TL;DR
  • Deepfake fraud has moved from theoretical concern to documented, large-scale financial losses. The $25M Hong Kong case in early 2024 was not an isolated incident — it was the first publicly known example of a trend that has accelerated significantly since.
  • Professional services firms — law firms, accounting practices, financial advisers — are high-value targets because they handle large payment flows, hold client funds, and their staff are conditioned to act on instructions from senior partners and clients without always verifying through a second channel.
  • Deepfakes bypass the controls that were designed to stop email-based fraud. A firm that feels protected because it has email phishing training and DMARC configured is not protected against a real-time voice or video fraud attempt.
  • Defence requires layered controls: out-of-band verification protocols, pre-agreed code words, payment workflow gates, and ongoing staff training on deepfake recognition.

In February 2024, a finance employee at a multinational firm in Hong Kong authorised a transfer of approximately $25 million (USD) after attending a video conference call with who appeared to be the company’s Chief Financial Officer and several other colleagues. Every person on that call was a deepfake. The employee had joined the call, seen familiar faces, heard familiar voices, participated in a conversation that felt entirely normal — and transferred funds that were immediately lost.

This case received significant attention, but it represented a threshold crossing rather than a singular event. The technology that made it possible — real-time face-swapping, voice cloning from limited audio samples, and synchronised lip movements — had been advancing for several years and had reached a quality threshold where, in the context of a video call, it was indistinguishable from the real person to an untrained observer under normal cognitive load.

Since that case, fraud investigators, insurers, and law enforcement agencies have documented dozens of similar incidents, with total losses in the hundreds of millions of dollars. The targets are not exclusively large multinationals. Law firms, accounting practices, wealth managers, and financial advisory firms have all been targeted — and many incidents are not publicly disclosed because the reputational damage of admitting to a deepfake fraud is significant.

Why professional services firms are disproportionately targeted

Professional services firms present a specific combination of characteristics that make them attractive targets for deepfake fraud operations. Understanding these characteristics is important because the defensive response needs to address the specific vulnerability, not just the generic threat.

High-value payment flows with thin verification layers. Law firms routinely move large sums on client instructions — property transactions, M&A completions, settlement payments, estate distributions. The instruction to transfer funds frequently comes by email or telephone, and is acted upon quickly because of time pressure around completions. Accounting practices receive payment instructions from clients and handle payroll, tax payments, and supplier disbursements. In both cases, the firm is conditioned to move money on authority, and the verification processes in place are often designed to detect email fraud, not voice or video fraud.

Hierarchical cultures that discourage second-guessing. When a senior partner calls a junior fee-earner and requests that a payment be expedited, the cultural norm in most professional services firms is to comply — not to say “I need to verify this through a second channel.” Fraudsters who clone the voice of a managing partner or a client CFO are not just exploiting the technology — they are exploiting the organisational culture in which an instruction from a senior figure is not questioned. This is the same social engineering dynamic that makes CEO fraud effective, now enhanced by the inability to distinguish a real voice from a cloned one.

Public availability of high-quality audio and video of principals. Partners in law firms, senior accountants, and financial advisers often have significant public profiles. Conference presentations, podcast appearances, webinar recordings, and LinkedIn video posts provide abundant source material for voice cloning. Models trained on as little as three minutes of clean audio can produce highly convincing voice clones. The principals of a professional services firm are frequently more “voice-available” than executives in other sectors.

Documented case: The Hong Kong deepfake video call

$25 million lost to a multi-person deepfake video conference

In January 2024, a finance employee at Arup’s Hong Kong office received an email purportedly from the UK-based CFO requesting a confidential transaction. Suspicious of the email, the employee joined a video conference call where the CFO and several colleagues appeared to be present. The employee was reassured by seeing and hearing the familiar faces and voices and authorised transfers totalling approximately HKD 200 million.

Hong Kong police later confirmed that every participant on the call, including the CFO, was a deepfake created from publicly available video and audio. No one on the call was real. The fraud was discovered when the employee later contacted the CFO through a separate channel.

The employee did exactly what security awareness training would have recommended in response to a suspicious email — they verified via a separate channel. The video call was the separate channel. The verification process had been successfully spoofed.

How voice cloning is being used against firm principals

Voice cloning for fraud purposes does not require a sophisticated state-level adversary. Commercial voice cloning services, several of which are available for a monthly subscription fee of under $50, can produce convincing voice clones from a few minutes of source audio. The clone can then be used in real-time during a phone call, with the fraudster speaking and the clone’s voice being transmitted to the target.

