AI Cybercrime Sets New Precedent with $25 Million Deepfake Heist

A recent report from the South China Morning Post uncovered a major financial loss suffered by a multinational company’s Hong Kong office, totaling HK$200 million (US$25.6 million), as a result of a sophisticated scam involving deepfake technology. The scam involved a digitally recreated version of the company’s chief financial officer and other employees, who appeared in a video conference call instructing an employee to transfer funds.

The Hong Kong police did not disclose the identity of the company involved due to an ongoing investigation. Deepfakes, which use AI tools to create highly convincing fake videos or audio recordings, present significant challenges for individuals and organizations to distinguish between real and fabricated content.

This incident is the first of its kind in Hong Kong to involve a large sum and the use of deepfake technology to simulate a multi-person video conference where all participants, except the victim, were fabricated images of real individuals. The scammers convincingly replicated the appearances and voices of targeted individuals using publicly available video and audio footage.

The Hong Kong police are currently conducting an investigation into the case, with no arrests reported so far. The scam was initially discovered following a phishing attempt, when an employee in the finance department of the company’s Hong Kong branch received what seemed to be a phishing message from the company‚Äôs UK-based chief financial officer, instructing them to execute a secret transaction.

Despite initial doubts, the employee was convinced enough by the presence of the CFO and others in a group video call to make 15 transfers totaling HK$200 million to five different Hong Kong bank accounts. The scam was only realized about a week later, prompting a police investigation.

This high-tech theft highlights the growing concern over new uses of AI technology, which has been brought to the forefront due to incidents such as the spread of fake explicit images of pop superstar Taylor Swift. Over the past year, scammers have been using audio deepfake technology to impersonate loved ones in trouble and scam people out of money.

Acting senior superintendent Baron Chan Shun-ching of the Hong Kong police emphasized the uniqueness of this scam, noting that it was the first instance in Hong Kong where victims were deceived in a multi-person video conference setting. He pointed out the scammer’s strategy of not engaging directly with the victim beyond requesting a self-introduction, which made the scam more convincing.

The police have provided tips for verifying the authenticity of individuals in video calls, such as asking them to move their heads or answer questions that confirm their identity, especially when money transfer requests are involved. Another potential solution to deepfake scams in corporate environments is to equip every employee with an encrypted key pair, establishing trust by signing public keys at in-person meetings and using those signed keys to authenticate parties in remote communications.

Additionally, the Hong Kong police plan to enhance their alert system covering the Faster Payment System (FPS) to include warnings for transactions linked to known scams, expanding the coverage to include a broader range of electronic and in-person transactions by the second half of the year.

Leave a Reply

Your email address will not be published. Required fields are marked *