In January 2024, a Hong Kong-based finance employee was targeted through âdeepfakeâ technology, which led to his unnamed company being defrauded to the tune of HK $200M ($25.6M USD). By creating a digitally manipulated impression of the companyâs CFO and key staff members, the fraudster convinced the employee to remit the money in 15 wire transfers across multiple bank accounts.
At the time, the Cyber Security and Technology and Crime Bureau in Hong Kong elected to keep anonymous the name of the targeted company, as well as the individual who was duped. But, according to the Financial Times, it is now revealed the name of the company that lost the $25 million is a global engineering company named Arup.
FT confirmed the company independently through two people familiar with the matter. Arup ânotified the police about an incident of fraud in Hong Kong,â confirming âthat fake voices and images were used,â the company said. Further details were not given by Arup, as the incident is still under investigation by the police, and no arrests have been made.Â
Deepfake generally is a synthetic media that enables one personâs likeness to be swapped for another. The term has since expanded to include âsynthetic media applicationsâ and new creations such as StyleGAN, which are ârealistic-looking still images of people that donât exist,â said Henry Ajder, head of threat intelligence at deepfake detection company Deeptrace.
CFOs must remain vigilant as this fraudulent technology proliferates, alongside the potential threats of Generative AI. To date, cybercriminals focus on ransomware, business email compromise and cryptojacking, according to X-Force, IBMâs cybersecurity research team. However, as reported by Cybersecurity Dive, âthe threat intelligence firm expects that when a single AI technology reaches 50% market share â or when there are no more than 3 primary AI offerings â the cybercrime ecosystem will start developing tools and attacks to go after AI.âÂ
