The perpetrators successfully swindled $200 million Hong Kong dollars (equivalent to approximately $25.6 million USD) from the employee by creating convincing deepfake replicas of the individual's colleagues, including the company's Chief Financial Officer (CFO). The fraudulent activity occurred during a video conference call, as reported by CNN.
Senior Superintendent Baron Chan Shun-ching, representing the cyber security division of the Hong Kong police, shed light on the deceptive tactics used in the scam.
According to Chan, the fraudsters orchestrated a video conference with multiple participants, all of whom appeared to be authentic colleagues of the victim.
The employee, convinced by the lifelike deepfake impersonations, proceeded to carry out 15 transactions to five local bank accounts as per the scammers' instructions.
Chan emphasized the utilization of artificial intelligence (AI) to manipulate pre-existing videos and fabricate counterfeit voices within the video conference, enabling the fraudsters to execute their scheme with precision.
The incident unfolded in January when the victim received a message purportedly from the company's CFO based in the UK, inviting them to participate in a confidential transaction discussion via video call.
Despite initial suspicions regarding the nature of the message and the secrecy surrounding the transaction, the victim ultimately succumbed to the ruse. Subsequently, upon realizing the fraudulent nature of the video call, the employee promptly contacted the company's headquarters.
The Hong Kong police underscored the evolving nature of deception tactics employed by cybercriminals, highlighting the incorporation of AI technology into online interactions. They advised individuals to exercise heightened vigilance, particularly during meetings involving numerous participants.
In response to the incident, the Hong Kong police outlined a set of recommendations aligned with corporate information security protocols. These recommendations include verifying meeting details through official communication channels and actively verifying the identities of participants during online interactions.
Despite efforts to combat such crimes, the Hong Kong police disclosed that six arrests had been made in connection with similar scams, although it remains unclear whether any are linked to this particular incident.
Furthermore, Chan provided insight into another instance of deepfake technology's misuse in the region, citing cases of stolen identity cards. He revealed instances where stolen Hong Kong ID cards were utilized to facilitate fraudulent activities, including loan applications and bank account registrations.
Deepfake replicas of the cardholders were employed to circumvent facial recognition systems, underscoring the multifaceted challenges posed by evolving cyber threats in the digital landscape.
If you need more information or help implementing a Cyber security plan: