Deepfake PM Cost Him RM15M on Zoom. Your Workflow Is Next.

A man in Singapore sat down for a Zoom call with someone who looked and sounded exactly like Prime Minister Lawrence Wong. By the time the call ended, he'd transferred the equivalent of fifteen million Malaysian ringgit to scammers. That's roughly four point nine million in Singapore dollars. Gone.

The fraud didn't start on Zoom

The fraud didn't start on Zoom. It started with a WhatsApp message from someone claiming to be Singapore's Cabinet Secretary. Then came an email on forged official letterhead. Then came the video call — with deepfake versions of the Prime Minister and other government officials, sitting in what looked like a real meeting. At the end of the call, a deepfake of P.M. Wong delivered closing remarks and personally thanked the victim for attending. That level of detail matters. This wasn't a glitchy face swap. This was a produced performance — designed to make one person trust what they saw enough to move millions. And if you've ever joined a video call for work, or verified someone's identity by looking at their face on a screen, this story is about the moment that stopped being reliable. So what happens when seeing and hearing someone is no longer proof that they're real?

The scam worked because it followed a pattern that felt legitimate at every step. A message from a senior official. A formal email. Then a face-to-face meeting — except none of the faces were real. And the technology behind it is getting cheaper by the month. Voice cloning now needs only about twenty to thirty seconds of recorded audio to generate a convincing replica of someone's speech. Twenty seconds. That's less than a voicemail greeting. Anyone with a public presence — a politician, a C.E.O., even someone who's posted a short video online — has already given away enough raw material.

The World Economic Forum published findings from its Cybercrime Atlas project in January of this year. Researchers tested seventeen different face-swapping tools and eight camera injection tools — software that feeds fake video directly into a webcam feed. Most of those tools were able to get past standard biometric onboarding checks. That means the identity verification step you go through when you open a bank account or sign up for a financial app — the one where you hold up your face to the camera — can be fooled by tools that are already widely available.

Regulators have started to respond

Regulators have started to respond. In November of twenty twenty-four, the U.S. Treasury's Financial Crimes Enforcement Network — FinCEN — issued its first alert specifically targeting deepfake-driven fraud. The alert directed banks to flag suspicious activity reports using a dedicated tag: FIN-2024-DEEPFAKEFRAUD. That's not guidance. That's a reporting category. When a regulator creates a specific label for a type of fraud, they're telling the industry this is no longer a one-off — it's a pattern they expect to see again and again.

For anyone managing fraud risk or running investigations, the operational reality has shifted. Callback verification — where you phone someone back on a known number to confirm a wire transfer — can itself be spoofed if the voice on the other end is cloned. Voice authentication in call centers is no longer strong enough as a single factor. And approving large transactions over video conference? That's exactly what this victim did. For the rest of us, it means the instinct we all rely on — "I saw them, I heard them, it's really them" — no longer holds up.

Now, there's a reasonable counterargument. Detection technology is improving. According to reporting from Mothership S.G., investigators who examined the Zoom footage afterward found multiple indicators of A.I. manipulation — pre-recorded video segments and synthetic audio layered together to simulate a live meeting. Police caught it. But the victim had already sent the money before anyone analyzed the call. Detection happened after the damage was done.