nokturne213@sopuli.xyz
on 05 Feb 2024 02:34
nextcollapse
A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.
The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.
“(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.
Chan said the worker had grown suspicious after he received a message that was purportedly from the company’s UK-based chief financial officer. Initially, the worker suspected it was a phishing email, as it talked of the need for a secret transaction to be carried out.
However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said.
altima_neo@lemmy.zip
on 05 Feb 2024 05:51
collapse
Damn, that’s a pretty intricate scam,though. The deep fake part is bullshit, but I mean knowing who all to have on call and what to say.
haui_lemmy@lemmy.giftedmc.com
on 05 Feb 2024 06:56
collapse
Must have been an insider or ex employee.
AbouBenAdhem@lemmy.world
on 05 Feb 2024 03:10
nextcollapse
At some point someone’s going to train an LLM on material from successful scams to autonomously generate new scams, then wire the money to server farms to run more copies of itself.
This story sounds suss, but I want it to be true because <img alt="" src="https://lemmy.ml/pictrs/image/d60d74a4-b663-463b-a89e-11f89d4a2021.png">
clever_banana@lemmy.today
on 05 Feb 2024 11:11
nextcollapse
Oh thats a good social engineer, nice
waspentalive@lemmy.one
on 05 Feb 2024 18:04
nextcollapse
Perhaps it should be a company policy that any demand to pay by phone/text/video conf must be authenticated by the office worker hanging up and calling the appropriate company officer on a non-published phone number. The workers immediate supervisor should also be involved in anything out of the ordinary. With a well known policy that calling the company officer will never result in any trouble for the office worker.
OceanSoap@lemmy.ml
on 05 Feb 2024 18:40
nextcollapse
Ohhhh, that’s why I have to take those monthly security training quizzes, lol. I haven’t seen one on AI deepfakes though, I’m sure they’re coming.
NutWrench@lemmy.ml
on 05 Feb 2024 21:39
nextcollapse
The scam involving the fake CFO was only discovered when the employee later checked with the corporation’s head office.
A surprise teleconference resulting in the transfer of $25 million dollars? You can bet your ass I’m going to verify that transaction by calling the CFO on his direct line before any money is sent.
Unforeseen@sh.itjust.works
on 06 Feb 2024 05:13
collapse
You aren’t your run of the mill AP clerk I’m afraid
flop_leash_973@lemmy.world
on 05 Feb 2024 21:53
collapse
I’m surprised there was no further validation or approval for that kind of money beyond “find the right person and socially engineer them.”
threaded - newest
Damn, that’s a pretty intricate scam,though. The deep fake part is bullshit, but I mean knowing who all to have on call and what to say.
Must have been an insider or ex employee.
At some point someone’s going to train an LLM on material from successful scams to autonomously generate new scams, then wire the money to server farms to run more copies of itself.
Can’t wait for self-replicating scam bots
Maybe they’ll finally try to sell me an extended warranty on a car I actually own.
Thats an ingenious idea…
This story sounds suss, but I want it to be true because <img alt="" src="https://lemmy.ml/pictrs/image/d60d74a4-b663-463b-a89e-11f89d4a2021.png">
Oh thats a good social engineer, nice
Perhaps it should be a company policy that any demand to pay by phone/text/video conf must be authenticated by the office worker hanging up and calling the appropriate company officer on a non-published phone number. The workers immediate supervisor should also be involved in anything out of the ordinary. With a well known policy that calling the company officer will never result in any trouble for the office worker.
Ohhhh, that’s why I have to take those monthly security training quizzes, lol. I haven’t seen one on AI deepfakes though, I’m sure they’re coming.
The scam involving the fake CFO was only discovered when the employee later checked with the corporation’s head office.
A surprise teleconference resulting in the transfer of $25 million dollars? You can bet your ass I’m going to verify that transaction by calling the CFO on his direct line before any money is sent.
You aren’t your run of the mill AP clerk I’m afraid
I’m surprised there was no further validation or approval for that kind of money beyond “find the right person and socially engineer them.”