Live Deepfake Attack Strikes Hong Kong Once Again
A UK-based multinational firm's Hong Kong office defrauded of HK$4M
A UK-based multinational company’s Hong Kong office recently fell prey to a deepfake scam, resulting in a HK$4 million ($511,968) loss. This is now the second deepfake attack in Hong Kong, with losses totaling ~$26 million.
What Happened?
The unsuspecting employee received a WhatsApp message from the individual impersonating the CFO and requested a Zoom meeting for the following day. During the video call, the deepfake CFO convincingly instructed her to transfer HK$4 million to several bank accounts, allegedly to fund a new company branch. The employee, seeing the familiar face and hearing the familiar voice, complied without suspicion, making multiple transfers that day.
It was only after the employee sought verification that she realized what had truly occurred. This incident marks the second deepfake scam reported in Hong Kong, following a similar case involving the London-based design and engineering firm Arup, which lost HK$200 million in January under similar circumstances.
The Role of Deepfake Technology in the Scam
Fraudsters leveraged publicly available footage of the CFO, combined with sophisticated deepfake technology, to recreate his voice and image. This allowed them to impersonate him with a level of realism that easily deceived the employee during the video conference.
The Hong Kong police, via their CyberDefender Facebook page, emphasized the need for vigilance, reminding the public that appearances can be deceiving. They advised always verifying the identity of anyone requesting financial transactions, especially through direct contact.
The Growing Threat of Business Email Compromise and Deepfake Attacks
According to the FBI, business email compromise (BEC) attacks have led to exposed losses of $51 billion. In 2023 alone, BEC attacks accounted for $2,946,830,270 in reported losses. As these attacks become more frequent, attackers are increasingly investing in AI and deepfake technology to drastically enhance their schemes' success rate. The recent incident in Hong Kong exemplifies how these advanced technologies can be weaponized to deceive companies.
How IdentifAI’s KYE Solution Could Have Prevented the Fraud
This incident highlights the critical need for robust identity verification in video conferencing. At IdentifAI, we have developed a Know Your Employee (KYE) solution designed to thwart such sophisticated scams. Our technology integrates directly into video conferencing platforms like Zoom, Teams, and Google Meet, providing an additional layer of security.
During a video call, our KYE bot actively verifies the identities of all participants. In this case, our solution would have detected the discrepancy between the deepfake and the real CFO, flagging the impostor as unverifiable. This immediate alert would have prompted the employee to investigate further before proceeding with any financial transactions, thereby preventing the scam.
Takeaways
As deepfake technology becomes more advanced, the risk of such attacks increases. The recent scam in Hong Kong underscores the necessity of proactive measures to ensure cybersecurity. IdentifAI’s KYE solution represents a crucial defense mechanism, ensuring that even the most convincing deepfakes are identified before they can cause harm. Businesses must adopt such technologies to safeguard their operations and protect their employees from falling victim to increasingly sophisticated cyber threats.
Sources
This article is based on information from the South China Morning Post by Clifford Lo, FBI data, and Frank On Fraud blog linked below.
FBI Data - “10 BEC Statistics”
The SSL Store - “A Look at U.S. Business Email Compromise Statistics (2024)”
Frank On Fraud - “They’re Here. Deepfake BEC Zoom Calls Are A Real Deal”