GoKawiilBy Brian Long, CEO and Co-founder, Adaptive Security
In March 2025, a finance director at a multinational firm in Singapore joined what appeared to be a routine Zoom call with her senior leadership team. The CFO was there. Other executives appeared on screen. Everyone looked right. Everyone sounded right.
She authorized a $499,000 transfer before anyone flagged the fraud. Every face on that call was AI-generated.
This attack has a template. In early 2024, the same approach was used to steal $25.6 million from Arup, one of the world’s largest engineering firms, in a single afternoon. The method has spread widely, and the tools behind it have grown cheaper and easier to use every month since.
The organizations that have stopped these attacks all found the same answer: train your people to pause and verify before they act.
The Tools to Run This Attack Cost Almost Nothing
Cloning someone’s voice takes three seconds of audio and a free download.
Three seconds from a voicemail, a podcast appearance, an earnings call, or a LinkedIn video is all a current AI model needs to generate a fully interactive voice replica in real time. The model runs offline, requires no technical background and costs nothing.
Voice deepfake incidents rose 680% year-over-year in 2025. More than 100,000 attacks were recorded in the United States in a single year. The tools behind them are available on public repositories, carry no moderation, and run on standard consumer hardware.
What makes these attacks so effective is the preparation behind them. Before placing a single call, attackers map the target organization’s org chart, identify who holds financial authority, and study the standard approval workflow for wire transfers.
... continue reading