The only thing more dangerous than a scammer, is a scammer using AI!

Imagine having to constantly worry if the people speaking and moving on your Zoom call are real people. Unfortunately, that’s now the norm after an employee at Arup Group recently lost the company HK$200 million by pressing the ‘send’ button after a Zoom call with scammers!

The scam involved the employee attending a video conference call with the Chief Financial Officer and other executives whom he recognised, ordering him to swiftly execute money transfers. However, every person who he saw and interacted with on the video call was fake!

The scammers used Artificial Intelligence (AI) to generate ‘deepfakes’ in order to convince the duped finance employee that he was genuinely talking to his company executives. The CIO at Arup has commented “like many other businesses around the globe, our operations are subject to regular attacks, including invoice fraud, phishing scams, WhatsApp voice spoofing, and deepfakes. What we have seen is that the number and sophistication of these attacks have been rising sharply in recent months”.

As technology progresses and our world changes, businesses and consumers must stay informed and up-to-date with the newest types of online scams. AI, specifically deepfakes, have become more convincing than ever before.

Just last weekend, a popular Malaysian singer had her voice (mis)used in AI-generated deepfakes which lured her millions of fans to transfer her money for personal rewards such as a video call with the star. Last week in the Philippines, scammers created a deepfake of a national governor endorsing a (fake) digital currency project.

Scammers are continually raising their game, and that’s exactly why they’re so hard to stop. They’re constantly perfecting their scams, taking advantage of tech innovations and honing their methods to better manipulate their targets... you and me!

Types of AI-powered scams to watch out for:

• Voice cloning scams: Fraudsters can now capture recordings of people’s voices and then use a software program to generate an imitation version which can be used to impersonate sources of authority. By leveraging information gathered from social media and other sources, scammers can personalise their scams making them even harder to spot!
• Deepfake video and video call scams: Just like the horrific incident over Zoom mentioned above, audiovisual content created with generative AI can be used to impersonate legitimate sources. By posing as government officials, company representatives, or even law enforcement officers, scammers exploit trust to convince victims to share personal information, provide access to financial accounts, or make financial transactions.
• AI-generated scam websites: Scam pages attempt to sell products that do not exist or get the users to divulge personal information. Neglecting to conduct proper research and failing to verify the authenticity of a party will leave you extremely vulnerable to scams!

So, how can we avoid falling victim to ever-more-sophisticated scams?

1. Stay informed: Regularly educate yourself about common scam tactics, emerging fraud schemes, and evolving technologies used by scammers.
2. Maintain scepticism: Approach all unexpected or unsolicited offers with extreme caution. Question the legitimacy of claims or promises that seem too good to be true (If something seems too good to be true, it probably is ! ).
3. Scrutinise emails: Be vigilant when handling email payment instructions, particularly those which alter a previously agreed payment mechanism and those from unknown / unverified sources. Watch out for spelling mistakes, suspicious links, different fonts and email addresses which don’t match the claimed source.
4. Exercise caution with financial decisions: Conduct thorough research before making any financial decisions. Seek advice from trusted professionals and verify the legitimacy of investment opportunities. With new payees / amended accounts, verify every request.
5. Regularly update internal payment policies / procedures: Ensure that all internal policies / procedures are as foolproof as they can be with multiple layers of verification checks and approval processes involving increased layers depending on the value of the payments.
6. Guard personal / important information: Never give out personal information, including bank account / credit card details, passwords, etc over email or telephone. Only provide sensitive details to trusted and verified sources. For companies, be aware of how much information is revealed through your social media or out-of-office auto replies.

Hong Kong saw a record number of scams last year, with a new victim being tricked every 13 minutes!

Stay vigilant, up your cybersecurity to the max, and minimize the chances of becoming a victim!

See below for links to previous bowers.law articles / post on fraud.

Room 228 Newsletters

• Why do employees commit fraud? ?(July 2020)
• Watch out, watch out, there’s a fraudster about! ?(August 2020)
• Don’t make it easy for the hackers! ?(October 2020)
• I’m a victim of an email bank fraud, please help me to get my money back! ?(January 2021)
• Don’t be a victim of a Rom-Con…If it looks too good to be true, it almost certainly is! ?(April 2021)
• If something seems too good to be true, it probably is ! ?(June 2021)
• Don't become a fraud statistic! (June 2022)

LinkedIn articles

• The criminal fraud numbers reported in the 18 June 2022 edition of the South China Morning Post are staggering! (June 2022)

Please contact Kevin at [email protected] if you have any questions about this Room 228 Newsletter.

This Newsletter is not intended to be and should not be relied on as legal advice. You should seek professional legal advice before taking any action in relation to the subject-matter of this Newsletter.