The one-two punch of scammers using a phishing ploy followed by AI generated deepfake technology cost a company the equivalent of 25 million dollars.
The scam was initiated with a phishing email that the targeted employee found suspicious. The employee ignored the classic warning signs of the urgent request by a high-level executive (this case the CFO) after the scammers held a 100% fake multi-person video call. The perpetrators successfully impersonated the identify of every person on the call including their appearance and voices. This alleviated any doubt in the employee’s mind that they needed to fulfill the request to send the funds.
The scam was discovered a week later when the employee checked in with the firm’s head office. Unfortunately, the damage was done.
Deepfake scams such as these have become increasingly simple to create and alarmingly effective in execution. A study from the University College London found that it now only takes a 3 second recording of someone’s voice to enable an algorithm to clone it.
As scams such as this continue to happen, it is time for organizations to recondition their workforce to look for threats using synthetic media.