In the early 2020s, the fraud landscape changed less like a burglary than like a software update. The old confidence games still existed—bogus invoices, fake executives, spoofed wires—but generative AI gave them a new property: scale without intimacy. A fraudster no longer needed to know a victim personally if a model could imitate the cadence of a boss, the urgency of a banker, or the visual authority of a CEO on a video call. The opening condition was not a single mastermind but an ecosystem: cheap cloud compute, widely available voice-cloning tools, open-source image generation, and a corporate culture that had already trained employees to move fast when a superior appeared to be speaking.
The first crossing of the line often happened in a private, almost banal place: a laptop in a rented apartment, a Telegram channel, a Discord server, or a small office where one operator tested what the machines could do. Security researchers and law-enforcement advisories published since 2023 describe the same pattern again and again. A caller claims to be a chief executive. A video message appears to show a familiar face. The target is asked to make a payment, reset credentials, or open a channel for “urgent” verification. The fraud begins not with sophistication, but with permission: the victim is induced to accept the premise that a familiar authority is speaking.
That premise was made easier by the era itself. Video meetings normalized choppy audio, frozen frames, and bad lighting. Remote work made it ordinary to obey instructions from a face on a screen. The public had also been conditioned by years of synthetic media to distrust nothing and everything at once, a contradiction that helps criminals. If a target believes deepfakes are rare, they are vulnerable; if they believe fakery is everywhere, they may miss the one clip that matters.
One documented early signal came from the corporate-fraud advisory world rather than a courtroom. In 2024, the U.S. Federal Bureau of Investigation warned that criminals were using audio and video deepfakes to impersonate executives and job candidates. The warning was a structural fact, not a single case: the marketplace had moved from hypothetical to operational. A surprisingly small technical barrier remained. A few seconds of clean audio could be enough for a voice clone. A handful of still images could anchor a synthetic face. The old fraudster had to cultivate patience; the new one needed only data.
The setting also included a less visible weapon: synthetic identity. That term sounds abstract, but in practice it means a person assembled from fragments—real Social Security numbers, fabricated addresses, altered records, and digitally plausible behavior. The result is not a stolen identity in the classic sense; it is an identity that never fully existed, yet can pass through automated systems long enough to obtain credit, benefits, or access. Unlike a counterfeit check, a synthetic identity can age. It can build a credit profile. It can become, in the language of fraud analysts, a person with a history.
The first marks in this new environment were often corporations themselves. The crime no longer had to begin with a grandmother being tricked out of her savings, though that happened too. A finance department could be induced to wire funds to the wrong account after a video call that seemed to show a trusted executive. A human-resources team could onboard an applicant whose identity had been fabricated by software. A bank could approve an account opened by a face that never belonged to any one person. The founding lie was therefore not one lie but a system of lies that each looked modest on its own.
In one publicized 2024 incident covered by financial press, a Hong Kong employee of a multinational firm joined what he believed was a video conference with senior colleagues and was persuaded to transfer roughly HK$200 million—about US$25 million—after the participants turned out to be deepfake recreations. That episode did not create the era, but it showed it to boardrooms. The fraud was no longer confined to email typos and bad grammar. It had entered the visual and acoustic spaces where trust had once felt automatic.
The enabling environment was regulatory lag. Banks had rules for anti-money-laundering monitoring, but the monitoring systems were built for patterns of deposits and withdrawals, not for synthetic people who arrived with engineered credibility. Corporate controls could verify payment workflows, but they were not always built to challenge an executive who appeared, spoke, and urged action in real time. In fraud, every new control creates a new bypass; AI simply accelerated the contest.
There was also an important social component: embarrassment. Victims of impersonation often hesitate to report an event that makes them seem careless. Companies fear the reputational cost of admitting they were fooled by a cloned voice. That silence is itself part of the setup. The less the first incidents are discussed, the more the criminal market learns in private. A successful deepfake need not defeat every safeguard; it only has to defeat the ones that a particular office has not yet imagined.
By the time the first money started flowing, the scheme was already operating as a repeatable process rather than a one-off trick. The machine could draft the bait, clone the pitch, imitate the authority, and scale the pressure. The question was no longer whether someone would be deceived. It was how quickly the deception would spread before the institutions built to stop fraud understood what they were looking at next.