Feb 4, 2024

$25 Million HK Deepfake Theft: What You Need To Know

$25 Million HK Deepfake Theft: What You Need To Know

$25 Million HK Deepfake Theft: What You Need To Know

$25 Million HK Deepfake Theft: What You Need To Know

Multinational company in Hong Kong loses $25.6 million to a sophisticated deepfake scam

Multinational company in Hong Kong loses $25.6 million to a sophisticated deepfake scam

Multinational company in Hong Kong loses $25.6 million to a sophisticated deepfake scam

Multinational company in Hong Kong loses $25.6 million to a sophisticated deepfake scam

Ross Lazerowitz

Co-Founder and CEO

What happened:

Over the weekend, it was reported that a multinational company in Hong Kong lost $25.6 million due to a deepfake scam. (source: SCMP)


How it started:

We don't have all the details, but here's what we know so far. Scammers used traditional phishing tactics to trick an employee at the Hong Kong branch of the company. They likely used a combination of email and instant messaging to pose as a company executive and tell the employee that a secret transaction needed to be carried out. The scammers then invited the employee to a video conference with multiple people present, including the CFO, staff, and third-party individuals. However, the entire video conference was a pre-generated deepfake video. The employee was given orders during the video conference before it abruptly ended. The Hong Kong police reported that the scammers did not actually interact with the employee during the video conference.


What you should do:

Social engineering attacks are constantly changing, and scammers are now using social engineering-based approaches since more people are working from home and basic security has improved. Here are some tips to help protect your organization:


  • Read the Cybersecurity & Infrastructure Security Agency’s report on deepfake threats to organizations.

  • Make sure your employees are aware of these types of attacks and remind them of the importance of following proper procedures.

  • Learn how to identify deepfake video conference calls by asking people to turn their heads to the right and left and show their ID cards.

  • Check the contact information in your directory and call an employee back at the number listed.

  • Use multifactor authentication (MFA) tools to send push notifications to verify identity.

  • Stay on top of advancements in deepfake technology.



Try Mirage

Learn how to protect your organization from spearphishing.

Free Vishing Simulation

Concerned about voice phishing? Get a free vishing simulation and speak directly with our founders.

© Copyright 2024, All Rights Reserved by ROSNIK Inc.

Free Vishing Simulation

Concerned about voice phishing? Get a free vishing simulation and speak directly with our founders.

© Copyright 2024, All Rights Reserved by ROSNIK Inc.


Free Vishing Simulation

Concerned about voice phishing? Get a free vishing simulation and speak directly with our founders.

© Copyright 2024, All Rights Reserved by ROSNIK Inc.


Free Vishing Simulation

Concerned about voice phishing? Get a free vishing simulation and speak directly with our founders.

© Copyright 2024, All Rights Reserved by ROSNIK Inc.