UHY Ross Brooke Chartered Accountants

Am I real?

Newbury accountantNo this isn’t some deep and meaningful blog about the meaning of life. My question is, when you talk to me, how do you know this is really me Chris Davies? How do you know you are not talking to a deepfake version of me?

by Chris Davies

In a recent case of serious technological deception, a multinational company based in Hong Kong fell victim to a sophisticated scam involving deepfake technology, resulting in a staggering loss of HK$200 million (approximately US$25.6 million).

The scam was executed by criminals who created digitally manipulated video representations of the company’s chief financial officer and other staff members during a video conference call. The deepfakes were so convincingly executed that the company’s finance department employee, who was targeted in this scam, was duped into transferring the massive sum to the scammers.

This incident marks a significant escalation in the capabilities of fraudsters, leveraging deepfake technology to commit large-scale financial frauds. Deepfakes, which are synthetic media in which a person’s likeness and voice are replaced by someone else’s, have been a growing concern, but this case illustrates their dangerous potential in corporate environments.

Several lessons and security measures can be drawn from this unfortunate event:

  • Increased Awareness and Training: Organizations must educate their employees about the existence and capabilities of deepfake technology. Training should include recognizing signs of manipulated media and verifying the authenticity of the communication, especially in high-stake situations.
  • Enhanced Verification Procedures: For transactions of significant value or importance, companies should implement multi-factor authentication and verification procedures that go beyond digital communication. This could include verbal confirmation through known phone numbers or the use of pre-agreed upon codes.
  • Secure Communication Channels: Utilize secure and encrypted communication channels for internal communications, especially for confidential and financial matters. Regularly update security protocols to ensure they are in line with the latest cybersecurity standards.
  • Regular Security Audits: Conduct regular security audits of IT infrastructure to identify and mitigate vulnerabilities. This includes securing access to video and audio data that could potentially be used to create deepfakes.
  • Legal and Regulatory Frameworks: Advocate for and adhere to stronger legal and regulatory frameworks that deter the creation and distribution of deepfakes. Companies should also have clear policies regarding the creation and use of synthetic media.
  • Advanced Detection Tools: Invest in advanced AI and machine learning tools designed to detect deepfakes. Although it’s challenging to keep pace with the evolving technology, having such systems in place can offer an additional layer of security.

The case in Hong Kong serves as a wake-up call to the corporate world about the evolving nature of cyber threats. As technology advances, so do the methods employed by fraudsters, making it imperative for businesses to stay vigilant and proactive in safeguarding their assets and information.

Share This Post

Related insights

Talk to us

Newbury: 01635 555666
Abingdon: 01235 251252
Swindon: 01793 610008
Hungerford: 01488 682546