Media reports that more than HK$200 million (US$25.6 million) were stolen from a representative office of an unnamed international company in Hong Kong using a complex fraudulent scheme involving deepfakes.
The scam began when a member of the victim company's finance department received a phishing email purporting to be from a UK-based finance director. The email asked the employee to make a secret transaction.
Despite his doubts, the employee was convinced that everything was in order after the CFO offered to discuss the details during a group video call, which included other company employees who were known to the victim. As a result, the victim made 15 transfers totaling US$25.6 million to five different accounts in Hong Kong banks.
The attack was discovered only a week later, prompting a police investigation.
According to the South China Morning Post, the scammers used a deepfake version of the company's chief financial officer, as well as other employees. All of these fake identities participated in the said video conference, during which a company employee was instructed to transfer money to the accounts of the attackers. It is noted that all participants in the video call, except the victim, could have been criminals who imitated the appearance and voices of other people.
Since the investigation into the incident is still ongoing, the Hong Kong police have not provided details or disclosed the name of the company that suffered at the hands of the attackers.
Journalists write that this is the first incident of this kind for Hong Kong, simultaneously involving the theft of a large sum and the use of deepfakes. It is noted that to recreate the appearance and voices of real people, the criminals used video and audio materials obtained during other video calls and from open sources. Apparently, the scammers carefully prepared for the operation and used WhatsApp, email and video calls to communicate with other employees of the Hong Kong office one-on-one.
Police believe the attackers may have created the video in advance and then used AI to change their voices during the video conference. That is, what exactly happened during the video call is not yet entirely clear. Thus, some believe that only one participant in the conversation was a real person, while others believe that there were several living people.
Hong Kong police are now instructing users to verify the identity of people they're talking to even during video calls, especially when it comes to money transfer requests. To do this, it is recommended, for example, to ask the interlocutor to move his head, move his hand in front of his face, or answer questions that can confirm the identity of this person.
The scam began when a member of the victim company's finance department received a phishing email purporting to be from a UK-based finance director. The email asked the employee to make a secret transaction.
Despite his doubts, the employee was convinced that everything was in order after the CFO offered to discuss the details during a group video call, which included other company employees who were known to the victim. As a result, the victim made 15 transfers totaling US$25.6 million to five different accounts in Hong Kong banks.
The attack was discovered only a week later, prompting a police investigation.
According to the South China Morning Post, the scammers used a deepfake version of the company's chief financial officer, as well as other employees. All of these fake identities participated in the said video conference, during which a company employee was instructed to transfer money to the accounts of the attackers. It is noted that all participants in the video call, except the victim, could have been criminals who imitated the appearance and voices of other people.
Since the investigation into the incident is still ongoing, the Hong Kong police have not provided details or disclosed the name of the company that suffered at the hands of the attackers.
Journalists write that this is the first incident of this kind for Hong Kong, simultaneously involving the theft of a large sum and the use of deepfakes. It is noted that to recreate the appearance and voices of real people, the criminals used video and audio materials obtained during other video calls and from open sources. Apparently, the scammers carefully prepared for the operation and used WhatsApp, email and video calls to communicate with other employees of the Hong Kong office one-on-one.
Police believe the attackers may have created the video in advance and then used AI to change their voices during the video conference. That is, what exactly happened during the video call is not yet entirely clear. Thus, some believe that only one participant in the conversation was a real person, while others believe that there were several living people.
Hong Kong police are now instructing users to verify the identity of people they're talking to even during video calls, especially when it comes to money transfer requests. To do this, it is recommended, for example, to ask the interlocutor to move his head, move his hand in front of his face, or answer questions that can confirm the identity of this person.
