AI-Based Attacks , Artificial Intelligence & Machine Learning , Finance & Banking

Fraudsters Deepfake Entire Meeting, Swindle $25.5M

Hong Kong Company Scammed After Criminals Used Deepfake Technology to Imitate CFO
Fraudsters Deepfake Entire Meeting, Swindle $25.5M
Image: Shutterstock

A group of fraudsters used deepfake technology to trick an employee at a Hong Kong-based multinational company to transfer $25.57 million to their bank accounts, Hong Kong Police said Sunday.

See Also: Safeguarding against GenAI Cyberthreats with Zero Trust

Unidentified fraudsters fooled the employee by using deepfake technology to create a fake conference call, local media reported.

The fraudsters in January invited the employee to join a video conference and during the call, they directed him to make confidential financial transactions worth HK$200 million, or $25.57 million, to certain bank accounts.

Following the fake CFO's directions, the employee made 15 separate payments to five local bank accounts over the following week and only later - after speaking with the company's main office - realized the call had been a scam.

Baron Chan, acting senior superintendent of Hong Kong police' cybersecurity division, told RTHK the employee had been the only real person in the conference call. "I believe the fraudster downloaded videos in advance and then used artificial intelligence to add fake voices to use in the video conference," Chan said.

Chan said the scammers had initially contacted the employee using third-party messaging services by masquerading as the company's chief financial officer, but the video conference convinced the employee that the request was genuine.

"We want to alert the public to these new deception tactics. In the past, we would assume these scams would only involve two people in one-on-one situations, but we can see from this case that fraudsters are able to use AI technology in online meetings, so people must be vigilant even in meetings with lots of participants," Chan said.

In an email, Hong Kong police told Information Security Media Group that a female employee of the company had reported the financial scam to the police on Jan. 29. The employee told authorities that she had "received video conference calls from someone posing as senior officers of the company requesting to transfer money to designated bank accounts."

"After initial investigation, the case is classified as obtaining property by deception and is being handled by the Regional Technology Financial Crime Unit, Kowloon West. Investigations are still ongoing and no arrest has been made so far," police said.

Hong Kong police in August 2023 sounded an initial alarm by reporting the first-ever-detected use of deepfakes to deceive financial institutions.

About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.