Man
Professional
- Messages
- 3,055
- Reaction score
- 580
- Points
- 113
A multinational company has lost $25.6 million in fraud after an employee at its Hong Kong branch was tricked into paying for video conferences using deepfakes.
Everyone present on the video calls except the victim was fake. The scammers used publicly available videos and other materials to create convincing deepfakes.
Police say this is the first time a victim has been tricked using a group deepfake rather than a one-on-one conversation.
The fraudsters targeted an employee of the branch's finance department, who apparently received a phishing message. In mid-January, he received a request allegedly from the company's finance director in the UK, who said that a secret transaction needed to be carried out.
The employee had doubts until he was invited to a group call. There he saw the alleged CFO of the company and other employees.
The employee eventually followed the instructions of the video conference participants and made 15 transfers totaling $25.6 million to five bank accounts in Hong Kong. He then made a request to the company's headquarters and realized that he had been deceived.
During the video call, its participants barely communicated with the employee, but mostly gave him instructions. At some point, the meeting suddenly ended, but this did not bother the employee.
The scammers then maintained contact with the victim via instant messaging platforms, email and one-on-one video calls.
Police said they had contacted two or three company employees in total.
Detective Chief Inspector Tyler Chan Chi-wing said there were several ways to test a person's identity in a video meeting, including asking them to move their head and answering questions that only they could know the answers to.
Police now plan to expand their alert service to include the Faster Payment System (FPS) to warn users that they are transferring money to fraudulent accounts.
In 2020, fraudsters cloned the voice of a UAE bank director and used it to rob the financial institution. They were able to steal $35 million.
Meanwhile, cybersecurity experts at FACCT (formerly Group IB) have reported an increase in the use of audio deepfakes for fraudulent calls in messengers. Using AI, hackers fake the voices of company executives to authorize the transfer of funds. Small and medium-sized businesses, where many processes are tied to the owner, are most susceptible to such attacks.
Source
Everyone present on the video calls except the victim was fake. The scammers used publicly available videos and other materials to create convincing deepfakes.
Police say this is the first time a victim has been tricked using a group deepfake rather than a one-on-one conversation.
The fraudsters targeted an employee of the branch's finance department, who apparently received a phishing message. In mid-January, he received a request allegedly from the company's finance director in the UK, who said that a secret transaction needed to be carried out.
The employee had doubts until he was invited to a group call. There he saw the alleged CFO of the company and other employees.
The employee eventually followed the instructions of the video conference participants and made 15 transfers totaling $25.6 million to five bank accounts in Hong Kong. He then made a request to the company's headquarters and realized that he had been deceived.
During the video call, its participants barely communicated with the employee, but mostly gave him instructions. At some point, the meeting suddenly ended, but this did not bother the employee.
The scammers then maintained contact with the victim via instant messaging platforms, email and one-on-one video calls.
Police said they had contacted two or three company employees in total.
Detective Chief Inspector Tyler Chan Chi-wing said there were several ways to test a person's identity in a video meeting, including asking them to move their head and answering questions that only they could know the answers to.
Police now plan to expand their alert service to include the Faster Payment System (FPS) to warn users that they are transferring money to fraudulent accounts.
In 2020, fraudsters cloned the voice of a UAE bank director and used it to rob the financial institution. They were able to steal $35 million.
Meanwhile, cybersecurity experts at FACCT (formerly Group IB) have reported an increase in the use of audio deepfakes for fraudulent calls in messengers. Using AI, hackers fake the voices of company executives to authorize the transfer of funds. Small and medium-sized businesses, where many processes are tied to the owner, are most susceptible to such attacks.
Source
