Imagine a scenario: It’s already been a long week, but on Thursday night you receive an invite from your company’s CFO asking for an early morning videoconference the next day. While this is an unexpected meeting, your company has been doing more and more meetings over video. On Friday morning you wake up and log on to the videoconference. You recognize everyone in attendance: your CFO and colleagues from your tax and accounts payable departments. The CFO instructs you to send several wires to pay vendor invoices arising from the company’s recent retreat. While you find the request a bit strange, you comply because, after all, it is the CFO giving the instructions. You feel more comfortable because your tax colleague confirmed receipt of a W-9 for each vendor, and your accounts payable colleague provided the wire information. Several weeks later, you find out that the CFO never requested the video conference, neither of your colleagues have any recollection of attending such a meeting, and the wires you sent were never authorized.

While this may sound like an elaborate plot from a whodunit film, it is in fact based on a recent, real-life wire fraud scheme perpetrated by a cyber-criminal using “deepfakes” generated by artificial intelligence (AI) technology. In the real scenario, the victim — a financial employee in a multinational company — received an email from the CFO regarding a “secret business transaction.” The victim then joined a video conference with the CFO and other corporate executives, who all looked and sounded legitimate. During the meeting the victim was instructed to wire $25.5 million to multiple accounts. About a week later, after calling the corporate office, the victim learned this was all a scam. By then, the $25.5 million were gone.