Deepfake Makers Go Mainstream: Who’s Using Them and Why
An employee in Hong Kong joined what appeared to be a routine video call with senior executives. The faces were familiar. The voices matched. Instructions were clear. A £20 million transfer was approved without hesitation. None of the executives on the call were real.
The fraud was later confirmed by Arup, a global engineering and consulting firm known for projects such as the Sydney Opera House and major infrastructure systems worldwide. Furthermore, it was reported by The Guardian. Attackers used AI-generated video and voice to convincingly impersonate company leadership, which was enough to bypass both human judgment and technical verification layers. As a result, the incident highlights the pressing need for enhanced security measures in today’s digital landscape.
This case reflects a broader shift. Deepfakes are no longer constrained by realism. Their risk is defined by accessibility.
Deepfakes are now more accessible, not just more realistic
Deepfakes stopped being a purely technical challenge. They became an accessibility problem.
Two years ago, creating a convincing synthetic video required machine learning expertise, significant computing power, and days of preparation. Today, it requires a browser, 30 seconds of source audio, and a single image upload. Platforms such as HeyGen generate realistic talking-head videos in minutes, even on free tiers. Deepfake-as-a-Service platforms offer ready-to-use synthetic identities for $10 to $50.
The barrier to entry did not gradually reduce. It effectively disappeared. Risk is no longer tied to realism. It is tied to accessibility. A deepfake only needs to be convincing enough to deceive a single employee during a video interaction.
When corporate deepfake tools become fraud infrastructure
Synthesia serves over 15,000 enterprise customers, including McDonald’s and WPP, producing training videos and product demonstrations without requiring production teams. D-ID generates multilingual videos from a single image. These tools are mainstream enterprise software with legitimate use cases.
The same capability used for corporate training can replicate an executive for fraudulent authorisation. There is no technical distinction between outputs. The model and process remain identical; only intent differs.
Regulations may mandate watermarking and disclosure. However, open-source tools operate without compliance controls. Malicious actors have no incentive to identify synthetic content.
Creator vs. criminal: The same tools, different intent
Enterprise IT teams evaluating deepfake exposure require direct comparisons between legitimate platforms and malicious use cases. The table below highlights how identical capabilities serve opposing purposes and where detection systems are most vulnerable.
| Platform Type | Primary Use | Cost | Risk Factor |
|---|---|---|---|
| Consumer Apps (Reface, FaceSwap) | Entertainment, social media | Free to $30/month | The same technology enables executive impersonation |
| Enterprise Tools (D-ID, Synthesia) | Corporate training, marketing | Enterprise contracts | Same technology enables executive impersonation |
| Deepfake-as-a-Service | Criminal infrastructure | $10–$50 per identity | Designed specifically for fraud |
| Open-Source Tools (DeepFaceLab) | Unrestricted generation | Free | No compliance safeguards |
| Detection Platforms (Reality Defender, Au10tix) | Fraud prevention | Enterprise budgets | Effective until attackers adapt models |
The fraud evolved faster than detection
Javelin Strategy & Research documented 18 million US victims in 2024, with losses exceeding $47 billion. The shift is not only in volume but in methodology. Attackers have moved from opportunistic tactics to AI-driven campaigns that adapt in real time, refining personas, audio, and delivery mechanisms.
North Korean operatives used deepfakes to pass video interviews at over 300 US companies, collecting $6.8 million while establishing persistent system access. The objective extended beyond financial gain to long-term infiltration.
Detection faces a structural limitation rather than a capability gap. Attackers train models on the same datasets used for detection benchmarking. Improvements in detection are quickly incorporated into generation tools.
By late 2025, only 13% of companies had implemented anti-deepfake protocols. The gap between capability and readiness remains significant.
Regulatory response
The EU AI Act introduces transparency requirements under Article 50, mandating disclosure of AI-generated or manipulated content. Full enforcement begins on August 2, 2026, with penalties reaching up to 6% of global turnover.
The US TAKE IT DOWN Act, signed in May 2025, requires platforms to remove non-consensual synthetic imagery within 48 hours.
Despite these measures, a gap persists. Transparency does not equate to enforcement. Watermarking remains technically fragile and easily removed. Open-source tools, which played a role in the Hong Kong fraud, fall outside regulatory control.
What IT teams should do
The threat is operational and immediate. Any organisation using video-based verification, interviews, or financial approvals is exposed.
Start with the verification stack. Confirm whether identity verification vendors include integrated deepfake detection. Solutions such as Au10tix and Reality Defender operate at the verification layer rather than as standalone forensic tools. Separate systems introduce workflow gaps that attackers exploit.
Review financial authorisation processes. The Hong Kong fraud succeeded because a single individual had the authority to approve a high-value transaction. The number of employees with similar authority defines the exposure surface. Dual authorisation for high-value transactions increases the operational difficulty of attacks.
Training should prioritise protocol adherence over visual recognition. Employees cannot reliably identify deepfakes. However, enforcing out-of-band verification for financial or sensitive requests significantly reduces risk.
When deepfake risk changes decisions
Risk exposure varies across organisations. The table below outlines where deepfake risk is critical versus manageable.
| Situation | High Risk Scenario | Lower Risk Scenario |
|---|---|---|
| Financial services | Single-person video approvals | Dual authorisation with independent verification |
| Remote hiring | Video as primary identity check | Independent background verification |
| Executive visibility | Public video content available | Limited public exposure |
| Customer onboarding | Outdated detection models | Updated detection trained on current datasets |
| Internal approvals | Video-only instructions accepted | Independent verification protocols enforced |
Distilled
Deepfake tools have become mainstream due to accessibility, not improved realism. The same platforms used for enterprise content creation can be used for fraud. Deepfake scam attempts have surged 3,000% since 2023. Detection systems struggle to keep pace due to shared training data between attackers and defenders.
For IT security teams, this is an active operational threat affecting financial approvals, identity verification, and system access. The critical question is no longer whether deepfake attempts will occur. It is whether existing processes rely on visual trust that can already be compromised.
