Learn how AI scammers used deepfake technology to trick a multinational company into transferring over 25 million US dollars. Discover the warning signs of deepfake manipulation and how to protect yourself from falling victim to these sophisticated scams. This article is by Raphael Ebba, Security Engineer at Convergence Networks.
In a recent social engineering attack using deep-fake AI, a multinational company was tricked into transferring them over 25 million US dollars. A “Deepfake” is a video of a person in which their face or body has been digitally altered so that they appear to be someone else. The scammers used publicly available videos and pictures to use AI to create deepfakes that could be used during live video calls. The victim was a financial employee that received an email from the chief financial officer regarding a “secret business transaction”. The victim then joined a video conference with the false CFO, and other corporate executives that all looked and sounded legitimate. During this call, the victim only interacted with the CFO and was instructed to transfer 25.5 million dollars across multiple accounts. Once the transfers were complete, the call ended abruptly. A week later, the employee decided to call the corporate office to verify the transactions, only to find out that this was all a scam.
What can we learn from this unfortunate incident? Stick to your guts. When things seem suspicious or unusual, we should verify. Call the contact directly through a known and trusted method, such as their direct line as listed in the company directory. If possible, verify with multiple sources. In this case, a video call using deepfake AI was used to legitimize the “transaction”. Here are some tips to help you identify the use of deepfakes during video calls.
Staying Safe from AI Scammers
- Observe facial expressions and movements: Deepfake videos often lack natural facial expressions and movements. Look for inconsistencies such as unnatural blinking, lack of subtle movements like micro-expressions, or strange facial distortions.
- Pay attention to eye contact: In real conversations, people tend to make natural eye contact. If the person in the video call avoids making eye contact or if their gaze seems unnatural, it could be a sign of deepfake manipulation.
- Listen to the voice: While deepfake technology can also alter voices, it might not always be perfect. Listen for any unnatural fluctuations or artifacts in the voice that could indicate tampering.
- Look for unusual artifacts: Deepfake videos might have visual artifacts such as strange blurring around the edges of the face, mismatched lighting, or inconsistencies in the background.
- Test with unexpected questions or tasks: Deepfake algorithms may struggle to respond appropriately to unexpected questions or tasks. Try asking unexpected questions or requesting the person to perform specific actions to see if their responses seem genuine.
- Use specialized software: There are emerging technologies and software tools designed to detect deepfake videos. While these tools might not be perfect, they can still provide some level of assistance in identifying manipulated content.
- Verify the source: If possible, verify the identity of the person you’re talking to through alternative means such as contacting them through another channel or using multi-factor authentication.
- Trust your instincts: If something feels off or too good to be true, it’s worth being cautious and investigating further.
Ultimately, it is important for business leaders to build a total cybersecurity framework to stay secure in the face of increasingly sophisticated threats such as deepfake AI scams. Developing and implementing robust policies and procedures can help protect your business from falling victim to these attacks. If you need help in building a cybersecurity framework for your business, don’t hesitate to contact us. We can provide expert guidance and support in developing and implementing effective security measures to keep your business safe.
