Emerging Tech Risk Series No. 5

The Art of Deception

“All warfare is based on deception.” – Sun Tzu, The Art of War

Victory for Fraudsters

An employee in the finance department received a phishing email about a secret transaction that required her to make funds transfers.

She suspected the email was fake.

Then, she unknowingly participated in a deepfake video conference call (allegedly on Zoom) in real-time.

The Chief Financial Officer and a few colleagues she knew attended the Zoom meeting. Again, they instructed her to wire the funds and keep the transactions confidential.

She carried out 15 transactions as instructed to five local bank accounts, which came to a total of approximately $25m.

Later, the company discovered the fraud.

In reality, all participants in the Zoom meeting were fake. The fraudsters downloaded videos in advance and then used artificial intelligence to add fake voices to use in the video conference.

One phone call to the CFO could have changed the outcome. Yet, a finance clerk may hesitate to question a CFO’s request. Here, you need to overcome any blame or shame if a team member seeks to verify instructions.

Victory for Executives

You win the deepfake game by being aware, and attentive, and creating a code word or question that a fraudster would not know.

A scam involved impersonating the CEO through a fake WhatsApp account and orchestrating a virtual meeting via Microsoft Teams.

The imposters utilized a?voice clone and pre-recorded YouTube footage?to further deceive participants in hopes of soliciting money and obtaining personal details. ?

The vigilant executive felt something was not quite right. He did not comply with the request for funds.

On a video call, an executive asked the caller an important question that only he would know the answer to about the book he had just loaned him to read. Of course, the hacker could not answer and ended the call. ?

Winning the Deepfakes Game

These wins are about vigilance in your financial transactions. You identify the risks, you ensure that your teams are aware of the risks through communication and training, increase the odds that employees will spot the deepfakes, and impact the outcome. ?

If your executives and employees see red flags, they should pause, think, and verification:

·?????? Use visual cues to verify participants

·?????? Watch for lip-syncing or weird facial expressions

·?????? For substantial financial transactions, a secondary email, SMS, or authenticator app will help confirm real participants

·?????? Meeting participants could use an encrypted messaging app to verify identities

·?????? Update video conferencing software and security features

·?????? Timing matters so watch for urgency, secrecy, or rushed requests

All of your employees need to be aware of the risk that fraudsters can use AI technology in online meetings.

If they see a red flag, do a reality check: pause, think, and verify. ?

The human factor is vital in AI-based real-time fraud. A touch of skepticism goes a long way.

CTA

If you want to dig deeper into solutions, contact me here on LinkedIn or my website The Cyber Dawn.

In the meantime, pause, think, and verify!

Thanks for your time,

Dawn