Cyberattacks leveraging deepfake technology are becoming increasingly common, particularly with the advancement of Artificial Intelligence (AI). These attacks are growing in sophistication, highlighting the critical need for robust cybersecurity measures and awareness to identify and mitigate such threats.

This month, in our newsletter, we present a real-life case of a multinational company that was defrauded of nearly $26 million in a deepfake-based scam. This technology, which uses AI to manipulate voice and video, can make individuals appear to say things they never actually said or even swap faces so convincingly that it becomes difficult to question the authenticity of the image.

The incident began when an employee at a financial hub in China received multiple video calls from someone impersonating a senior executive of their company, instructing them to transfer funds to specific bank accounts. Recognising the face and voice of the supposed executive, the employee complied with the request. The victim worked in the company’s finance department, while the criminals posed as the Chief Financial Officer of the UK-headquartered firm.

To execute the fraud, the criminals sourced publicly available videos and audio recordings from YouTube, employing deepfake technology to mimic the voices recognised by the victim. They then issued instructions, deceiving the employee into transferring substantial sums to bank accounts controlled by the cybercriminals.

This case underscores the importance of implementing a range of cybersecurity measures, reinforcing how continuous awareness and training can strengthen an organisation's security culture, reduce the likelihood of incidents, and ensure a swift response to potential threats.

Learn more about this type of fraud and how to protect yourself here.

Read more real-life cases in our Real-Life Cyberattack Cases section.