1. Summary
In early February 2025, a criminal network used AI-generated voice cloning to impersonate Italian Defence Minister Guido Crosetto, targeting over a dozen of Italy's most prominent entrepreneurs. They pretended as a ministry officials and then as Crosetto himself, the fraudsters fabricated a hostage scenario involving Italian journalists held in the Middle East, requesting urgent wire transfers to secure their release. At least one businessman, former Inter Milan owner Massimo Moratti, transferred approximately €1 million across two payments before discovering the deception. Italian authorities subsequently traced and froze the funds in a Dutch bank account.
This case is one of the most high-profile AI voice fraud incidents ever recorded in Europe. It did not rely on phishing emails or malware. It required no insider access to corporate systems. The attackers needed only publicly available recordings of a government minister's voice and a compelling story timed to exploit a real geopolitical event.
⚠️ Why This Matters To Every Senior Executive Voice authentication ?
Human ability to recognise a familiar voice on the phone is now structurally compromised. This case demonstrates that AI voice cloning can convincingly replicate the speech patterns of public figures using only material available on the internet. Any organisation whose leadership appears in public speeches, media interviews, or recorded webinars is generating training data for potential attackers.
At A Glance
Fact | Details |
|---|---|
Spoofed Identity | Guido Crosetto, Italian Minister of Defence (serving since October 2022) |
Fraud Type | AI voice deepfake: government authority impersonation |
Primary Targets | Italy's leading business and industrial elite (10+ individuals) |
Confirmed Victim | Massimo Moratti, former owner of Inter Milan FC |
Amount Transferred | ~€1 million |
Destination | Hong Kong bank account, routed to Netherlands |
Pretext Used | Ransom payment to free kidnapped Italian journalists in the Middle East |
Recovery Outcome | Full ~€1 million frozen by Italian and Dutch authorities |
Investigation | Milan Prosecutors, Carabinieri Investigative Unit, Crosetto filed formal complaint |
2. Incident Overview
Guido Crosetto has served as Italy's Minister of Defence since October 2022. His active public media presence, parliamentary debates, press conferences, television interviews, gave attackers extensive, freely available audio to train a voice clone.
The scam was anchored to a real news event. In December 2024, Italian journalist Cecilia Sala was arrested in Tehran's Evin Prison. After three weeks of high-profile diplomatic negotiations in which Crosetto played a visible public role, Sala was released on 8 January 2025. Fraudsters launched their operation within weeks, exploiting residual public awareness that Italian journalists could be detained abroad. The fictional "other journalists still held captive" was a psychologically credible extension of a story targets had already absorbed.
3. Attack Timeline & Methodology
Late January 2025 - Reconnaissance: Attackers harvested public recordings of Crosetto from parliamentary sessions and media interviews to train an AI voice clone. No system breach was required.
Early February 2025 - (Phase 1) Staff Impersonation: Calls arrived from numbers spoofed to appear as originating inside Italy's Ministry of Defence. Fraudsters posing as Crosetto's staff requested the mobile numbers of targets, establishing false institutional legitimacy before the main approach.
Early February 2025 - (Phase 2) "Crosetto" Calls Directly: The assistant "passed the phone" to "Guido Crosetto." The AI-generated voice explained that journalists remained captive in the Middle East. Urgent, confidential financing was required. The Italian government, targets were told, could not be seen to be involved, explaining away the absence of any official paper trail.
Early February 2025 - (Phase 3) Reimbursement Promise: A fictional intermediary, "General Giovanni Montalbano," was introduced. Targets were assured the Bank of Italy would reimburse all funds once the operation concluded.
Early February 2025 - Transfer: Moratti made two wire transfers totalling nealy €1 million to a Hong Kong account. Most other targets declined.
Nealy 4 February 2025 - Unravels: A targeted businessman contacted Crosetto directly, confused about a call from "the minister's secretary." Crosetto identified the fraud and immediately alerted authorities.
