Deepfake CFO tricks Hong Kong biz out of $25 million
Recordings of past vidchats suspected as source of fakery – so there's another class of data you need to lock down
A Hong Kong-based finance professional at a multinational was reportedly swindled out of $25 million (HK$200 million) of company money when scammers created a deepfake of his London-based chief financial officer in a video conference call.
The Hong Konger joined a vidchat in which his CFO appeared – but appeared a little off. So much so that the employee was initially suspicious. But his nerves were soothed as other colleagues he recognized appeared to join in on the call, the Hong Kong police reportedly explained.
The fake CFO made increasingly urgent entreaties to execute money transfers, and the victim complied with instructions given during the call – eventually making 15 transfers into five local bank accounts.
The AI-generated videos were reportedly created from past genuine online conferences. To add depth and credibility to the scam, the perpetrators utilized WhatsApp, email and one-to-one video conferences with Hong Kong staff members.
"I believe the fraudster downloaded videos in advance and then used artificial intelligence to add fake voices to use in the video conference," reported the city’s police senior superintendent, Baron Chan Shun-ching.
What else exactly happened on the fateful call is disputed. Some reports suggest just one participant on the call was real, while others suggest multiple participants were human.
All agree that AI-generated humans appeared and that sadly, the unnamed finance professional was duped. That reality was only discovered by the victim after he contacted the (also unnamed) corporation's head office.
Local media outlet The Standard declared the incident the first deepfake video conference scam in Hong Kong.
- India gives social media platforms 36 hours to remove deepfakes
- Rise of deepfake threats means biometric security measures won't be enough
- Dems and Repubs agree on something – a law to tackle unauthorized NSFW deepfakes
- 'I'm sorry for everything...' Facebook's Zuck apologizes to families at Senate hearing
In a simpler, more innocent time – around a year and a half ago – Sophos researcher John Shier told The Reg deepfakes weren't much of a threat.
According to Shier, scammers preferred simpler and cheap attacks, like old fashioned phishing.
Whether driven by the appeal of larger financial incentives, or influenced by the recent significant advancements in AI technology that facilitate their creation, it seems that the era of being unconcerned about deepfakes is fast disappearing.
While the deepfaked CFO scam may be the first reported in Hong Kong to use video conferencing, it's not the only scam using the technology. According to CNN, Hong Kong police revealed in a Friday press briefing they had made six arrests in connection with other deepfake scams and that AI deepfakes had been used at least 20 times to trick facial recognition software.
The deepfake problem is also global. US senators last week introduced a bipartisan bill that would allow victims portrayed in in non-consensual AI-generated pornographic deepfakes to sue the creators of the videos.
That move came after sexually explicit AI-generated images of Taylor Swift proliferated across social media platforms – including on X/Twitter, where they racked up tens of millions of views before the Musk-owned site blocked searches for the pop icon.
India has had similar problems when a way less graphic – but still personally and professionally violating – AI-generated video of Indian actor Rashmika Mandanna appeared online in November.
Indian IT minister Rajeev Chandrasekhar reportedly warned in late January that social media platforms would be held accountable for deepfakes their users post. ®