The Rise of AI-Driven Cybercrime: Deep Fakes and How to Detect

It's 4pm on a Friday and you get an urgent call from the CEO asking you to make a transfer before the banks close at 5pm. If you don't transfer before the end of the day, the large government contract you've been working on this quarter will be lost. Since its your bosses voice, you don't give it another thought. You transfer the money and right before the deadline and breath a sigh of relief.

On Monday, you ask your CEO, "Did we get that deal? I transferred the money right before the banks closed on Friday."

Your CEO looks at you and says, "What transfer?"

"You must be kidding. We talked on the phone on Friday..."

Your heart sinks as you realize you have been the victim of a deep fake social engineering scam.

The rapid advancement of artificial intelligence (AI) has brought about significant threats by lowering the bar for cybercriminals.? ?Cybercriminals are increasingly leveraging AI to execute highly targeted and convincing scams, posing a serious risk to individuals and organizations alike.

This article explores several high-profile cases of AI-driven cybercrime, highlighting the need for heightened vigilance and robust security measures.

The Voice-Generating AI Scam: Urgent Wire Transfer is a Red Flag

In March 2019, a sophisticated cyberattack unfolded, leveraging voice-generating AI software to mimic the voice of a chief executive. This incident involved fraudsters impersonating the CEO of a Germany-based parent company to deceive the CEO of a U.K. energy company into making an urgent wire transfer to a Hungary-based supplier. The attackers assured reimbursement, but the funds, totaling $243,000, were quickly funneled through accounts in Mexico and other locations, complicating the traceability of the fraudsters.

The cybercriminals attempted a second transfer, claiming the first payment had been reimbursed. However, the U.K. CEO, noticing discrepancies, refused. A third call, made from an Austrian number, further raised suspicions, preventing additional losses.

The Ferrari Scam: Ask Questions

In another case, a Ferrari executive received text messages and calls from an unknown number, purportedly from the CEO, discussing a confidential acquisition. The scammer, mimicking the CEO’s accent, raised suspicions to the CFO.? How did he know it wasn’t actually the CEO?? The CFO asked the scammer what book he recommended him a few months back.? The attacker went away when he realized he was found out.

The Arup Deepfake Incident: Seeing is Believing

A staff member at Arup was deceived by a deepfake video conference with a fake CFO, leading to multiple transactions to Hong Kong bank accounts. The exact financial impact of this scam was not disclosed, but the average cost of AI-driven cyberattacks, including IT damage, technical support, forensics, and customer service operations, can reach up to $5.34 million.

The KnowBe4 Fake Employee Scam: Hiring a Spy

KnowBe4 experienced a sophisticated scam where a real person used a stolen identity enhanced by AI to pass multiple video conference-based interviews. The company swiftly identified the deception and took necessary steps to prevent a more significant breach. The cost of such identity theft incidents can be substantial, often involving extensive remediation efforts and potential legal costs.

Unprecedented increase in phishing email:

Phishing emails have increased 1,265% since ChatGPT launched. The amount of phishing emails can overwhelm companies. You just can't rely on a email filters 100% as AI has made these schemes better and better to get past these software programs.

Preventative Measures and Vigilance

To combat these threats, organizations must implement robust controls:

• Scan Remote Devices: Regularly check for unauthorized remote connections.
• Better Vetting: Implement rigorous verification procedures and avoid relying solely on email references.
• Enhanced Monitoring: Strengthen monitoring to detect and respond to potential threats promptly.
• Security Awareness: Educate employees about social engineering and sophisticated cyber threats.

The Role of Technology in Detection

Technological advancements are also aiding in the detection of deepfakes. Tools like Intel’s FakeCatcher analyze image pixels to identify inconsistencies, while Northwestern Kellogg’s tests focus on hands, lighting, shadows, and other anomalies.

These incidents underscore the importance of vigilance and robust security measures in the face of evolving AI-driven cyber threats. By staying informed and implementing comprehensive security protocols, organizations can better protect themselves against these sophisticated attacks.

If you made it this far, you've become a cyber insurance master, so congratulations. Be sure to subscribe to get more exciting cybersecurity and cyber insurance content. :)

Hungry for more cybersecurity content? Check out the 14 steps to protect your business' data.

?