The typical attack pattern against professional services firms follows a consistent structure. The fraudster identifies a high-value target — a client with a pending large transaction, or the firm’s own payment processes. They identify the principal whose voice will be cloned — typically a senior partner, the client’s CFO, or a key counterparty. They gather source audio from public sources. They prepare a specific pretext — an urgent payment, a last-minute change to wire instructions, a confidential transaction that must not be discussed with others. They call, using the cloned voice, and apply time pressure to prevent verification.

The time pressure element is critical. Most deepfake voice calls seek to prevent the target from having time to think, check, or verify. “The completion is in 45 minutes and the funds must clear by then.” “This is extremely confidential — do not mention it to anyone else until it is complete.” “We cannot delay — the other side will walk away.” These are social engineering tactics applied in a context where the voice of the person applying them appears entirely authentic.

Why existing controls are insufficient

Most professional services firms have invested in controls that are well-designed for the threat landscape of 2020: email phishing, business email compromise, invoice fraud, account takeover through credential phishing. These controls — DMARC/DKIM/SPF configuration, email gateway filtering, phishing awareness training, dual-approval for large payments — remain necessary. They are not sufficient against deepfake voice and video fraud for a simple reason: they operate on a different attack surface.

Email-based fraud controls work by introducing friction into the email channel — verifying that emails are genuinely from the claimed sender, training staff to spot suspicious indicators, requiring additional authorisation for large payments. Deepfake voice fraud bypasses the email channel entirely. The fraudster calls directly. The voice sounds authentic. The firm’s email security controls are completely irrelevant.

Dual-approval payment controls are closer to the right answer — requiring a second person to authorise a payment reduces the impact of a single compromised decision. But dual approval does not help if the second authoriser is also called by the deepfake, or if the dual approval is performed within a team that has collectively accepted the authenticity of a deepfake video call.

Email controls don’t apply

DMARC, phishing filters, and email awareness training are designed for the email attack surface. Deepfake voice and video attacks bypass email entirely and exploit voice channels that have no equivalent technical controls.

Visual and audio recognition fails

Human beings are not equipped to detect high-quality voice clones or real-time deepfake video under normal conversational conditions. Training staff to “spot the signs” is useful but insufficient — current technology produces artefacts that are subtle and inconsistent.

Time pressure suppresses verification

The social engineering element of deepfake fraud specifically exploits the “no time to check” dynamic. Controls that depend on staff initiating a verification step are vulnerable to urgency manipulation.

Dual approval can be spoofed

If the dual approver receives the same fraudulent call or participates in the same deepfake video conference, dual approval does not add meaningful protection. Group social engineering is harder but documented.

Defence layer 1: Out-of-band verification as a mandatory protocol

The most effective single control against deepfake fraud is a mandatory out-of-band verification requirement for all payment instructions above a threshold, regardless of the instruction channel. “Out-of-band” means verification through a channel that is independent of and cannot be controlled by the fraudster — specifically, calling back on a phone number that was established before this interaction, not a number provided by the person making the instruction.

The protocol is simple: any payment instruction above a defined threshold — recommend starting at whatever level represents meaningful loss to your firm — requires verification by calling the instructing party back on their known number, using a number stored in your contact system before the request was received. A voice call that instructs you to verify by calling a different number should be treated as a potential fraud attempt.

This protocol must be implemented as a process requirement, not a cultural expectation. It must be documented in payment procedures, communicated to all staff with payment authority, and must apply even when the instruction comes from a senior partner or a valued client. The rule cannot have exceptions based on who appears to be calling — because “who appears to be calling” is exactly what deepfake technology compromises.

Defence layer 2: Pre-agreed code words for high-risk communications

Code words for out-of-band authentication are a well-established practice in physical security that applies directly to deepfake defence. The principle is straightforward: you and a counterparty — a client, a partner, a key colleague — agree in advance on a word or phrase that will be used to authenticate urgent instructions. If someone claiming to be that person contacts you urgently and cannot provide the code word, the instruction is treated as potentially fraudulent regardless of how authentic the voice or video appears.

Code words should be established during an in-person meeting or a verified video call using the counterparty’s known device, changed periodically, and not stored in email or messaging systems where they could be harvested if those systems are compromised. For law firms, establishing code words with clients at the outset of a matter — particularly matters involving large payment flows — is increasingly being recommended by professional indemnity insurers as a standard of care.

Defence layer 3: Structured payment approval workflows with cooling periods

Deepfake fraud attacks are almost always time-pressured. The fraudster needs the target to act before they can verify, and creates urgency to achieve this. A structured payment approval workflow that incorporates a mandatory cooling period for large or unusual payment instructions directly counters this tactic.

