The Deepfake Threat: How AI is Transforming Fraud Risk

The rise of artificial intelligence is rapidly changing how fraud is carried out – and how businesses must protect themselves against it. Deepfake technology is a rapidly growing AI use which has a huge potential impact on financial crime and cyber risk.

What was once considered experimental technology is now advanced enough to convincingly replicate a person’s voice, appearance, and mannerisms. This means businesses can no longer rely on familiar cues – such as recognising a colleague on a video call or hearing a senior executive’s voice – as proof of identity. In today’s environment, even those signals can be manipulated with apps and tools which are readily available to everybody.

Why familiar voices and faces can no longer be trusted

Deepfakes are one of the latest trends of social engineering attacks. In previous years – and still to this date – fraudsters relied heavily on email-based deception such as Phishing emails. Phishing emails are sent to large numbers of people, including employees of businesses, where criminals impersonate senior leaders, requesting employees of the business to make payments and provide information, which can cause significant damage to the business, such as passwords.

Artificial intelligence is now allowing criminals to go further by imitating how someone looks and sounds, not just how they write over emails and text messages. Video meetings, voice notes and phone calls – previously considered more trustworthy than email – can all now be convincingly faked to trick your employees into providing sensitive business data.

One widely reported international case highlighted the scale of this risk, in which an employee joined a video call that appeared to include multiple colleagues and senior leaders discussing a financial transfer. The meeting lasted long enough to feel authentic, and the instructions seemed legitimate. Only later did it become clear that the participants had been digitally generated using deepfake technology.

While incidents like this are still relatively uncommon for many UK businesses, the technology behind them is advancing rapidly, making it more accessible and harder to detect.

Will Cyber Insurance protect me?

Cyber insurance policies may include elements of cover for social engineering attacks, but this protection is often subject to specific insurers and policies.

Get in touch with Sutcliffe & Co to discuss your required cyber insurance policy by contacting us here, or calling 01905 21681.

What can my business do to reduce the risks?

As awareness of AI-driven fraud grows, insurers are placing greater emphasis on the controls organisations have in place. Some of the most important measures include:

• Requiring two-person approval for payment instructions or changes to banking details
• Maintaining clear separation of responsibilities within teams
• Independently verifying payment requests using trusted contact details
• Providing employees with training on emerging fraud tactics, including voice phishing and AI-enabled impersonation

Although many organisations already provide phishing awareness training, guidance on identifying manipulated audio or video remains less common. As deepfake technology becomes more common, employee awareness will become an increasingly important part of risk management for businesses of all sizes.

At Sutcliffe & Co, we work with businesses to ensure policies are aligned and potential gaps are addressed before problems arise.

Technology will continue to evolve, and unfortunately, so will the tactics used by criminals. By combining robust internal processes, informed employees and well-structured insurance protection, businesses can place themselves in a much stronger position to face these emerging threats. Get in touch today to secure your business with Cyber Insurance by contacting us here or calling us on 01905 21681.