A deepfake is a fabricated digital image of a person created with the help of artificial intelligence. It can be integrated into a video clip or audio track and programmed for any action. The first case of fraud with its use occurred First‑Ever AI Fraud Case Steals Money by Impersonating CEO / Identity Theft Resource Center in 2019. The criminals faked the voice of the head of a German company and called the head of one of its branches in the UK. They asked for an urgent transfer of a large sum to a Hungarian bank. The manager was sure that he was talking to the boss, because he recognized his manner of speech, and transferred 243 thousand dollars to the account.
Later, the criminals called twice more and requested a new transfer. But the last call was from an Austrian number, not a German one. This alerted the British leader, and he refused to transfer the money.
Another robbery using a fake voice occurred Fraudsters Cloned Company Director’s Voice In $35 Million Heist, Police Find / Forbes in 2020. The head of the Japanese company's branch in Hong Kong received a call from the "director" of the head office. He talked about plans to absorb the unprofitable enterprise, which required money. A lawyer was allegedly hired to coordinate the procedure, and the "director" sent the manager an email correspondence with him. There were also account details where it was proposed to transfer a large amount. Seeing nothing unusual, the employee transferred $35 million. By the way, law enforcement officers from the UAE were investigating the crime, who recorded a suspicious transaction.
In 2023, the hacker group GXC Team introduced Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud / Resecurity the Business Invoice Swapper program. The tool uses proprietary algorithms to check emails. He finds those where accounts are mentioned or there are attachments with payment details, and then replaces the real data with the details of the criminals. Hackers spread information about the program in messengers. She works by subscription, and on New Year's Eve they even offered a discount on the purchase.
Only in the USA, the compromise of corporate mail, including through the substitution of accounts, in 2022 led to Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud / Resecurity to the loss of more than $ 2.4 billion. On average, companies lost 120 thousand dollars in each individual case.
Experts of the Regional Public Center for Internet Technologies believe that a person is the weakest link in the cybersecurity system. Therefore, it is important for the head of the company to tell employees about common ways of luring money and how to protect themselves. For example, today scammers use Criminals will soon use ChatGPT to make scams more convincing, experts warn; only ‘a matter of time’ before S’pore hit / Today Online neural networks for writing emails. Such programs correct grammatical errors, and the criminal's messages can look convincing, even if he writes in a foreign language. But it can be calculated on other grounds — for example, by insistent request for bank details and calls to make a payment as soon as possible.
Updates often contain fixes for security vulnerabilities, and this can help prevent attacks. In addition, do not neglect the antivirus and use firewalls that filter traffic according to the specified rules. For example, even if an employee downloads a virus and infects a computer, when the program tries to transfer information to an unknown IP address, the firewall will automatically stop it.
Let users provide more information when logging in, not just a password. For example, they enter a code that comes in an SMS or email. Another option is to use hardware security keys. They look like regular flash drives and are connected to a computer via a USB port. The device reads the information and confirms the identity. This method is considered reliable because fraudsters cannot intercept data over the Internet. The only way to log in is to steal the physical key.
Even if the data is in order, do not rush to transfer money. Criminals can hack the email of an employee of a real company and issue an invoice on his behalf, specifying their banking details. Use the INN to search for other contacts of the company and clarify whether the correct information was sent to you.
Give them access only to the systems and applications they need to work with. When using video communication programs, do not publish links to meetings in the public domain. Allow only authorized users to enter and block the room after the start of the call.
Ideally, you need to provide employees with working devices to access the company's internal network. The security of personal laptops is difficult to control, because, for example, they may not have an antivirus. If you cannot provide all the equipment, it is better to transfer key employees to the office.
