This article is part of When Trust Becomes the Attack Surface, an investigative series from Shadow Sciences exploring how AI, identity, and deception are reshaping trust and why traditional signals of authenticity are no longer reliable.
In January 2024, a finance employee at a multinational firm in Hong Kong participated in what he believed was a routine video conference. The call included the company’s chief financial officer and several other colleagues. The conversation was normal. The requests made were consistent with what a CFO might reasonably ask of a finance department employee. He authorized a transfer equivalent to twenty-five million US dollars.
Every other person on that call was a deepfake.
The employee was not careless. The organization was not unsophisticated. The verification method relied upon, seeing and hearing familiar colleagues in a live video call, had simply been rendered unreliable without anyone in the organization knowing it had happened. By the time the fraud was identified, recovery was not possible.
That case did not represent the future of enterprise fraud risk. It represented its present. And the organizations that treated it as an isolated incident rather than a signal of a structural shift in how decisions can be manipulated have not yet adjusted their exposure.
The Evolution of Business Email Compromise
Business email compromise has been among the most financially destructive fraud categories targeting organizations for more than a decade. The FBI reported that BEC accounted for losses exceeding two billion dollars annually at its peak in recent years, making it consistently the highest-loss cybercrime category tracked by the Internet Crime Complaint Center.
The original BEC model was relatively simple. An attacker gained access to, or convincingly spoofed, a corporate email account. They used that access to redirect payment instructions, often at the moment of a legitimate transaction when a large sum was already in motion. The recipient of the redirected payment instructions had reason to believe the email was legitimate because it appeared to come from a known address, and the timing aligned with a transaction they were already processing.
That model worked because organizations had built their authorization processes around email as a trust signal. An email from the CFO’s address was treated as meaningful evidence that the CFO had sent it. That trust was exploitable, and it was exploited at enormous scale.
The response from security professionals was to add verification layers. Call the sender to confirm before processing unusual wire transfers. Implement dual-authorization requirements for transactions above certain thresholds. Treat any email requesting a change to payment instructions as requiring independent verification through a channel separate from the email itself.
Those countermeasures were appropriate for the threat they were designed to address. The phone call was the secondary verification. Seeing and hearing the person making the request was treated as confirmation sufficient to proceed.
Real-time deepfake technology has turned that secondary verification into another attack surface.
Decision Hijacking Under Synthetic Conditions
The most useful frame for understanding deepfake-enabled enterprise fraud is not impersonation. Impersonation implies that the primary goal is to fool someone into thinking they are speaking with a different person. That is part of what happens, but it understates the actual mechanism.
The goal is decision hijacking: manufacturing the conditions under which a person with authority to act will act in the way the attacker intends, while believing they are acting on legitimate instruction from legitimate sources. Impersonation is the method. The decision is the target.
Executives make consequential decisions every day under conditions of partial information and time pressure. They trust the people around them because those people have been vetted, known, and observed over time. They delegate authorization to people below them because organizational scale requires it. And they rely on the communication channels their organizations have built, email, video calls, messaging platforms, because those channels have been reliable enough to build processes around.
The deepfake does not need to be perfect. It needs to be credible under the conditions of a real working call, which are conditions of partial attention and ambient trust. A finance employee on a video call with multiple participants is not conducting a forensic examination of the faces on screen. They are doing their job, and the faces on screen are a background condition of that job rather than an object of scrutiny.
That is the environment the attack is designed for. Not skeptical inspection but ambient trust. And ambient trust is far easier to satisfy than skeptical inspection.
The Vendor Fraud Extension
Executive impersonation is the highest-profile variant of synthetic authority fraud, but it is not the most common. AI-assisted vendor fraud operates at higher volume with lower technical requirements, and its financial impact across the enterprise landscape is substantial.
Vendor fraud in its traditional form involved compromising vendor communications and substituting fraudulent payment instructions at the moment of invoice settlement. The attacker needed access to the communication channel and the patience to wait for the right moment. Detection was possible because the communication patterns of the legitimate vendor could be analyzed and anomalies identified.
