Risk Management Magazine: The New Face of Fraud: Defending Against the Rising Threat of Deepfakes
Editor’s Note: Deepfake-enabled fraud is accelerating at a pace few organizations are prepared to counter, redefining how enterprises must think about identity, verification, and trust. In this timely piece, John Wilson, Chief Information Security Officer and President of Forensics at HaystackID®, examines the rise of synthetic insiders and the operational, legal, and governance challenges they create. Wilson draws on real-world incidents, including high-profile deepfake financial scams, to illustrate how attackers are weaponizing AI to bypass traditional controls. He also outlines a modern defensive framework that spans detection technologies, multi-channel verification, executive authentication protocols, and cross-functional governance. As deepfake sophistication grows, his insights highlight where organizations must invest to build resilience. The following excerpt is reprinted with permission. The full article was originally published in Risk Management Magazine and can be viewed there in its entirety.
Risk Management Magazine: The New Face of Fraud: Defending Against the Rising Threat of Deepfakes
By John Wilson, CTCE, FDACS, Chief Information Security Officer and President of Forensics, HaystackID
Since their inception, deepfakes have rapidly evolved from novelty filters and viral prank videos into a serious business risk. In 2024 alone, deepfake-driven fraud cost organizations more than $200 million, with attackers now fabricating emails, cloning voices and simulating live video meetings to trigger unauthorized transfers, compromise controls and erode stakeholder trust.
The risk from deepfakes is not just about the volume of attacks, but also their sophistication. For example, following what appeared to be a legitimate video conference with the company’s CFO and other executives, a staff member at the U.K. engineering firm Arup approved transfers totaling approximately $25 million to multiple Hong Kong bank accounts. In reality, the “executives” were deepfakes. In another case in Hong Kong, an employee made 15 transfers worth roughly HK$200 million (approximately $25 million) after a fake executive video call misled her into complying with the “request.”
Synthetic insiders are the latest cyber threat category. These are AI‑crafted personas that convincingly impersonate employees, partners or executives, slipping past traditional verification systems because they look, sound and behave “correctly.”
This excerpt is sourced from an article originally published in Risk Management Magazine. Read the full article here.
About HaystackID®
HaystackID® solves complex data challenges related to legal, compliance, regulatory, and cyber requirements. Core offerings include Global Advisory, Cybersecurity, Core Intelligence AI™, and ReviewRight® Global Managed Review, supported by its unified CoreFlex™ service interface. Recognized globally by industry leaders, including Chambers, Gartner, IDC, and Legaltech News, HaystackID helps corporations and legal practices manage data gravity, where information demands action, and workflow gravity, where critical requirements demand coordinated expertise, delivering innovative solutions with a continual focus on security, privacy, and integrity. Learn more at HaystackID.com.
Assisted by GAI and LLM technologies.
SOURCE: HaystackID