Even secure systems fail in the age of AI-driven impersonation, writes Matt Horne, Director of Intelligence and Investigations at Clue Software.
Deepfake fraud has gone “industrial”. Cheap, scalable and highly targeted attacks now impersonate senior figures to extract sensitive information or authorise actions from unsuspecting recipients during what appears to be routine executive interactions. These techniques exploit trust, time pressure and familiarity rather than technical weaknesses, and they nest unobtrusively inside contact centre, finance and supplier interactions where “business as usual” is the camouflage.
Incident reporting shows rapid growth in business-targeted deepfakes and synthetic voice abuse, with high-quality fakes increasingly difficult to spot unaided. In one instance, in 2024, British engineering firm Arup was defrauded of £20m after a Hong Kong employee was deceived into transferring funds during an AI-generated deepfake video call impersonating senior executives.
These attacks succeed because they closely mimic standard workflows, making them hard to spot and shifting the point of failure from systems to human judgement. Even well-secured systems can fail if decision-making isn’t supported by context, robust processes, and intelligence-led oversight.
Fraud prevention now requires a shared intelligence picture
Fraud is increasingly shifting from breaking into systems to talking its way in. Most attacks beginwith subtle, easily overlooked signals. This can include unusual requests, shifts in tone or urgency, unexpected payment instructions, or inconsistencies in voice or video interactions.
While insignificant in isolation, these signals can point to emerging threats when captured early and viewed as a whole.
Getting ahead of AIenabled fraud, therefore, depends on whether organisations can capture these weak signals early and place them into context. This requires a shared intelligence picture that brings everything together from across the business, including people, identity, systems, suppliers, sites and digital platforms. Seen through this lens, everyday anomalies stop being irritations and start becoming intelligence.
Certain decision points are consistently targeted because they rely on speed and familiarity: payment changes, supplier updates, urgent approvals or last minute process deviations. Treating these moments as signals, not failures or embarrassments, is critical. Effective organisations focus on three disciplined behaviours:
This only works when reporting is simple and culturally supported. Employees, facilities teams, finance staff, security functions and suppliers all see fragments of risk first. Making it easy to flag concerns, even when information is incomplete, shortens the distance between first contact and meaningful action.
Turning signals into decisions, not noise
As AI- enabled fraud embeds itself within everyday workflows, judgement becomes the decisive control.
Signals need to be assessed through intelligence-led triage, weighing what is being asked, whether it fits normal patterns and how it aligns with established processes. This enables proportionate responses, from monitoring to intervention or escalation
Importantly, it also disrupts one of the most common attack tactics of urgency. Introducing deliberate pauses and verification steps, rather than accelerating to meet perceived pressure, is critical to disrupting AI-enabled impersonation.
During this process, visibility matters just as much as judgement. Organisations that manage this well track how quickly issues are identified, reported and escalated, particularly in high-stakes areas such as payments and supplier changes, where delays increase exposure. They also connect signals over time, recognising that repeated or similar incidents may indicate coordinated activity rather than isolated events.
Maintaining clear records underpins this. Capturing what was known, what checks were carried out and why decisions were made creates a robust evidence base for investigation and future decision-making. Crucially, learning does not stop at resolution. Insights from incidents and near misses should feed back into controls, training and processes, strengthening detection, improving judgement and enabling faster, more confident responses while reducing disruption.
Protecting decisions, not just systems
Deepfakes and AI-enabled impersonation are redefining how fraud operates. The challenge is no longer limited to securing systems, but to protecting the decisions made within them.
As these attacks become more convincing and embedded in routine activity, resilience depends on how well organisations connect signals, apply judgement in context and act with consistency under pressure.
Those that invest in an intelligence-led approach, including early reporting, proportionate decision-making, structured investigation and continuous learning, will be better equipped to manage risk. Over time, this approach builds not only stronger protection against fraud, but also greater organisational confidence.
Photo by Mark Rowe: Street art.
