A groundbreaking scam leveraging deepfake technology led to a multinational company's Hong Kong branch losing over HK$200 million (approximately US$25.6 million), as reported by the South China Morning Post on Sunday. In an unprecedented heist, fraudsters used artificial intelligence to create highly realistic video and audio of the company's chief financial officer and other employees, tricking a staff member into transferring funds during a fake video conference call.
This incident, the first of its kind in Hong Kong involving such a significant amount and deepfake technology, showcased the scammers' ability to create convincing digital replicas of real individuals for a multi-person video conference, leaving only the actual victim unreplicated. By utilizing publicly available footage, the perpetrators convincingly mimicked the appearances and voices of their targets.
The scam came to light following a phishing attempt aimed at the finance department of the Hong Kong office. An employee received instructions for a secret financial transaction from someone posing as the CFO based in the UK. Despite initial skepticism, the authenticity of the request was seemingly confirmed by a group video call featuring the CFO and other colleagues, prompting the employee to make 15 transactions totaling HK$200 million to five different local bank accounts. The fraudulent activity was discovered a week later, leading to a police investigation.
Hong Kong police are currently probing the high-tech theft, with no arrests reported yet. The incident highlights the growing risks associated with advanced AI technologies, which have also been exploited for creating fake explicit images of celebrities and conducting scams through audio deepfakes.
Baron Chan Shun-ching, Acting Senior Superintendent of the Hong Kong police, emphasized the unique nature of the scam, particularly the use of a multi-person video conference to deceive the victim. He suggested methods to verify the authenticity of individuals in video calls, such as asking them to perform specific movements or answer personalized questions, especially when requests involve money transfers. Additionally, he proposed the adoption of encrypted key pairs for employees to authenticate identities in remote communications, enhancing security in corporate environments.
To combat the rising threat of scams, the Hong Kong police intend to upgrade their alert system for the Faster Payment System (FPS) by including warnings for transactions associated with known scams. This expansion, set for the second half of the year, aims to safeguard against a wider array of electronic and physical transaction scams, reflecting the urgent need to address the sophisticated use of AI in criminal activities.