‍

A Hong Kong banker was happy to oblige when a client in the United Arab Emirates called asking for a $35m transfer to cover a business acquisition. The banker knew the director, recognized his voice, and had emails from the company director and his lawyer confirming the transfer. Everything seemed to be in order when the $35m left the account in 2020, but police in Dubai believe what unfolded was a complex heist involving 17 people.

According to court documents obtained by Forbes, the fraudsters used ‘deep voice’ technology to clone the director’s speech, a relatively new type of deepfake used by cybercriminals. 

Deepfakes are fake images, videos and audio made with artificial intelligence technology.

‍

‍

‍

Deepfake avatars

While old-style phishing involved sending emails or other messages to induce individuals to reveal passwords or credit card numbers, deepfakes are a sophisticated new tool in the world of cyber fraud.

Deepfake avatars created with deep-learning artificial intelligence have been used to create counterfeit videos of celebrities or distribute fake news. They can also duplicate the likeness of a person on a Zoom video call, or replicate a person’s voice on a phone call.

‍

Deepfake cloning scam

In a revealing incident in 2022, Binance communications officer Patrick Hillmann said hackers created his deepfake hologram by using audio and video they’d culled from Hillman’s media appearances and interviews. Hackers then sent one of Patrick's contacts a Zoom meeting request and used Patrick’s hologram on the call.

What hackers hadn’t factored in, was that Patrick gained 15 pounds during the Covid-19 lockdown. The business contact was suspicious and contacted Binance to report the surreal Zoom chat. In the past, hackers have also pretended to be Binance employees and executives on social media platforms including Twitter, LinkedIn, and Telegram, Hillmann said.

‍

‍

Cyber fraud and deepfakes

The first deepfakes date back to around 2017 so the technology is still in the early stages. Even so, cybercriminals aren’t waiting around. They know many companies haven’t had time to prepare their defenses again deepfakes - known in professional circles as ‘synthetic media attacks’.

According to the World Economic Forum, the number of deepfake videos online is increasing at an annual rate of 900%. At the same time, Palo Alto, California-based tech company VMware said in its Global Incident Response Threat Report that corporate attacks are on the rise with two out of three respondents seeing malicious deepfakes used as part of an attack.

‍

‍

How to combat deepfakes‍

SPYSCAPE has put together steps companies can take to counter deepfake phishing, including buying a Virtual Private Network (VPN) to stop Wi-Fi connections from being hacked. A VPN makes it all but impossible to follow your online movements because it redirects your internet traffic to a VPN server, where data is encrypted and rendered unintelligible. 

The FBI also suggests companies learn to identify deepfake spear phishing by paying attention to visual indicators such as distortion in audio and video, warping, or inconsistencies in images and video. Syncing problems between lip movement and audio is also a red flag.