We’ve all been there: You’re on a video conference call with your bosses, and in that call, they tell you to do something for work, so naturally, you do it. For one finance professional, though, their decision to follow through cost the firm $25 million in a deepfake scam.
According to Hong Kong police, on Jan. 29, 2024, an unnamed employee in Hong Kong’s finance industry was on a video conference call with higher-ups when they asked them to transfer $25 million to a designated bank account. The Guardian reports that the employee was informed in advance that there would be the need for “confidential transactions” from who they thought was their company’s chief financial officer.
According to acting senior superintendent Baron Chan,
“[The fraudster] invited the informant [clerk] to a video conference that would have many participants. Because the people in the video conference looked like the real people, the informant … made 15 transactions as instructed to five local bank accounts, which came to a total of HK$200 million [about $25 million]”
via RTHK
The problem was that everything about that video conference call was fake.
Scammers used AI to steal money
According to RTHK, Hong Kong authorities believe whoever set up that conference call downloaded video and audio of the other employees at the firm to build AI versions of company executives — including audio — and then convinced the person to transfer money into the accounts they provided, opening up a whole realm of possibility of AI-based workplace risk. The deception was uncovered when the financial clerk told the corporate head office about the transfer. The person later said everyone on the call — including faces and voices — looked just like people they recognized from the company.
Authorities are now recommending employees confirm details from video conference call meetings through traditional channels and ask probing questions while on the call to make sure it’s real.
Hong Kong acting superintendent Chan said,
“We want to alert the public to these new deception tactics. In the past, we would assume these scams would only involve two people in one-on-one situations, but we can see from this case that fraudsters are able to use AI technology in online meetings, so people must be vigilant even in meetings with lots of participants.”
via RTHK
No matter what, you’ll likely never accept a work-related Zoom call invitation the same way again. Whoever perpetrated the deception was charged with “obtaining property by deception.” As of this report, no arrests were made, and the investigation was ongoing.