A poor peon in the finance department of a large company got taken in by a deepfake of the firm’s chief financial officer. They were told to transfer company funds to several “secret” accounts. And, after shaking off their doubts, they did: all $25.6 million of it.

It’s a taylor-made story—but is there nothing new? In today’s SB Blogwatch, AI’s the problem, not me. [You’re fired—Ed.]

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Green skywashing.

“Suspicious”
A multinational company lost … US$25.6 million in a scam after employees at its Hong Kong branch were fooled by … a digitally recreated version of its chief financial officer ordering money transfers in a video conference call. … Everyone present on the video calls except the victim was a fake [but] looked and sounded like real people the targeted employee recognised.
…
The scammers were able to generate convincing representations of targeted individuals that looked and sounded like the actual people. … The employee followed instructions given during the meeting and made 15 transfers totalling HK$200 million to five Hong Kong bank accounts. … The person realised it was a scam upon making an inquiry with the company’s headquarters.
…
The force said it hoped members of the public were aware that scammers were now capable of using deepfake technology. … Senior Inspector Tyler Chan Chi-wing … suggested asking the person to move their head, posing questions to determine their authenticity and become immediately suspicious the moment money is requested.

“No surprise”
Deepfakes are videos that have been manipulated by computers … to make people appear to say or do something they never did, or to appear in places they weren’t. Thanks to advances in AI, deepfakes have become more convincing than ever before, and they’re often used to defame people in the public eye.
…
It’s no surprise that the technology is being abused by criminals in some very inventive ways to facilitate scams. The Hong Kong police said that it alone has come across more than 20 cases that involved the use of AI deepfakes to trick facial recognition systems. [They] recently arrested six people in connection with a scam that involved eight stolen Hong Kong identity cards. The scammers used the cards to create deepfakes that could fool facial recognition systems, and then applied for more than 90 loan applications and bank account registrations.

It’s easy. We just generate our own key pairs, establish a web-of-trust by signing each others public keys at in-person meetups, and then use those signed keys to authenticate all the digital communication we do with each other.

You know, like we’ve been doing with our emails since PGP was developed in 1991. You can tell how simple the process is, by how ubiquitous it has become in a mere 30 years!

If the Universe had a sense of irony, the company would be Zoom.

LOL. Won’t happen to us: Our managers insist on people being in office 5 days a week for 12 hours, so no Zoom calls or anything.

Senior management needs to take the lead setting up policies that are efficient enough to not encourage people … to bypass them—and the culture that everyone in the company should feel comfortable telling the CEO, “I’m not allowed to do that.” This is possible but it has to be actively cultivated.
…
[It’s] a management responsibility: … Dominance culture is very common and it basically ensures this kind of stuff will keep happening, similar to how all of the phishing training in the world is largely cancelled out by not requiring partners and vendors to have better email practices. It might take that CFO featuring in a crime like this one to get their attitude to change.

With no second sign-off and the first one either on paper in person or certified by a second person or verified with a call-back on the phone? That is just incredibly dysfunctional. Not saying you need this process for small stuff like $1000, but for $25M? Seriously?

My parents, friends and coworkers all still getting scammed by emails that are barely beyond the quality of Nigerian Prince pleas. … If high-quality deepfakes go mainstream, … it’s going to be a fools errand trying to keep everyone and their mothers from emptying their bank accounts at the drop of a hat.

Every process has exceptions. And there is no process stronger than the manager firing an employee for disobeying an order.

Recent Articles By Author