USD $25 million Dollar ‘Deep-Fake’ Scam

by Genie Sugene Gan, Director, Government Affairs & Public Policy, Asia-Pacific, Japan, Middle East, Türkiye and Africa Regions, Kaspersky

Considering the recent high-profile incident where a finance worker in Hong Kong paid out $25 million following a video call with a deepfake ‘chief financial officer’, what are your thoughts on the incident, and what proactive strategies can companies adopt to prevent or mitigate similar incidents stemming from this new form of threat.

This incident is a wake-up call for companies worldwide. It highlights the increasing sophistication of cybercriminals and the potential dangers posed by deepfakes in the business world and potentially will be expanded to target individuals.

While deepfakes sound scary and creepy, creating high-quality ones is expensive and complex, as it requires a large amount of data, with diverse photos or videos of the target needed for a convincing deepfake. On top of that, maintaining a high-quality deep fake video quality during calls will be quite challenging.

However, generative models such as stable diffusion that allows switching faces, and replacing objects in the image with almost anything cybercriminals desire could make really convincing deepfakes. The deepfake technology will continue to evolve, thus there is no reason to stand still.

To be protected from threats related to deep fakes, our experts recommend:

• Check the cybersecurity practices in place in your organization – not only in the form of software but also in the form of developed IT skills. Use Kaspersky Threat Intelligence to get ahead of the current threat landscape.

• Boost the corporate “human firewall” – ensure the employees understand what deepfakes are, how they work, and the challenges they can pose. Have ongoing awareness and education drives on teaching employees how to spot a deepfake. Kaspersky Automated Security Awareness Platform helps employees to stay up-to-date with the most recent threats and increases digital literacy levels.

• Use good quality news sources. Information illiteracy remains a crucial enabler for the proliferation of deepfakes.

• Have good protocols like ‘trust but verify’. A sceptical attitude to voicemail and videos will not guarantee people will never be deceived, but it can help avoid many of the most common traps.

• Be aware of the key characteristics of deepfake videos to look out for to avoid becoming a victim – jerky movement, shifts in lighting from one frame to the next, shifts in skin tone, strange blinking or no blinking at all, lips poorly synched with speech, digital artefacts on the image, video intentionally encoded down in quality and has poor lighting.

• Collaborate with law enforcement – staying informed about the latest deepfake scams and report any suspicious activity