Another deepfake BEC attack is raising concerns that a major threat is developing. This one uses Zoom calls to convince employees to send wire transfers.
Last week, SCMP reported that a UK-based multinational company has fallen victim to a deepfake scam after a digitally recreated version of its chief financial officer fooled an employee at the firm’s Hong Kong branch and tricked her into transferring $4 million.
It’s the second successful such BEC deepfake in the last 90 days.
Familiar Faces – Everyone She Knew Looked Real
A source familiar with the case said that the woman employee received a WhatsApp message on May 20th from a scammer impersonating the executive requesting a “Zoom” video conference with her the next day.
During the May 21 meeting, the scammer, posing as her supervisor, instructed her to transfer approximately HK$4 million to multiple bank accounts, deceptively claiming that the funds would be used to build a new branch location.
During the call, the employee was put at ease because she saw “familiar faces of her colleagues” and a video of her “fake supervisor.” The supervisor requested that she make multiple transfers to different bank accounts, which she did the same day following the call.
She became aware of the scheme after verifying with others within the company that it was a legitimate call.
CFO Was DeepFaked From Publically Available Information
Police authorities in Hong Kong believe that the CFO of the UK-based company was deeply faked based on publicly available images and videos found online.
They believe the modus operandi is extremely similar to the BEC attack that targeted ARUP and their CFO, Robert Boardman, two months ago. In that deepfake, the fraudsters used publicly available images and audio to create the deepfake.
The Steps Fraudsters Take In A Deepfake CFO Scam
Fraudsters engaging in BEC attacks often spend months researching a company because the payoff is high.
In this video, I explain exactly how the Arup CFO BEC attack likely went down with help from Sumsub video re-enactments.
Why BEC Attacks Are The Most Likely Place We Will See AI Emerge
With all of the AI hype and hysteria, many are left scratching their heads, wondering what is a real threat and what is just conjecture.
One thing is becoming clear – BEC Deepfakes are the real deal. With two highly successful campaigns carried out by hackers in Hong Kong, this is likely to spread very quickly.
And here is why
- They Work – fraudsters don’t waste time, and deepfake BEC is a method that works.
- The ROI Is There—With an average payoff of several million dollars, scammers are likely to invest their money because the ROI is there.
- Convincing – Deepfakes take BEC scams to another level because they can push a victim to send the wire when they might not have believed, just emails or texts before.
Companies across the world should be on alert for this new and emerging AI Scam.
As for Hong Kong Police, they are warning companies not to believe everything they see or hear. “It’s important to remember that just because there are images, sounds and videos, it doesn’t necessarily mean they represent the truth. Everyone should stay vigilant and develop a habit of verifying facts,” police said last week.