Deepfake Call Targets LastPass Employee.” April 2024. LastPass blog — attempted CEO impersonation, employee disclosure.
  10. 010
    Wall Street Journal / Sophos (2019). Voice-clone CEO fraud at Euler Hermes-insured UK firm — $243K transfer. Sophos analysis — first widely reported audio-deepfake CEO fraud.
07 · Frequently asked

War Room FAQ.

How big is the BEC problem?

The FBI's IC3 2024 Annual Report counted 21,442 reported business email compromise incidents in 2024 with $2.77 billion in adjusted losses. Total cybercrime losses across all categories reached $16.6 billion, a 33% year-over-year increase.

What was the Arup deepfake fraud?

In late January / early February 2024, an Arup Hong Kong finance employee was tricked into making 15 wire transfers totaling roughly USD 25 million after a video conference in which every other participant — including the supposed CFO — was an AI-generated deepfake. Arup confirmed the incident publicly in May 2024. CIO Rob Greig described it as “technology-enhanced social engineering.” (CNN, May 2024)

What is the single best protection against voice-clone fraud?

An out-of-band callback to a number stored in your corporate directory — never the number that initiated the request. Combine with a 30-minute soft hold on payments above a defined threshold and a pre-shared challenge phrase rotated quarterly. The IC3 Recovery Asset Team reports a 66% success rate freezing funds when reported quickly.

Are AI-voiced robocalls illegal?

In the United States, yes. The FCC's Declaratory Ruling FCC 24-17 (8 February 2024) confirmed that AI-generated voice calls fall within the TCPA's restrictions on “artificial or prerecorded voice” calls and require prior express consent. The ruling was effective immediately.

Where do I report a synthetic-media fraud?

File with the FBI Internet Crime Complaint Center at ic3.gov within 24 hours, preserve audio and message logs, and notify your bank's fraud team to attempt a recall. The IC3 Recovery Asset Team can attempt to freeze fraudulent transfers if alerted promptly.

Can our internal video-conferencing platform detect deepfakes?

Most consumer-grade conferencing platforms do not. Real-time deepfake detection is an open research area — challenge-response approaches (asking the caller to perform unexpected gestures or answer personal questions) currently outperform passive detectors in production. The Ferrari attempt was foiled informally by exactly this technique.

Continue

From defense to recovery.

The Safety Suite → Provenance → References →