Hong Kong office of a multinational company has been targeted in an unprecedented scam employing deepfake video technology, resulting in a staggering loss of HK$200 million.
In a startling revelation, the Hong Kong office of a multinational company has been targeted in an unprecedented scam employing deepfake video technology, resulting in a staggering loss of HK$200 million (equivalent to USD 25.6 million).
The local authorities, reporting on Sunday (Jan 4), described the incident as the first in Hong Kong, marking a significant escalation in cybercrime tactics within the region.
The sophisticated scheme unfolded when an unsuspecting employee within the company’s finance department received a deceptive phishing message, purportedly from the UK-based chief financial officer. The message, appearing authentic, claimed the necessity of a confidential transaction. Despite initial skepticism, the employee was persuaded to participate in a video conference call where familiar faces, including the CFO, seemed to be present.
However, appearances were deceiving. The individuals on the call were not who they appeared to be; they were digitally recreated using deepfake technology to mimic the executives’ voices and appearances convincingly. Acting Senior Superintendent Baron Chan Shun-ching revealed that the impersonations were so precise that they even interacted with a degree of authenticity, issuing orders during the call. Nevertheless, deeper scrutiny would have likely exposed the ruse.
“This time, in a multi-person video conference, it turns out that everyone you see is fake,” stated Chan, emphasizing the extent of the deception. He further explained that the scammers utilized deepfake technology to replicate the voices of their targets while reading from a prepared script.
The scam persisted for approximately a week before the employee’s suspicions were aroused, prompting a check with company headquarters. Subsequent police investigations uncovered the intricate web of deception orchestrated by the scammers, who exploited public footage of the executives to fabricate their digital avatars and utilized deepfake technology to imitate their voices and mannerisms.
While the identity of the victimized company remains undisclosed, authorities are urging heightened vigilance to prevent similar scams involving deepfake technology. Superintendent Chan advised individuals to verify authenticity by requesting simple actions, such as head movements, and to exercise caution if financial transactions are solicited during video calls.
The incident underscores the escalating sophistication of cybercrime tactics, with deepfake technology posing a significant threat to corporate security and financial integrity. This development follows recent concerns over the proliferation of deepfake content, exemplified by a notable case involving the unauthorized use of AI-generated images of pop star Taylor Swift, prompting swift action from online platforms to mitigate the spread of such fraudulent material.
As businesses grapple with evolving cybersecurity challenges, combating deepfake scams necessitates a multifaceted approach encompassing enhanced awareness, robust authentication measures, and technological safeguards to safeguard against malicious exploitation.