Feb 4, 2024
Ross Lazerowitz
Co-Founder and CEO
What happened:
Over the weekend, it was reported that a multinational company in Hong Kong lost $25.6 million due to a deepfake scam. (source: SCMP)
How it started:
We don't have all the details, but here's what we know so far. Scammers used traditional phishing tactics to trick an employee at the Hong Kong branch of the company. They likely used a combination of email and instant messaging to pose as a company executive and tell the employee that a secret transaction needed to be carried out. The scammers then invited the employee to a video conference with multiple people present, including the CFO, staff, and third-party individuals. However, the entire video conference was a pre-generated deepfake video. The employee was given orders during the video conference before it abruptly ended. The Hong Kong police reported that the scammers did not actually interact with the employee during the video conference.
What you should do:
Social engineering attacks are constantly changing, and scammers are now using social engineering-based approaches since more people are working from home and basic security has improved. Here are some tips to help protect your organization:
Read the Cybersecurity & Infrastructure Security Agency’s report on deepfake threats to organizations.
Make sure your employees are aware of these types of attacks and remind them of the importance of following proper procedures.
Learn how to identify deepfake video conference calls by asking people to turn their heads to the right and left and show their ID cards.
Check the contact information in your directory and call an employee back at the number listed.
Use multifactor authentication (MFA) tools to send push notifications to verify identity.
Stay on top of advancements in deepfake technology.
Try Mirage
Learn how to protect your organization from spearphishing.