Deepfake scams

Cyber security threats are always changing. A new concern is deepfakes, which use fake audio and video created by artificial intelligence to impersonate real people.

In 2017, the first known deepfake scam involved someone mimicking the voice of a European company's chief executive officer (CEO). This was used to instruct a divisional CEO in a company in the United Kingdom to send £220,000 (A$392,000) to a ‘Hungarian supplier’ urgently.

The money ended up in a Mexican account and was sent to other untraceable accounts. The scammers tried this twice more, but the UK CEO became suspicious and stopped sending money.

This case shows the importance of verifying identities and instructions and managing access rights within organisations. It’s crucial to have steps like secondary approvals, checking for red flags, and scrutinising unusual domains or email signatures.

Since this first case, there have been many high-profile deepfakes, including a $35 million heist in Dubai. Deepfake technology is likely to keep evolving, leading to more AI-based identity fraud and other biometric scams.