In February 2024, a finance employee at the Hong Kong office of engineering firm Arup transferred $25 million to fraudsters. He had been invited to a video conference call with who he believed was the company's CFO and several colleagues. All of them, it turned out, were deepfakes. The real people existed. They had nothing to do with the call. The voices and faces had been cloned from publicly available footage.
The Arup case is the clearest example yet of what voice cloning fraud looks like at scale. It is not a cyberpunk scenario. It happened to a major professional services firm with sophisticated employees and standard corporate controls.
How voice cloning works
Modern voice synthesis tools require surprisingly little source material. ElevenLabs, which launched its voice cloning feature in January 2023, states that a one-minute sample produces a recognizable clone. With 30 seconds of clear audio, the quality is good enough to fool a family member on a phone call.
In March 2024, OpenAI demonstrated Voice Engine, a model that can generate a synthetic voice from a 15-second sample. The company deliberately restricted access to researchers and partners given the obvious misuse potential. The underlying technology, from multiple competing providers, is now widely available.
The attack surface for source audio has expanded dramatically. LinkedIn videos, podcast appearances, YouTube interviews, company presentation recordings, earnings calls. For any executive, journalist, or public-facing professional, there is likely sufficient publicly available audio to train a convincing voice clone.
The fraud patterns that are emerging
The most common documented attack is the "CEO fraud" or business email compromise variant, now upgraded with voice. An employee receives a call from what sounds exactly like their manager, asking them to transfer funds urgently or approve a payment outside normal channels. The call creates social pressure and a sense of authority that the employee finds difficult to resist. FTC data shows phone-based fraud cost US consumers $330 million in 2023. That figure predates the widespread deployment of AI-cloned voices.
The "grandparent scam" has a particularly cruel AI upgrade. Traditional versions involved an impersonator calling elderly people and claiming to be a grandchild in legal trouble. AI voice cloning means the caller now sounds exactly like the grandchild. The emotional impact of hearing a familiar voice in apparent distress is not something most people can analyze rationally in the moment.
Real-time voice conversion, where an attacker's voice is transformed to match the target's voice as they speak, is a more recent development and was demonstrated at scale in 2024. This removes the need for the attacker to stay silent or to pre-record anything.
The political dimension
Voice cloning has also been deployed in electoral interference. Ahead of the 2023 Slovak parliamentary elections, an audio recording circulated on social media of what sounded like Michal Šimečka, leader of the Progressive Slovakia party, discussing how to buy votes. Fact-checkers concluded it was likely AI-generated. The clip spread widely in the 48-hour social media blackout period before the election, when political advertising is prohibited.
In January 2024, robocalls impersonating President Biden's voice were sent to New Hampshire voters ahead of that state's primary, urging Democrats not to vote. The FCC subsequently proposed $6 million in fines against the company responsible. This was not a sophisticated attack. It was a $500 operation that reached tens of thousands of people.
Detection tools and their limits
Several companies offer deepfake audio detection. Reality Defender, Pindrop, and others analyze audio for artifacts left by generative models. These tools work reasonably well on current-generation AI voice, but the detection gap is closing as generation quality improves. This is an arms race, and the generation side typically moves faster.
Platform-level detection is being deployed. Phone carriers are developing STIR/SHAKEN-related AI voice detection. Social media platforms are expanding their synthetic media policies. None of this has eliminated the problem.
What actually helps
The Arup case and similar frauds succeed because of process failures, not just technical capabilities. Normal financial controls exist precisely to prevent unauthorized transfers: dual authorization, callback verification to known numbers, documentation requirements. When an attacker creates a sense of urgency and authority that bypasses these controls, the technical sophistication of the deepfake is almost secondary.
The most effective organizational defense is simple: any financial transfer above a threshold requires a callback to a pre-registered, verified number, initiated by the paying party, not by the caller. No exceptions for urgency. No overrides for the apparent seniority of the requester.
For personal protection, a pre-agreed code word between family members is the lowest-tech and most reliable defense against the grandparent scam variant. Something that would not appear in any public recording or document.
For identifying deepfake voice in real time, asking the caller to say something unexpected and contextually specific, a reference to a shared private memory, a question only they would know the answer to, is more reliable than any technical detection tool.
Frequently asked questions
Can voice cloning be done with audio from a phone call?
Yes, though call audio is often lower quality than professional recordings. Quality is improving on both ends. Some services explicitly advertise voice cloning from telephony samples.
How do I know if a call is using cloned audio?
Unnatural pauses during real-time voice conversion, slight lag between a question and the response, inability to answer personal questions the real person would know, resistance to unexpected conversational redirects. None of these are reliable individually. A code word arrangement is more dependable.
What should I do if I suspect I received a cloned-voice call?
Hang up. Call the person back on a number you already have for them, not on any number the caller provided. Do not transfer money or share credentials before verification.
Are companies legally responsible if they are defrauded by deepfakes?
Liability depends on jurisdiction and the specifics of the fraud. In the Arup case, the company bore the loss initially and pursued recovery through insurance and legal channels. Financial institutions may have obligations to detect and prevent fraudulent transfers regardless of the mechanism.