AI changes the detection calculus. A vendor communication generated by a system trained on the legitimate vendor’s historical correspondence produces messages that match the vendor’s style, typical subject matter, and usual timing patterns. The anomaly detection that might flag an unusual message from a known vendor is less effective when the unusual message is designed to look usual.
The combination of spoofed or compromised email infrastructure and AI-generated correspondence that matches the legitimate vendor’s communication patterns creates a fraud approach that passes the checks most organizations actually perform: does the email address look right, does the message sound like the vendor, does the request fit the context of an existing relationship? All three can now be answered affirmatively for a message the legitimate vendor never sent.
The Organizational Trust Architecture Problem
The deepfake CFO call and the AI-assisted vendor fraud share a common structural feature: they exploit trust that organizations built into their processes deliberately, because that trust was previously warranted and because the processes required it to function.
Organizations are built on delegated authority. A board delegates to a chief executive. A chief executive delegates to functional leaders. Functional leaders delegate to their teams. At each level, the delegation is accompanied by an implicit or explicit framework for what decisions can be made without escalation, what authorizations are required, and what verification is sufficient.
Those frameworks were designed for an environment in which identity could be reasonably inferred from communication channel. An email from the CFO’s account is likely from the CFO. A call from the CFO’s phone is likely from the CFO. A video call showing the CFO’s face is very likely from the CFO. Each inference was reasonable for its time and the processes built around those inferences reflected a genuine understanding of the risk environment those organizations were navigating.
The inference chain has broken. The email address, the phone number, the face on the video call, none of these remain reliable as identity proxies in the way they were when the processes relying on them were designed. The processes have not yet caught up with that reality in most organizations, and the gap between the trust that processes require and the trust that the current environment actually warrants is precisely where the attack lives.
Legal Liability and the Board-Level Conversation
The enterprise dimension of synthetic authority fraud has implications that extend beyond operational security into legal and governance territory that most boards have not yet engaged with directly.
When an employee authorizes a fraudulent transfer after being deceived by a deepfake, several questions of liability arise that do not have settled answers. Was the organization’s verification process adequate given current threat conditions? Does the existence of known deepfake capabilities and documented incidents create a duty to update authorization protocols? If an organization has been made aware of the risk and has not acted, does that affect its position in insurance claims or regulatory proceedings following an incident?
These questions are not hypothetical. They are being worked through in real legal and regulatory proceedings following real incidents, and the answers being developed in those proceedings will shape what organizations are expected to do about this category of risk going forward.
Cyber insurance policies are beginning to reflect the distinction between losses resulting from conventional fraud and losses resulting from synthetic media-enabled fraud. The coverage landscape is evolving in ways that some organizations will find have changed materially since their last policy review.
The board-level conversation about deepfake fraud risk is not primarily a technology conversation. It is a governance conversation. It concerns whether the organization’s authorization frameworks are adequate for the current threat environment, who is responsible for assessing and addressing that question, and what the organization’s exposure is if the answer turns out to be no.
What Organizational Response Looks Like
Organizations that have begun adjusting their processes in response to synthetic authority fraud have generally moved in a consistent direction: reducing reliance on any single communication channel or sensory signal as the basis for consequential authorization, and building out-of-band verification into the transaction workflow rather than treating it as an optional step.
Pre-established code words for high-value authorization requests represent the simplest version of this approach. A word or phrase agreed upon in advance that must be provided in any request above a certain threshold, through any channel, before the authorization is processed. The code word is not transmissible through a deepfake because the attacker does not know it, and verifying it requires nothing more than asking.
Dual-authorization requirements that specify independent confirmation through a physically separate channel from the one carrying the request add a structural barrier that synthetic media cannot easily bridge. If authorization of a wire transfer requires both a video call and a call-back to a pre-registered number on a separate network, compromising one channel is insufficient.
Training that specifically addresses the ambient trust problem is more effective than training that focuses on detection. Employees cannot reliably detect deepfakes by examining video carefully. They can be trained to treat any request for consequential action as requiring process-based verification regardless of how confident they feel about the identity of the person making it. The process, not the sensory impression, should be the authorization gate.
None of these adjustments is technically complex. They are process changes, not technology deployments. What they require is an organizational decision that the previous framework is no longer adequate, and that the cost of adjusting it is preferable to the cost of finding out it has failed.