We’ve all heard about the “fake” email sent to the finance department from the CEO asking for a payment to be made to a fraudsters account but a new – and more sophisticated – version of this type of fraud has begun.
The emergence of “deepfake” technology – where genuine recordings of people are processed and manipulated via artificial intelligence – has morphed into a sinister new type of corporate fraud.
Internet security experts Symantec have reported three cases of audio deepfakes being deployed to steal millions of pounds from private companies by impersonating the voice of the business’s CEO.
The fraudsters trained machine learning engines on conference calls, Facebook ads, YouTube, social media updates and even TED talks, to copy the voice patterns of company bosses. They then mimicked the CEOs and called senior members of the finance department to ask for funds to be sent urgently.
“CEO fraud” itself is not new, but until now hoaxers have been limited to using fake email addresses in the hope of tricking a senior executive into releasing funds.
The use of voice manipulation software marks a new step in the threat to business, with experts warning the damage may not be limited to extorting cash. The technology could also be used maliciously to put out fake statements that result in stock price collapses or damage reputations.
“This kind of high-tech heist is not a futuristic vision but an imminent reality for businesses who may be lax about data validation,” said Caroline Winch, Commercial Director at secure audit service Confirmation.
According to the Association of Certified Fraud Examiners (who even knew they exist), the 2008 financial crisis triggered a massive upswing in corruption and fraudulent disbursements and statements.
“It is essential that during times of uncertainty the corporate world not only prepares for the inevitable impact of fraud-enabling technologies that are emerging but also educates employees about existing threats and guards against complacency,” they said.
So if your boss has videos on YouTube, Facebook ads or TED talks available on the internet maybe you should revisit your financial security and consider more robust authentication defences or other practices that can strengthen the approval chain.