TechSpot means tech analysis and advice you can trust. Read our ethics statement.
WTF?! What could be one of the most lucrative crimes ever committed using deepfaked video technology was carried out last month. The scammers used digitally recreated versions of an international company's Chief Financial Officer and other employees to order $25 million in money transfers during a video conference call containing just one real person.
The victim, an employee at the Hong Kong branch of an unnamed multinational firm, was duped into taking part in a video conference call in which they were the only real person – the rest of the group were fake representations of real people, writes SCMP.
The employee followed instructions they heard during the call, transferring HK$200 million ($25.6 million), to several Hong Kong bank accounts across 15 transfers. It was only a week later, when the employee contacted company headquarters, did they realize it was a scam.
It sounds hard to believe that someone could be fooled using deepfakes in this way. The victim said the original point of contact, an email mentioning the need for a secret transaction, initially made them suspect a phishing scam. But the accurate recreations of their colleagues in the video call convinced them it was real.
"They used deepfake technology to imitate the voice of their targets reading from a script," said acting senior superintendent Baron Chan Shun-ching. He added that in similar crimes involving deepfakes, the victims took part in one-on-one video calls with a fake person.
As we've seen in previous incidents where deepfakes were used to recreate someone without their permission, the scammers utilized publicly available video and audio footage to create these digital versions.
It's important to note that in this incident, the person never interacted with any of the deepfakes directly during the call beyond being asked to give a self-introduction at the start of proceedings. The recreations gave orders to carry out the money transfers before ending the meeting abruptly, after which instant messaging platforms, emails, and one-on-one video calls were used to stay in contact with the target employee.
Chan mentioned that two or three workers at the branch were approached by scammers using the same deepfake video conference tactic, though apparently, only one fell for it. Police are still investigating but no arrests have been made.
Last week saw Congressional representatives and the White House address the deepfake problem after explicit fake images of singer-songwriter Taylor Swift were shared on X.
In June, the FBI issued a warning that sextortionists were creating explicit deepfakes using people's social media images.