Deepfakes
Voice, face, trust
What this episode is about
Four documented cases, one new technical reality: this episode is about deepfakes — voice and face reproduced synthetically at a quality the human senses can no longer reliably distinguish. The central thesis: trust was tied to sense perception — voice and face. This coupling is broken in 2026. The next generation of identity verification must work around the gap.
The technology in one sentence
Chris explains the architecture using Microsoft’s VALL-E from early 2023. The model treats speech not as waveform but as a sequence of discrete codec tokens, structurally like GPT treats text. Three seconds of audio of the target speaker are enough to extract the speaker embedding vector. After that the model can generate arbitrary text in this voice — including emotion and acoustic environment. The productive variant is on the market: ElevenLabs offers Instant Voice Cloning with one minute of audio; Professional Voice Cloning with thirty minutes of studio material is used in publishing, podcasts and advertising. Open-source models like XTTS-v2 reach comparable quality on a consumer GPU. Lukas references the validation from Queen Mary University London in September 2025: in a controlled study, average listeners can no longer distinguish cloned and real human voices above chance level. Acoustic discrimination as a protective layer has fallen away.
Four cases, four lessons
Arup Hong Kong, January 2024. A finance department employee receives an email from the supposed London CFO followed by a video invitation. On the call she sees the CFO, several senior colleagues, external consultants — all faces and voices deepfake-generated, she herself the only real person in the call. Fifteen transfers in one day, 200 million Hong Kong dollars, around 25 million US dollars. Discovery only days later through routine follow-up. Chris emphasizes: it was not a private person who was deceived. It was a professional finance specialist working in this function for years. This is not “should have watched out.” This is “the normal attention tools — recognizing voice, recognizing face — no longer worked.”
Ferrari, July 2024. The counter-case, defeated by a simple question. A Ferrari executive receives WhatsApp messages from an unknown number signed as CEO Benedetto Vigna. The call follows. The voice sounds like Vigna, southern Italian accent. But the executive notices minimal inconsistencies in tone and asks back: which book had you recommended to me a few days ago? The answer doesn’t come. The connection ends. Lukas classifies this in research as “shared secret out-of-channel” — the human response to a technical attack.
Biden robocall in New Hampshire, January 2024. The political dimension. Thousands of registered Democrats receive a robocall on the eve of the primary with a voice that sounds like Joe Biden: “Save your vote for November, don’t go tomorrow.” Responsible: a political consultant named Steve Kramer. FCC fines: 6 million dollars against Kramer, 1 million against carrier Lingo Telecom. New Hampshire indicts Kramer on 13 counts of voter suppression. Within one month of the incident, the FCC rules that AI-generated calls fall under the Telephone Consumer Protection Act.
Schwyz, January 2026. The Swiss case. An entrepreneur from the canton of Schwyz, several phone calls over two weeks, the voice of a known business partner — perfectly cloned. In the end, several million Swiss francs to an Asian account. Remarkable: not a single shock call but a carefully built multi-week trust line. The partner was actually real — but his voice on the phone was not.
Defense in three layers
Chris describes the technical layer: voice liveness detection — a model not analyzing content but looking for vocoder artifacts, missing breathing patterns, unusual frequency phases. Aurigin.ai integrates this into Swisscom Digital Trust’s identity infrastructure since November 2025. For video, the analogous liveness — micro-movements, pupil reflections, light consistency. Robert adds the organizational layer: four-eyes principle above a defined threshold, out-of-band verification on master-directory numbers, code words in management. Lukas names the fourth layer: behavioral anomaly in the call itself — speech rate, pauses, latencies under 200 milliseconds response time. Pindrop, an American provider, has upgraded a US insurer with this after the Arup shock.
What you take away from this episode
Code words are no longer a gimmick in 2026. Agree on a code word tonight with the people who matter to you — privately and professionally. With family members, with treasury staff, in management. It costs ten minutes and can save a fortune.
Sources and references
- CNN Business. (2024, May 16). Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee. CNN. https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk
- Fortune Europe. (2024, May 17). A deepfake 'CFO' tricked British design firm Arup in $25 million fraud. Fortune. https://fortune.com/europe/2024/05/17/arup-deepfake-fraud-scam-victim-hong-kong-25-million-cfo/
- AI Incident Database. (n.d.). Incident 634: Alleged deepfake CFO scam reportedly costs multinational engineering firm Arup $25 million. https://incidentdatabase.ai/cite/634/
- Lynch, S. (2024, July 27). Ferrari exec foils deepfake attempt by asking the scammer a question only CEO Benedetto Vigna could answer. Fortune. https://fortune.com/2024/07/27/ferrari-deepfake-attempt-scammer-security-question-ceo-benedetto-vigna-cybersecurity-ai/
- MIT Sloan Management Review. (2024). How Ferrari hit the brakes on a deepfake CEO. https://sloanreview.mit.edu/article/how-ferrari-hit-the-brakes-on-a-deepfake-ceo/
- New Hampshire Department of Justice. (2024, May). Steven Kramer charged with voter suppression over AI-generated President Biden robocalls. https://www.doj.nh.gov/news-and-media/steven-kramer-charged-voter-suppression-over-ai-generated-president-biden-robocalls
- Federal Communications Commission. (2024, September). FCC issues $6M fine for N.H. robocalls. https://www.fcc.gov/document/fcc-issues-6m-fine-nh-robocalls
- Biometric Update. (2026, January). Deepfake voice fraud dupes Swiss businessman into transferring millions. https://www.biometricupdate.com/202601/deepfake-voice-fraud-dupes-swiss-businessman-into-transferring-millions
- Wang, C., Chen, S., Wu, Y., Zhang, Z., Zhou, L., Liu, S., Chen, Z., Liu, Y., Wang, H., Li, J., He, L., Zhao, S., & Wei, F. (2023). Neural codec language models are zero-shot text to speech synthesizers (VALL-E) (arXiv:2301.02111). arXiv. https://arxiv.org/abs/2301.02111
- Xu, S., Chen, G., Guo, Y.-X., Yang, J., Li, C., Zang, Z., Zhang, Y., Tong, X., & Guo, B. (2024). VASA-1: Lifelike audio-driven talking faces generated in real time (arXiv:2404.10667). arXiv. https://arxiv.org/abs/2404.10667
- Biometric Update. (2025, September). Voice clones can sound as real as human voices, says new research. https://www.biometricupdate.com/202509/voice-clones-can-sound-as-real-as-human-voices-says-new-research
- ElevenLabs. (n.d.). Voice cloning. https://elevenlabs.io/voice-cloning
- Biometric Update. (2025, November). Aurigin adds voice liveness detection to Swisscom identity infrastructure. https://www.biometricupdate.com/202511/aurigin-adds-voice-liveness-detection-to-swisscom-identity-infrastructure
- Deloitte Center for Financial Services. (2024). Generative AI is expected to magnify the risk of deepfakes and other fraud. Deloitte Insights. https://www2.deloitte.com/us/en/insights/industry/financial-services/deepfakes-in-banking-cybersecurity.html
- OST – Ostschweizer Fachhochschule. (2026). CAS AI-Driven Cybersecurity and Strategic Defence [Programmseite, 15 ECTS, 14 Präsenztage, Campus Rapperswil-Jona]. https://www.ost.ch/de/weiterbildung/weiterbildungsangebot/informatik/cybersecurity-networks/cas-ai-driven-cybersecurity-and-strategic-defence