Deepfake and fraud: the trip that has been cancelled 6 times

Part 2: about examples from the financial sector and the importance of sharing experiences.

She studied Systems Engineering and Policy Analysis at TU Delft. During her studies, she researched new technologies that can be fascinating on the one hand, and harmful to society on the other. For individuals. And for companies and governments. This led to the establishment of DuckDuckGoose in 2020. Since then, Lotfi, co-founder and CEO of the tech company, and her team members have been developing deepfake detection for companies and governments.

The first deepfakes included manipulated video messages from Obama in 2018. That was new, and funny. At the same time, it was already a warning against fake news. Today, anyone can create or manipulate content with generative AI. And that content is also increasingly difficult to distinguish from the real thing. To show how deepfake technology can affect business processes of financial institutions, Lotfi shares a few recent Dutch examples.

Deepfake definition

When you think of a deepfake, you probably think of manipulated video messages from famous people that are often meant to be funny. But according to Lotfi, the definition is broader than that. "Deepfake is any form of audio and visual media that has been generated or manipulated with generative AI," she explains. Think of photos and videos of people and objects, but also documents such as invoices and proof of purchase.

6 cancellations

"Not so long ago, an insurer discovered a remarkable fraud with deepfakes. It was about someone who used AI to generate an invoice for an expensive trip. Two false doctor's statements were also drawn up showing that the trip could not take place due to illness. The claim on the travel insurance, for an amount of about 30,000 euros, was accepted. That tasted like more. The person in question submitted the same claim to 4 other insurers. And that also worked. Yet 150,000 euros was not enough. But unfortunately, on the 6th attempt, the insurer in question noticed something strange. The signatures on the doctor's certificates were very similar. So the fraud was noticed after 5 times," says Lotfi. "What distinguishes this form of fraud from traditional fraud is that the evidence submitted often looks completely credible and is therefore not immediately recognised by existing control systems."

Open 46 bank accounts

Another example: "Increasingly, making a facial scan is part of an application process, for example for opening a bank account." But Lotfi and her colleagues also see it emerging in e-commerce.
"In this case, a Dutch man was recently arrested for committing identity fraud with deepfakes. He pretended to be a landlord of apartments. He requested copies of passports from interested home seekers. Using generative AI, he then combined his own passport photo with the other photos to create new profiles. He manages to open 46 bank accounts. And he used them for other forms of fraud and money laundering. Generative AI thus makes it possible to repeat such fraud not once, but on a large scale and with minimal effort. And similar techniques can also be used to take out insurance or abuse existing customer accounts."

False investment advice

Furthermore, according to Lotfi, companies must also be keen on CEO fraud. This concerns, for example, phishing by e-mail or telephone where it appears that board members are asking their employees to share information or click on links. "But also think of deepfake videos in which, for example, board members give false investment advice via social media. Not so long ago, this was the case with Warren Buffett, CEO of Berkshire Hathaway. Something like this can also happen in the insurance sector. This can lead to wrong financial choices by customers and can affect confidence in insurers."

Patterns reveal a lot

To stop fraud with AI, more and more research is being done in the financial sector. Lotfi: "What we see in the banking sector, for example, are templates that are used worldwide to generate fake passport photos. Among other things, it can be recognised by similarities in the background of such a photo. This shows that photos are made, sold and misused on a large scale. We see them in banks in the Netherlands, e-commerce in Brazil to defence in Singapore."

Unlike in the past, generating or manipulating images and audio is becoming easier. And it is also being done on an increasingly large scale, especially by criminal groups on the dark web. "Insurers really need to be aware of that," she emphasises.

Share as much as possible

In the i-CERT , insurers have been sharing information about cyber threats confidentially since 2017. CEO fraud and phishing are also increasingly included in this. Lotfi: "Information sharing in the financial sector is extremely important. Even when it comes to deepfake fraud, because fraudsters often use the same techniques and templates at multiple organisations at the same time. The full fraud pattern therefore usually only becomes visible when information is shared sector-wide."

The last article of this triptych will be published soon. In it, Lotfi explains how insurers can tackle deepfake fraud.

The Boef de Baas 2026

Lotfi will provide a sub-session on March 26 during De Boef de Baas, an event of the Association that this year is all about technology and AI as a weapon and opponent in the fight against fraud and crime. Relevant for strategists and policymakers, security managers, fraud and incident investigators, data analysts, cybersecurity specialists, risk officers and professionals in the field of digital resilience.

Was this article useful?

Quickly to

Insurance Academy

De Boef de Baas 2026

• 26/03/2026
• Den Haag
• Event

In 2025, the Resilient and Vigilant vision on tackling fraud and (cyber) crime in the insurance sector will be published.