Employee Duped by AI-Generated CFO in $25.6M Deepfake Scam


Learn how a multinational company’s Hong Kong branch faced a deepfake scam, causing substantial financial losses, and explore efforts to counter the rising sophistication of deepfake technology.

A multinational company’s Hong Kong branch faced a substantial financial setback due to an advanced deepfake scam. During a video call, an employee was deceived by digitally manipulated versions of the company’s CFO and others, resulting in the unauthorized transfer of funds to the scammers.

The scam recalls the August 2022 incident in which scammers created a Deepfake AI hologram of Patrick Hillmann, Binance’s Chief Communications Officer. The hologram was manipulated to deceive users into participating in online meetings and to target crypto projects of Binance clients.

Reports indicate that the employee was tricked into paying out HK$200 million (approximately US$25.6 million) after participating in a deepfake video call impersonating the company’s CFO. The worker was persuaded after seeing multiple staff members attending that call. However, all were deepfake recreations. 

The worker initially became suspicious after receiving a message from the UK-based CFO and avoided it believing it was a phishing email. However, after a video call, the worker realized that the other attendees resembled his colleagues, despite initial doubts, as they appeared and sounded familiar.

What happened is that the scammers used publicly available footage to create convincing versions of the meeting’s participants, according to Hong Kong police senior superintendent Baron Chan Shun-ching’s briefing on Friday. 

In the digitally altered video, the CFO issued fraudulent instructions to transfer funds to unauthorized accounts. The employee, a finance worker at the company, followed the instructions, leading to a significant financial loss because the scammers had immaculately replicated the CFO’s appearance and voice.

The worker transferred $25 million to five bank accounts in 15 transactions. The scam was discovered after the employee shared the information with the company’s head office. It is worth noting that the incident lasted a week. 

However, this isn’t the first of its kind incident involving deepfake technology. Fraudsters have been relying on this technology to cheat people out of money.

Bitdefender’s latest research reveals a rise in YouTube stream-jacking campaigns using deepfake videos for cryptocurrency theft. Despite McAfee’s MockingBird tool detecting 90% of deepfake content, scammers continue to use malicious techniques for crypto scams, sometimes bypassing facial recognition systems, highlighting ongoing challenges in combating these deceptive practices.

Authorities are investigating the incident in Hong Kong, which is the first such scam involving a large sum of lost money. It has raised concerns about the scammers’ increasing sophistication and potential for financial fraud. Experts urge increased awareness and training for employees to effectively identify and resist these scams.

Hong Kong police confirmed that eight stolen identity cards were used for 90 loan applications and 54 bank account registrations between July and September 2023 using AI deepfakes to trick facial recognition programs on at least 20 occasions. The authorities have so far arrested six individuals in connection with deepfake scams.

  1. AI Image Editing Tool Cutout Leaked User Images and Data
  2. Malicious Abrax666 AI Chatbot Exposed as Potential Scam
  3. Dark Web Pedophiles Using Open-Source AI to Generate CSAM
  4. Fake LinkedIn Job Offer Used in Stealing $625M from Axie Infinity
  5. QR Code Phishing Soars 587%: Users Fall to Social Engineering Scams





Source link