6 February 2025 - Public Disclosure: Crosetto posted on X, warning further targets. Moratti filed a police complaint.
12 February 2025 - Recovery: The Carabinieri traced funds from Hong Kong to a Dutch bank account, freezing the full ~€1 million. Crosetto confirmed on X: "Excellent work by the magistrates and police forces."
4. Financial Impact Analysis
Category | Amount |
|---|---|
Transferred by Moratti | ~€1,000,000 |
Demanded from other targets | ~€1,000,000 per target (unconfirmed total) |
Funds recovered | ~€1,000,000 — 100% of transferred amount |
Net direct financial loss | €0 |
Investigation & legal costs | Not publicly disclosed |
Reputational impact | Significant - multiple UHNW families publicly named |
Full recovery was possible only because Moratti filed his complaint promptly and Italian and Dutch law enforcement coordinated within days. In most comparable cross-border fraud cases, funds dispersed through Hong Kong accounts are irrecoverable within 24–48 hours. The €0 loss outcome is the exception, not the rule.
5. Control Failure Analysis
No callback verification. Moratti never initiated independent contact with Crosetto through a verified channel. All communication came through attacker-controlled numbers, with no protocol requiring him to call back using an independently confirmed contact.
Voice treated as authentication: The human instinct to trust a recognised voice , reinforced by the emotional weight of the journalists-in-peril narrative, overrode scepticism. Voice alone is no longer a reliable identity signal.
No independent corroboration required: There was no process requiring a second person to separately verify the request. A single verbal instruction from a perceived authority figure was sufficient to initiate a seven-figure transfer.
Caller ID trusted as evidence of origin: Calls appearing to originate from the Ministry of Defence were accepted at face value. Caller ID spoofing is technically trivial and proves nothing about a call's true origin.
No deepfake detection capability: None of the targets had access to real-time voice authentication tools capable of flagging AI-generated audio.
6. Red Flags & Warning Signs
Red Flag | Significance |
|---|---|
Unsolicited call from "ministry staff" | Government ministries do not initiate private fundraising calls to citizens |
Confidentiality demand | Requests to keep a transfer secret from advisers are a defining social engineering signal |
"Government cannot be associated" framing | Designed to explain the absence of any verifiable official record |
Bank of Italy reimbursement promise | The Bank of Italy does not reimburse private donors for informal transfers |
Hong Kong bank account destination | No legitimate Italian government humanitarian operation routes funds through Hong Kong |
Caller ID showing official ministry numbers | Spoofed numbers prove nothing about the true origin of a call |
Urgency and emotional leverage | Crisis framing is engineered to suppress due diligence, not accelerate it |
Continued calls after complaint filed | Escalating follow-up pressure is consistent with scam extraction tactics |
7. Lessons Learned & Root Cause
Root cause: Two converging factors enabled this attack: the commoditisation of AI voice cloning which requires only seconds of clean audio to replicate any public figure and the complete absence of out-of-band verification protocols for high-value financial requests.
Voice is no longer authentication: Any executive whose voice appears in public media has provided attackers with training data. Treat every unsolicited phone request for a financial transfer as unverified, regardless of how familiar the caller sounds.
Callback protocols are non-negotiable: Terminate the call. Source the caller's number from a verified directory. Call back. This single step would have prevented this fraud.
Dual authorisation must be mandatory: No individual should authorise a large wire transfer on the basis of a phone call alone. Require a second, independently verified signoff.
Speed of reporting determines recovery: Establish a protocol ensuring suspected fraud reaches law enforcement within hours, not days.
Public media is attack surface: Every investor call, media interview, and public video generates deepfake training material. Digital presence is now a security consideration.
8. Conclusion
The Crosetto deepfake voice scam is a watershed moment in European fraud. AI-generated audio successfully impersonated a serving national defence minister and extracted seven-figure sums from a sophisticated individual with no system breach, no insider access, and no malware. The attacker's only tools were a publicly available voice and a story anchored in real events.
That is the primary vulnerability now. Security frameworks built for Business Email Compromise and traditional voice phishing are structurally inadequate against real-time AI voice impersonation. Updating them is no longer optional.