With Deepfakes becoming increasingly sophisticated, it’s a legitimate question. But what exactly is a Deepfake exactly?
Deepfakes are videos or images manipulated using artificial intelligence (AI).
Deepfake AI has the ability to train itself on lots of real photos and videos, learn how to move people’s faces, and emulate their voices to make it seem like they are saying or doing something they really are not.
AI is very good at emulating people because it’s seen many real examples.
A recent incident at a large multinational company shows how convincing these deceptions can be.
The Unusual Request
The incident began when an employee in the company’s Hong Kong office received an email, supposedly from their Chief Financial Officer (CFO) in the UK headquarters. The CFO requested an immediate and sizable money transfer to an offshore account, citing an urgent acquisition deal.
Initial Suspicions
As the request lacked important details and was highly atypical, the savvy employee grew suspicious that it could be a phishing attempt. However, the scammers had a more devious plan to sell the deception.
The Fake Video Call
The scammers scheduled a video call with the employee. Through Deepfake technology and previously captured sources, they generated remarkably life-like digital imitations of the CFO and other executives.
Selling the Ruse
During the brief call, the fake participants did just enough to confirm the money transfer request and add pressure due to the supposedly sensitive deal. Faced with what seemed an authentic interaction, the employee’s doubts were eased.
Falling for the Scam
Believing he had verified the request through a live video call, the employee initiated the large, fraudulent money movement. It wasn’t until double-checking with head office that the deception was uncovered.
The Evolving Threat
This incident serves as a sobering reminder that even conscientious employees can fall victim to a well-planned Deepfake scam. While live video interaction was once considered an ironclad way to verify identities, the latest Deepfake techniques mean any communication channel is now vulnerable to sophisticated spoofing.
Preventing Future Attacks
Businesses can take steps to prevent such a costly deception.
Companies should implement multiple-level approval processes for money transfers, regardless of the sender’s apparent seniority.
Additionally, questioning aspects of interactions and observing participants could help uncover anomalies that indicate Deepfakes.
To learn more about Deepfakes and how to protect your organization, reach out to one of our security experts. We’d be happy to assess your security posture and policies to recommend tailored improvements.