Criminals are using AI-generated voices and videos to impersonate CEOs and steal millions. What are the legal implications – and how can companies protect themselves?
When the Boss Calls – But It Is Not Actually the Boss
Imagine the following scenario: Friday afternoon, just before the end of the working day. Your company's finance director receives a phone call. On the other end: the familiar voice of the managing director. The tone, speech rhythm, even the slight regional accent – everything matches. The managing director urgently requests a wire transfer. It is strictly confidential, the time pressure enormous. The finance director authorises the payment. The problem: the managing director never called. The voice was an AI-generated fake – a so-called deepfake.
What sounded like science fiction just a few years ago is now a bitter reality. Deepfake technology has reached a level of maturity that can deceive even trained employees. For companies, this creates a significant financial, legal, and reputational risk. This article analyses real cases, examines the criminal law framework, and outlines concrete protective measures.
Real Cases: When Deepfakes Cost Millions
The British Energy Company (2019)
One of the first documented deepfake fraud cases occurred in 2019 at a British energy company. Criminals used AI-based voice cloning technology to imitate the voice of the CEO of the German parent company. The managing director of the British subsidiary recognised the familiar voice of his superior – the slight German accent, the speech melody – and transferred approximately £220,000 to an account in Hungary. From there, the money was immediately rerouted to Mexico and then distributed across further accounts. The case only became public through the insurer Euler Hermes.
The Hong Kong Engineering Firm Arup (2024)
In February 2024, an even more spectacular case came to light: an employee of the British engineering firm Arup in Hong Kong participated in a video conference with his CFO and several colleagues. All participants appeared genuine – yet their faces, voices, and gestures were entirely AI-generated. The employee approved transfers totalling US$25 million. Only a week later, when checking back with headquarters, was the fraud discovered. As CNN reported, Hong Kong police arrested six suspects.
A Growing Phenomenon
These cases are not isolated incidents. The Federal Criminal Police Office (BKA) recorded a significant increase in AI-assisted fraud offences in its Federal Cybercrime Situation Report 2024. According to Bitkom, the annual damage from cyberattacks in Germany amounts to €178.6 billion. The use of generative AI by criminals is classified as particularly concerning.
Criminal Law Classification
§ 263 StGB – Fraud (Betrug)
Deepfake-assisted CEO fraud regularly satisfies the elements of fraud under § 263 of the German Criminal Code (StGB). The perpetrator creates an error in the victim's mind through the use of a forged identity, causing the victim to make a disposition of assets (the transfer), resulting in financial loss. In particularly serious cases – especially in commercial or gang-related offences – imprisonment of six months to ten years may be imposed.
§ 263a StGB – Computer Fraud (Computerbetrug)
Where the deepfake attack manipulates automated systems – for example, where the forged voice defeats a voice-controlled authentication system – § 263a StGB (computer fraud) may also apply. This provision covers influencing the result of a data processing operation through improper programme design, the use of incorrect data, or unauthorised interference.
§ 267 StGB – Forgery of Documents (Urkundenfälschung)
It is also debated whether deepfake-generated video or audio files can satisfy the elements of forgery of documents (§ 267 StGB). The prevailing view is that digital files do not constitute documents in the traditional sense. However, the use of deepfakes for producing inauthentic documents (such as forged video conference recordings as evidence) may well become relevant.
Civil Liability
Beyond criminal prosecution of the perpetrators, the question of civil liability arises for companies. Who is liable when an employee falls for a deepfake? In principle, an employee is only liable in cases of gross negligence. The company, on the other hand, must answer whether it implemented adequate organisational protective measures – the key term being organisational fault (Organisationsverschulden).
The Role of Corporate Governance
The Four-Eyes Principle as Minimum Standard
The most important organisational protection against deepfake-assisted CEO fraud is the consistent enforcement of the four-eyes principle for payment approvals. No transfer – regardless of the alleged urgency – should be processed without a second, independent authorisation.
Establishing Callback Procedures
For extraordinary payment instructions, a binding callback procedure should apply: the instructed employee calls the supposed authoriser back on a separately stored telephone number – not on the number from which the call originated.
Training and Awareness
The Federal Office for Information Security (BSI) recommends regular training sessions in which employees learn to recognise typical characteristics of deepfakes. These include:
- Unusual urgency and confidentiality instructions
- Deviations in image quality during video conferences (artefacts at facial edges, unnatural lip movements)
- Vocal anomalies (slight delays, monotone intonation, absence of breathing sounds)
- Requests to bypass established approval processes
Technical Detection and Prevention
AI Against AI
Technical deepfake detection is evolving in parallel with the threat. Modern detection systems analyse, among other things:
- Frequency analyses of the audio track (AI-generated voices show characteristic patterns in the frequency spectrum)
- Facial analyses in real time (micro-movements, blink frequency, skin texture)
- Metadata examination of media for signs of manipulation
- Watermarking technologies for authentic corporate communications
Multi-Factor Authentication
For critical business processes, multi-factor authentication going beyond voice and image is recommended. This may include:
- Verification via pre-agreed code words that are changed regularly
- Use of encrypted communication channels with verified identity
- Biometric methods as an additional security layer
Insurance Coverage: Does the Cyber Policy Pay?
A frequently underestimated aspect is the question of insurance coverage. Traditional cyber insurance policies typically cover losses from hacking attacks and data breaches. Deepfake-assisted CEO fraud, however, falls into a grey area: the actual attack operates through social engineering – the manipulation of a person, not a technical system.
Many policies limit coverage for social engineering losses to sublimits – overall coverage may be ten million euros, but protection for AI-assisted fraud may be capped at €250,000. Companies should therefore review their existing policies specifically for the following points:
- Is social engineering explicitly covered?
- Is there coverage for deepfake-specific scenarios?
- What are the sublimits for manipulation-related financial losses?
- What obligations (e.g. training records, implemented approval processes) must be fulfilled?
The Evolving Regulatory Framework
The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) introduces new transparency obligations from August 2026. Deepfakes must in future be labelled as such. Anyone creating deepfakes without disclosure risks substantial fines of up to €35 million or seven per cent of global annual turnover. For companies, this also means a duty to prepare technically: systems for detecting and labelling AI-generated content must be implemented.
Conclusion: Act Now
Deepfake-assisted fraud is not a distant threat – it is the present. The cases from 2019 and 2024 demonstrate that even experienced employees at major companies can be deceived. Those wishing to protect themselves need a multi-layered approach: organisational measures (four-eyes principle, callback procedures), technical detection, regular training, and appropriate insurance coverage. Deepfake attacks are criminally prosecutable under §§ 263, 263a StGB – but investigating and prosecuting internationally operating criminal groups remains difficult.
At compleneo, we support you in the legal assessment of deepfake risks, the design of secure approval processes, and the review of your insurance coverage. Get in touch with us.
