A recent report by the South China Morning Post disclosed a substantial financial setback faced by a multinational corporation’s Hong Kong branch, totaling HK$200 million (US$25.6 million), attributed to an intricate scam utilizing deepfake technology. The scheme entailed a falsified video conference call featuring the company’s CFO and employees, instructing a transfer of funds. Hong Kong police withheld the company’s identity pending further investigation.
Deepfake technology employs AI to produce remarkably authentic counterfeit videos or audio clips, presenting substantial hurdles for discerning genuine content from falsified material.
This occurrence represents a groundbreaking incident in Hong Kong, entailing a substantial sum and the utilization of deepfake technology to orchestrate a simulated multi-person video conference, wherein all attendees, barring the victim, were digitally fabricated renditions of actual individuals. Leveraging publicly accessible video and audio recordings, the perpetrators adeptly mimicked the appearances and voices of their targets. Hong Kong authorities are presently probing the matter, with no apprehensions made thus far.
The scam came to light after a phishing attempt targeted an employee in the finance department of the company’s Hong Kong branch. They received a fraudulent message, supposedly from the company’s UK-based CFO, instructing them to carry out a covert transaction. Despite initial skepticism, the employee was swayed by a group video call featuring the CFO and others, leading them to transfer HK$200 million across five Hong Kong bank accounts.
Authorities discovered the deception approximately a week later, initiating a police investigation. This high-tech theft highlights growing concerns surrounding the misuse of AI, exemplified by incidents such as the dissemination of manipulated explicit images of Taylor Swift. In recent times, scammers have exploited audio deepfake technology to impersonate individuals in distress, deceiving people into parting with their money.
Acting senior superintendent Baron Chan Shun-ching of the Hong Kong police highlighted the unprecedented nature of this scam, emphasizing that it was the first occurrence in Hong Kong where victims were misled through a multi-person video conference. He noted the scammer’s tactic of avoiding direct interaction with the victim, except for requesting a self-introduction, which enhanced the scam’s credibility.
In response, the police have provided guidance for verifying the authenticity of individuals in video calls, suggesting actions such as requesting movement or identity-confirming questions, particularly when financial transactions are involved. Another proposed solution involves equipping employees with encrypted key pairs, establishing trust through signed keys obtained during in-person meetings and later used for remote authentication.
Moreover, the Hong Kong police are planning to bolster their alert system covering the Faster Payment System (FPS), including warnings for transactions associated with known scams. They aim to expand this coverage to encompass a wider array of electronic and in-person transactions by the latter half of the year.