Deep fake AI scam fleeces firm out of $25 million

A finance employee at a multi-national company recently transferred money at the direction of the CFO during a video call. Other finance co-workers whom the employee recognized sat in on the call.

The employee dutifully made 15 separate electronic transfer of funds. $25.6 million transferred out of the company’s coffers in seconds.

Days later the company followed up on the transactions and figured out the “CFO” and staffers present on the video call were AI deep fakes. The duped employee initially suspected an email request he received to transfer funds was a phishing attempt. But once he logged onto the video call, his doubts eased. Everyone looked and sounded like the people he worked for.

The multi-national company isn’t being named in media reports because the Hong Kong police are investigating the crime. The police say this is the first time they’ve encountered a deep fake video involving multiple people in a conference setting to deceive a victim.

Police believe the scammer or scammers downloaded videos of the people from YouTube before the video call. They then used AI to create authentic-sounding voices during the call.

Is AI worth the risks? 1 in 4 companies say ‘no’

Deep fake scams are just one reason that some companies are wary of embracing AI. For now, 27% of companies are holding off usage of generative AI (GenAI) programs, according to a Cisco data privacy benchmark study.

(Caveat: These companies may not be aware of employees using GenAI regardless of what the businesses say. More than half of workers who use it to complete work tasks are doing so without their employers’ approval, according to a survey of 14,000 workers by Salesforce.)

Cisco surveyed 2,600 employees who are responsible for data security and privacy at their organizations. Their top concerns regarding GenAI are that it will:

• damage the company’s legal rights (69%)
• expose data to competitors or the public (68%)
• produce error-ridden results (68%)
• be a detriment to humanity (63%)
• replace workers (61%), and
• replace their own jobs (58%).

“Most organizations are aware of these risks and are putting in place controls to limit exposure,” says the Cisco study. “63% have established limitations on what data can be entered, 61% have limits on which GenAI tools can be used by employees, and 27% [have] banned GenAI applications altogether for the time being.” Nonetheless, many individuals have entered information that could be problematic, including employee information (45%) or non-public information about the company (48%).”