For the third consecutive year, Hill Tech Solutions has been named one of the world's premier managed services providers on the prestigious Channel Futures NextGen 101 list!

Need IT Support?

25 Million Reasons to Be Careful

Share This Post

Remember the good old days, like last month, when phishing attempts were simple emails purporting to be from the boss, or a vendor, requesting a transfer of funds?

We’re kidding here, of course, because those scams continue and there’s nothing good about them. But in Hong Kong, phishing just went to a whole new level.

In this case, a finance worker made a series of payments totaling $25 million (US) after being instructed to do so in a video call with the company’s CFO. Except it wasn’t actually the CFO, but a deepfake video of him or her (neither the company nor the individuals have been identified). The video call featured not only the CFO but other ‘employees,’ making it even more realistic.

Ironically, the whole thing began when the employee received what appeared to be a phishing message purporting to be from the CFO, who is based in the UK. Justifiably skeptical, the employee was convinced by the video chat, resulting in 15 transfers to five different Hong Kong bank accounts. It took about a week for the scam to be detected.

So we’ve arrived at a place where deepfakes have become much more dangerous than faux naughty images of Taylor Swift. While deepfake phone calls have been in use for some time now, this attack is the first one to use video.

How could it have been prevented, and how can you be sure the person on the other end of your Zoom/Teams/Meet is really a person?

First, stay skeptical. If the content of the meeting involves any kind of financial transaction or activity that might compromise security (for instance, a request to share a password), it’s time to verify.

If the person making the request is someone you know, ask them to confirm a bit of personal information that isn’t readily available online (as in, something not found in their LinkedIn profile or their bio on the company website). Or simply ask them to move their head in a certain way, or to hold up three fingers on their left hand. Deepfakes will have trouble complying.

As we’ve been saying for the last couple of years, AI shows tremendous promise in fighting cybercrime, but the bad guys are using it too, creating an ever-changing arms race. A healthy dose of skepticism is the best way to stay a step ahead.

More To Explore

Hill Tech's Technology Insights

The Buy Maryland Cybersecurity (BMC) Tax Credit

By now you know that cyber threats represent an existential threat to businesses of all sizes. You’ve seen countless stories about ransomware and phishing attempts,


CMMC 2.0 Compliance: Avoid These 5 Errors

As CMMC 2.0 moves towards implementation, more and more companies are facing the need to achieve compliance. If you’re new to CMMC, it’s a framework