Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Social Engineering Masterstroke: How Deepfake CFO Duped a Firm out of $25 Million

    Check out this one line for a moment…“duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.

    In a worrying display of social engineering sophistication, a multinational company was defrauded of $25 million through an intricately planned deepfake scam. This scam brilliantly utilized deepfake technology to impersonate the company’s Chief Financial Officer (CFO) during a video conference call, as reported by the Hong Kong police.

    The scam unfolded when a finance worker at the company was lured into a video call, believing he was joining several colleagues for a meeting. In a revelation by the Hong Kong police, it was disclosed that the supposed colleagues were nothing more than deepfake fabrications. OUCH.

    Senior Superintendent Baron Chan Shun-ching shared the details of this elaborate ruse with RTHK, Hong Kong’s public broadcaster. He explained how the finance worker initially harbored suspicions after receiving a message, allegedly from the CFO based in the UK, suggesting a secretive transaction. The message, which initially raised red flags as a potential phishing attempt, was soon overshadowed by the convincing deepfake video call. The presence of familiar faces, recreated with staggering accuracy, led the worker to dismiss his doubts.

    Convinced of the authenticity of the meeting, the finance worker was manipulated into transferring 200 million Hong Kong dollars (approximately $25.6 million), as per the instructions given during the call.

    This incident is among a growing number of cases where criminals exploit deepfake technology to conduct fraud. Hong Kong police revealed that six individuals were arrested in connection with such scams, highlighting the rising trend of using sophisticated artificial intelligence to deceive and defraud.

    Further investigations uncovered that eight stolen Hong Kong identity cards, reported as lost, were utilized to apply for 90 loans and create 54 bank accounts over a three-month period. In an alarming twist, deepfakes were employed in at least 20 instances to fool facial recognition systems, impersonating the identities on the stolen cards.

    The fraudulent activity came to light only after the finance worker verified the transaction with the company’s headquarters, exposing the deceit.

    This case underscores the urgent need for heightened awareness and advanced security measures. As these tools become more accessible and their applications more sophisticated, the potential for their misuse in social engineering scams is clear. Get your users trained to spot scams like this. Start with a demo.


    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top