Deepfake Scammers Deploy Advanced Tactics, Swindle Multinational Firm of $26 Million

In a sophisticated cybercrime incident, scammers utilized deepfake technology to impersonate senior executives during a video conference call, deceiving a multinational firm in Hong Kong and making off with a staggering $26 million, as reported by Hong Kong police on Sunday.

This marks one of the first instances of deepfake technology being exploited for financial fraud in the city, highlighting the challenges faced by law enforcement in keeping pace with rapidly advancing generative artificial intelligence. Deepfake technology enables the creation of highly convincing fake images or videos, posing a significant risk for disinformation and misuse.

The victim, an employee of the targeted multinational firm based in the Chinese finance hub, received deceptive video conference calls from individuals posing as senior officers of the company. These impersonators requested the transfer of substantial sums of money to designated bank accounts, as revealed by police sources.

The incident was reported to the police on January 29, by which time approximately HK$200 million ($26 million) had already been lost through 15 transfers. The finance department employee, who fell victim to the scam, was led to believe that the instructions were coming from the firm's UK-based chief financial officer, according to reports in the Hong Kong media.

Acting Senior Superintendent Baron Chan, during a press briefing, disclosed that the video conference call involved multiple participants, with all except the victim being impersonated. The scammers employed deepfake technology by sourcing publicly available video and audio recordings of the targeted executives from platforms like YouTube. These recordings were then manipulated to emulate the voices of the executives, creating a convincing illusion during the fraudulent video call.

Chan emphasized that the deepfake videos used in this scam were pre-recorded and did not involve real-time dialogue or interaction with the victim. The investigation is ongoing, and as of now, no arrests have been made. The police have refrained from disclosing the name of the victimized multinational firm. This incident underscores the growing threat of advanced cybercrimes and the urgent need for enhanced cybersecurity measures to protect organizations from such fraudulent activities.