Deepfake continues to be a problem in the tech world. With the recent Taylor Swift deepfake incident, the awareness of the misuse has grown, but it still doesn't stop bad actors from exploiting generative AI to commit disturbances and crimes.
Scammer Uses Deepfake to Steal Millions
A multinational company lost 200 million HKD after bad actors arranged a well-executed scam to convince one employee that the interaction was real. Due to ongoing investigations, it's still unknown which company fell victim to the deepfake exploit.
In order to make the scam believable, digital recreations of several employees were created using their likenesses and voices through deepfake technology, including the company's chief financial officer. The scammer used publicly available videos and audio to create the deepfakes.
At first, the employee was already skeptical of the phishing message that was sent to the company's Hong Kong headquarters, claiming to be from the company's UK chief financial officer. The scammer asked the employee to conduct transactions without disclosing them.
However, the deceptive tactics were effective enough to convince the employee as they proceeded to make 15 transfers that collectively amounted to 200 million HKD, or equivalent to over 25 million USD, as reported by Ars Technica.
It wasn't until a week after that officials realized that the transaction was a fraud, which initiated a police investigation. As regrettable as it is, one can see why the employee would be convinced of the authenticity of the demand, seeing as there were several recognizable faces in the conference call.
Hong Kong Police's acting senior superintendent Baron Chan Shun-Ching also said that this was the first-ever multi-person video conference scam in Hong Kong, which probably contributed to how it persuaded the employee to comply.
The police suggested ways to avoid falling victim to this form of deepfake scam, such as verifying the identity of the caller by asking them questions that confirm their identity or asking them to move their heads. This should especially be followed when financial transactions are involved.
Deepfake Scams
This isn't the first instance of a deepfake scam. People from all over the world have been using this method to scam people and get them to provide money or private data. The most rampant deepfake scam is made through calls.
With just a few audio samples, threat actors can easily replicate one's voice through artificial intelligence, which can then be used in phone calls. It's not even hard to do as there are plenty of free AI tools that can achieve that level of recreation.
To avoid such scams, never trust calls that demand something from you like money or information. If they claim to be a loved one or someone you know and they're calling from a different number or account, ask them questions that only the real person can answer to verify that it's them.
You should also watch out for deepfake video calls since they are also quite possible, as proven by the theft of $25 million from a multinational company. To prove that it's not a deepfake video, you can ask them to do random actions that the scammers couldn't have prepared for.