Enterprise Scenarios

These aren't
hypotheticals.

Real attack patterns drawn from FBI IC3 reports, CISA advisories, and documented enterprise breaches. Each scenario describes an attack that has happened — and exactly what would have stopped it.

$2.9B
BEC losses in the US in 2023
$25M
Stolen in single deepfake video call
17%
YoY increase in enterprise wire fraud
243d
Average detection time after breach
incident_log.txt
  • 01

    Wire Fraud Friday

    Finance

  • 02

    Deepfake CFO Call

    Exec office

  • 03

    Slack Account Takeover

    IT / Engineering

  • 04

    Vendor Bank Change

    AP team

  • 05

    Legal Settlement Fraud

    Legal / C-suite

  • 06

    Helpdesk Vishing

    All staff

All 6 stopped by Real Authenticator

Six scenarios. Same root cause.

Every scenario below shares one failure point: someone trusted an identity they couldn't verify. Real Authenticator makes verification instant and unforgeable.

BEC / Wire Fraud·Finance Team

Wire Fraud Friday

A CFO receives an email at 4:52 pm Friday. It looks like it's from the CEO.

Sarah is the CFO at a mid-size professional services firm. At 4:52 pm on a Friday, she receives an email from the CEO — his actual address, the same one she sees every day.

"Sarah — I need you to process a wire for $178K to close a vendor deal before the weekend. This is time-sensitive. I'm in a dinner with the board and can't talk. Just get it done."

The email is perfect. The tone is right. There's no reason to question it. She processes the wire. Monday morning, the CEO has no idea what she's talking about.

What happened

$178,000 transferred to a fraudulent account. Funds unrecoverable.

What stops it

A code request takes five seconds. The CEO can't produce one — because it isn't him.

$2.9B lost to BEC in the US in 2023. Average wire fraud loss: $137K per incident (FBI IC3 2023).

Read full story
AI Voice & Video Deepfake·Executive Office

The CFO Who Wasn't There

A video call with your CFO and three colleagues. Your CFO is at home, unaware.

James receives a Microsoft Teams invitation for an 'emergency board briefing' about a confidential acquisition. On the call: the CFO, two senior directors, and a legal advisor — all faces he knows.

The CFO explains the deal must close today. Funds need to be transferred to an escrow account. Everything must remain confidential until the announcement.

James approves the transfer. The CFO had been traveling and hadn't made any calls that day. Every face on that call was AI-generated.

What happened

$25 million transferred to a fraudulent escrow account.

What stops it

A code request before any large approval requires the real CFO's enrolled device — which the deepfake cannot produce.

This exact scenario occurred in Hong Kong in January 2024. Reuters and BBC reported $25 million USD transferred to fraudsters using deepfake video participants.

Read full story
Account Compromise·IT & Engineering

Your Colleague's Slack — in the Wrong Hands

The Slack DM looks normal. The username is right. The profile photo is right. It's not them.

Marcus gets a Slack message from his engineering lead — someone he works with daily. 'Production deploy is stuck, I need the AWS root credentials temporarily for a hotfix. Client is down.'

The message uses the right tone, references real projects, comes from an account Marcus has messaged hundreds of times.

Marcus sends the credentials. The engineering lead's account was compromised via a phishing link the previous week.

What happened

Root credentials compromised. Customer data exfiltrated. 243-day detection lag.

What stops it

A code exchange before credential sharing confirms the real person — not the session.

82% of breaches involve the human element. 74% involve credential or privilege abuse. Average detection time: 243 days (Verizon DBIR 2024; IBM Cost of Breach 2024).

Read full story
Vendor Impersonation·Accounts Payable

The Vendor Who Changed Banks

Your supplier emails to update their banking details. Routine — except it isn't them.

Your AP team receives an email from a longtime supplier updating their bank account. Correct domain (almost), correct contact name, correct invoice reference from last month.

They process the update. The next three monthly invoices are paid to the fraudulent account.

The supplier calls to chase payment. Three months of vendor payments are gone.

What happened

~$280K in vendor payments redirected over 90 days.

What stops it

A verification step before any bank-change approval requires the real vendor contact to prove their identity — a spoofed domain fails immediately.

$446M lost to vendor impersonation fraud in 2023. Average fraud duration before detection: 90 days (FBI IC3 2023).

Read full story
Executive Impersonation·Legal & C-Suite

The Settlement That Never Happened

Your general counsel calls about an urgent settlement. Except she didn't call.

The CEO receives a call from the company's general counsel — urgent, sensitive. A litigation settlement needs to be approved before end of business. Confidential.

The CEO approves the transfer of $340,000 to what appears to be a law firm escrow account.

The general counsel finds out the next morning. She made no calls. There is no settlement.

What happened

$340,000 transferred to a fraudulent escrow. Legal recovery proceedings ongoing.

What stops it

A five-second code exchange confirms the actual general counsel — the synthesized voice cannot produce it.

$50B+ in cumulative executive fraud losses (FBI IC3 2013–2023). Executive impersonation is the fastest-growing BEC sub-category.

Read full story
IT Social Engineering·All Staff

The Helpdesk Call at 8pm

IT is calling about suspicious activity on your account. They need your MFA code.

Your head of sales receives a call at 8pm from the internal IT helpdesk number. They've detected suspicious login activity on her account and need to temporarily disable MFA.

They ask her to read the 6-digit code just sent to her phone. She reads it out.

The attacker now has her account. By 8:12pm, the full customer CRM database has been exported.

What happened

Full CRM database exfiltrated. GDPR notification required. Regulatory fine investigation opened.

What stops it

A verification culture where staff expect code confirmation for any IT request makes vishing attempts immediately recognizable.

Voice phishing (vishing) accounted for 67% of social engineering-initiated breaches in 2024. IT helpdesk impersonation is the most common vishing target (Verizon DBIR 2024).

Read full story

See the data behind the stories

Every scenario above has documented threat statistics.

View full threat landscapeContact Sales

Your team can't verify.
AI already knows it.

Every week you don't have a verification layer is a week an attacker can impersonate your CFO, your legal counsel, or your vendor — and someone on your team will trust them. Close the gap.

Reply within one business day
30-day pilot, no contract required
Zero-knowledge — nothing to breach
Talk to Our Enterprise Team

Custom pricing · Volume discounts · Annual contracts available