Video conference reportedly filled with AI-generated deepfake personas
A multinational company in Hong Kong lost HK$200 million after one of its employees fell victim to a sophisticated deepfake video conference scam, according to reports.
The RTHK reported, citing the police, a clerk who was duped into transferring the amount after participating in a video conference last month where all other participants turned out to be AI-generated deepfake personas.
Acting senior superintendent Baron Chan said the employee was first invited to the fake video conference by the fraudster who was posing as the company's chief financial officer.
The fraudster likely downloaded the videos in advance and then used artificial intelligence to add fake voices to use in the video conference, according to the police official.
"Because the people in the video conference looked like the real people, the informant... made 15 transactions as instructed to five local bank accounts, which came to a total of HK$200 million," Chan said as quoted by RTHK.
The employee only realised that it was a scam after speaking to the company's head office, according to the police, who did not name the firm and employee involved.
Vigilance urged for deepfake
The situation prompted the police to ask the public to be more vigilant amid new deception tactics.
"In the past, we would assume these scams would only involve two people in one-on-one situations, but we can see from this case that fraudsters are able to use AI technology in online meetings, so people must be vigilant even in meetings with lots of participants," Chan said.
To prevent similar situations from happening again, the police advised individuals to confirm details through regular communication channels and ask questions during video conferences to check if the other participants are real.
The news comes as executives across the world believe that their company's next cybersecurity breach will likely be because of an internal staff error.
Rahul Mahna, partner and head of Outsourced IT Services at EisnerAmper, previously urged employers to train staff on cybersecurity and refresh the training at regular intervals.
"Given the increase in virtual/hybrid work, most companies should be conducting cybersecurity training at least quarterly," Mahna said.