CEO Deepfakes Targeting Gullible Employees

That familiar voice on the phone? Could be a deepfake. The face you’ve seen a thousand times in meetings? Don’t assume it’s the real person talking to you on a video call.

Cyber criminals are perfecting new scams using AI, and existing voice and video footage of powerful CEOs and CFOs. Their deepfakes are getting better and a lot of companies aren’t prepared for the new wave of threats.

Case in point: Threat actors (TAs) created a WhatsApp account for Mark Read, CEO of advertising and communications giant WPP, and then set up a meeting with a WPP exec. The TAs uploaded YouTube video samples of Read speaking into an AI voice generator. The deepfake Mark Read talked about wanting to start a new business and phished for financial info. The TAs also impersonated Read during a live chat.

Luckily for WPP, the scam didn’t work. The company exec smelled a rat and ended the meeting before mistakenly divulging any financial info or customer data. Read soon after alerted company employees to the phishing attempt. “Just because the account has my photo doesn’t mean it’s me,” Read warned staffers. The CEO also cautioned staffers not to respond to any requests for money transfers.

Not Always a Happy Outcome for Targeted Firms

Companies need to be on their toes when it comes to deepfake threats. Employees need to know the ways TAs infiltrate businesses, and be given the green light to refuse requests to share info — or transfer money.

Alarm bells unfortunately didn’t go off until an hour or so after an employee transferred $25.6 million to 15 accounts by order of the company CFO. Only the CFO wasn’t who he claimed to be — “he” was a deepfake.

Months after Hong Kong police reported the scam, now we now the company involved: Arum, a United Kingdom-based engineering firm, according to The Financial Times. Arum confirmed a financial staffer fell for an AI video/voice scam.

Police are still after the TAs and the money they stole. Arum told the Times “[o]ur financial stability and business operations were not affected and none of our internal systems were compromised.”