Deepfake Scammer Walks Off With $25 Million in First-of-its-kind AI Heist

Benj Edwards in Ars Technica: On Sunday, a report from the South China Morning Post revealed a significant financial loss suffered by a multinational company’s Hong Kong office, amounting to HK$200 million (US$25.6 million), due to a sophisticated scam involving deepfake technology. The scam featured a digitally recreated version of the company’s chief financial officer, along with other employees, who appeared in a video conference call instructing an employee to transfer funds.

Due to an ongoing investigation, Hong Kong police did not release details of which company was scammed.

Deepfakes utilize AI tools to create highly convincing fake videos or audio recordings, posing significant challenges for individuals and organizations to discern real from fabricated content.

This incident marks the first of its kind in Hong Kong involving a large sum and the use of deepfake technology to simulate a multi-person video conference where all participants (except the victim) were fabricated images of real individuals. The scammers were able to convincingly replicate the appearances and voices of targeted individuals using publicly available video and audio footage. The Hong Kong police are currently investigating the case, with no arrests reported yet.

The scam was initially uncovered following a phishing attempt, when an employee in the finance department of the company’s Hong Kong branch received what seemed to be a phishing message, purportedly from the company’s UK-based chief financial officer, instructing them to execute a secret transaction. Despite initial doubts, the employee was convinced enough by the presence of the CFO and others in a group video call to make 15 transfers totaling HK$200 million to five different Hong Kong bank accounts. Officials realized the scam occurred about a week later, prompting a police investigation. More here.