The workflow should require that any payment instruction outside normal patterns — new payee, unusually large amount, change to previously agreed payment details — is subject to a minimum delay before processing. During that delay, a second approver who was not involved in receiving the instruction must independently verify the instruction against known information. The key word is independently — not by asking the first recipient “did you verify this?” but by conducting their own verification through a separate channel.

For firms that handle client funds or large payment flows, this workflow should be embedded in a payment approval system that enforces the process — not just a policy that staff are expected to follow. Systems that require a second approver to take an action (not just be notified) before a payment releases are materially more effective than dual-approval policies that depend on cultural compliance.

Defence layer 4: Liveness detection and video authentication tools

Commercial tools for detecting deepfake video and cloned audio are now available and improving rapidly. These tools analyse video streams for inconsistencies in lighting, facial geometry, blinking patterns, and lip-sync artefacts that are characteristic of current deepfake generation methods. Audio analysis tools can flag statistical patterns in voice that are consistent with synthesis rather than natural speech.

These tools should not be treated as infallible — the field is an adversarial one, and detection capabilities lag generation capabilities. But they provide a meaningful additional layer, particularly for high-stakes video calls. Several video conferencing platforms now offer built-in liveness verification features that confirm participants are authentic humans present in real time. For internal communications platforms used by regulated firms, these features should be enabled and their use required for any call involving payment instructions or sensitive client matters.

Deepfake defence checklist for professional services firms

  • Implement mandatory out-of-band callback verification for all payment instructions above a defined threshold, using pre-stored numbers only
  • Establish pre-agreed code words with high-value clients and key counterparties at the start of matters involving large payment flows
  • Implement structured payment approval workflows with cooling periods for new payees, large amounts, and changes to payment details
  • Enable liveness detection and video authentication tools on internal communications platforms
  • Train all staff with payment authority on deepfake fraud patterns, specifically including the time-pressure dynamic
  • Update professional indemnity and cyber insurance to ensure coverage extends to deepfake-enabled fraud scenarios
  • Establish a “no exception” policy on verification requirements, explicitly communicated to senior staff whose authority might otherwise be used to override the protocol
  • Conduct tabletop exercises simulating a deepfake fraud attempt against your specific payment workflows at least annually

Why AI-powered fraud requires AI-powered defence

The controls described above are largely procedural — they reduce risk by changing how humans behave in high-pressure payment situations. They are necessary and effective, but they have limits. Human behaviour under social engineering pressure is not perfectly reliable, code words can be obtained if counterparties are also targeted, and cooling periods create operational friction that generates pressure to create exceptions.

The longer-term response to AI-generated fraud is AI-powered detection and prevention integrated into the systems through which instructions flow. This means communications platforms that perform real-time anomaly detection on voice and video streams. It means payment systems that use behavioural AI to flag payment patterns that deviate from established norms for a client or counterparty — not just threshold-based rules, but pattern recognition that can detect when a payment instruction is plausible but subtly inconsistent with how that client or counterparty has behaved historically. It means identity verification systems that use liveness and biometric analysis as a standard feature of high-stakes interactions, not an optional add-on.

Professional services firms that have invested in unified platforms for their operations — rather than separate point solutions for payments, communications, and client management — are better positioned to implement AI-powered detection, because the AI has access to the behavioural context it needs to detect anomalies. Fragmented systems that do not share data cannot generate the cross-channel behavioural baseline that effective detection requires.

Insurance note: Professional indemnity policies written before 2023 frequently do not explicitly cover losses arising from deepfake fraud, because the technology had not yet produced significant documented losses. If your PI policy or cyber policy was last reviewed before 2024, request a specific endorsement or exclusion review covering social engineering losses arising from synthetic media. Some insurers are now offering deepfake-specific endorsements; others are excluding coverage without explicit request. Do not assume you are covered.

The regulatory angle

Deepfake fraud is not just a cyber security issue — it is increasingly a regulatory one. Law firms and accountants that lose client funds to fraud may face professional conduct investigations, not just civil claims. Financial advisers that transfer client funds on fraudulently obtained instructions may face FCA scrutiny of their payment verification procedures. The duty of care owed to clients extends to the security of the payment processes used to handle their funds. Documenting your deepfake defence controls is part of demonstrating that standard of care.

Secure communications built for regulated teams

HubSecure’s platform includes AI-powered anomaly detection, liveness verification, and structured approval workflows — purpose-built for law firms, accounting practices, and financial services teams that need fraud prevention integrated into their daily operations, not bolted on as an afterthought.

See a demo