|

Deepfake CEO Scams: What Business Leaders Must Know

Illustration of a hand manipulating digital text labeled 'deep fake,' symbolizing cybersecurity risks and online scams.

Imagine getting a video call from your CEO with an urgent request. Her voice is firm, accent familiar, the video flawless and realistic. You hold your breath, ready to comply. And then – just for a moment – you hesitate. A memory flashes across your mind, you remember a news story you saw recently about something called deepfakes. The doubt starts to creep in. Is this a deepfake? What do you look for? What should you do? In this article we will define what a deepfake truly is, what to look for and how to protect your business from falling victim to these highly sophisticated scams.

What technically is a deepfake? As defined by Britannica, the term deepfake refers to the  combination of deep, taken from AI deep-learning technology (a type of machine learning that involves multiple levels of processing), and fake, addressing that the content is not real. A Deepfake, synthetic media, including images, videos, and audio, generated by artificial intelligence (AI) technology that portray something that does not exist in reality or events that have never occurred. The term deepfake combines deepand fake….

It’s no secret that for years fraudsters have cost companies billions globally. However, in the past they were limited to usually email or text which more times than not consisted of poor grammar or other identifiable imperfections. The rise of artificial intelligence has constructed an entire new level allowing them access to grammar intelligence, voice cloning and Hollywood level video which has created a significant playground for even the amateurs. Let’s take a look at some of the most recent examples. 

Examples of Deepfake Scams

Since last year, scammers have already cost businesses millions using deepfakes. In early 2024, attackers pulled off a deepfake video call impersonating the CFO of British engineering group, Arup. The fraudsters convinced a finance department employee to make a series of secret transfers equaling $25 million to overseas accounts before the scheme was eventually discovered. In another well-known attempt last year, the world’s largest advertising agency, WPP became a target. Known as the WPP Voice Clone Attack, this case exemplified how advanced these schemes have truly become. The scammers were able to access Microsoft Teams and set up a meeting with a regional leader. During the meeting they played a cloned voice of CEO, Mark Read, and even used snippets of old video footage from online to appear as him. The imposters asked the manager to help with a hush-hush new business venture. Fortunately, the manager and other employees recognized red flags and halted the scheme. In a more recent and arguably even more alarming attempt, the “Minister” scam showed that voice clones are not limited to any particular class, group or individual. Several top business leaders including fashion icon, Giorgio Armani, received calls from someone sounding like Italy’s defense minister. The imposter, used a deepfake voice – claimed journalists were kidnapped and he needed funds for them. Although Armani’s team was able to catch on and halt communications, one executive unfortunately did not and transferred €1 million to a Hong Kong account. These are just a few recent examples of how these security threats are operating on a more intelligent and sophisticated level of than ever before. Whether small or large, all businesses are at risk. Let’s see what vulnerabilities may be at play in yours.

What Vulnerabilities Are at Play in Your Business?

As the sophistication and frequency of scams rise, so must your company’s level of security. The first step in safeguarding your business is understanding it’s vulnerabilities. There are four key vulnerabilities companies exhibit: The pressure of hierarchy, the “seeing is believing” mindset, advancement of AI technology and hybrid/remote work environments.

The pressure of hierarchy refers to the phycological and emotional burden employees feel when working in an environment that places a high emphasis on power dynamics. In these kinds of environments, employees often rely on the pressure of hierarchy and when push comes to shove hesitate to question executives (or in the case of a deepfake – presumed executive). As a result, if any suspicious video calls or audio requests are received they are far less likely to be addressed which could lead to serious disaster for the company. In addition to hierarchy, workplace culture also plays a role in another vulnerability. The long-held belief that “seeing is believing” no longer stands in a world where deepfakes are circling around us. While it’s not the business leader’s fault this belief system exists, it is essential that leaders establish a higher level of security awareness in the workplace. Thirdly, the advancement of AI technology is rapidly producing movie quality deepfakes and realistic forgeries. This makes it increasingly difficult for companies to not only identify what’s real versus AI generated but also keep up with the speed of advancement. Last but not least, hybrid/remote work environments have made it increasingly more difficult to maintain and monitor consistency of security protocols. Now that we have identified the key vulnerabilities, we can focus on the warning signs to help you and your team stop deepfake threats early on.

Warning Signs of a Deepfake Scam

A highly-aware, well-trained team of employees is one of the best defenses your company can have. As artificial intelligence continues to rapidly evolve, it is important to protect your company in every way possible. A few of the warning signs to look for in all messages include: a sense of urgency and sometimes secrecy, requests for unusual payment methods (gift cards, crypto, etc.), poor audio/video quality or “off” mannerisms and no verification from other communication channels. At this point, your company should have multi-factor authentication especially for money and sensitive information transfers. As being aware of these signs can assist with daily awareness, it is still important to incorporate official measures.

How to Protect Your Organization

Deepfakes are advancing at an alarming rate which means every business leader needs to take their defenses just as seriously. Cybersecurity is not a luxury, it’s a modern necessity. See below for our top 5 ways to protect your organization:  

  • Security Education & Awareness Training: Ensure everyone from entry-level staff to top executives understands what deepfakes are and how these scams operate. Through regular internal awareness campaigns and training sessions conducted by IT professionals, whether in-house or from an IT services firm, your organization’s staff of employees can embody one the strongest defenses against deepfakes.
  • Strict Verification Protocols: Establish strict verification protocols to verify identities and requests, especially for financial transactions and handling sensitive information. Protocols should include clear step-by-step directions to ensure every verification is thorough and consistent.
  • Financial Controls and Multi-Person Authentication: Implement multi-factor authentication that require multiple person approvals for financial and sensitive information requests.
  • Incident Response Planning: Preparation is the best defense. Despite your best efforts, assume a deepfake attack is a possibility and prepare an incident response plan specifically for each scenario.
  • Technology Solutions (Detection & Authentication): Leverage technology tools like AI-driven fraud detection, secure collaboration tools to detect and authenticate communications before they become a threat.
  • Limit Exposure of Personal Data: While you can’t remove your CEO’s presence completely from the internet, you can reduce the exposure of personal data to minimize the risk of it being used in deepfake scams.

Conclusion

Now picture yourself sitting at that same desk. You receive a video call from your CEO with an urgent request. Thanks to the proper training and awareness of the response plan, you now respond with confidence and ease. This time you take a deep breath instead of holding one. You handle the deepfake appropriately per protocol and the company remains protected.

As the rise of artificial intelligence evolves so do deepfakes. Ensuring your company is prepared means you can move forward with confidence and peace of mind. Have you set your organization up to protect itself and handle these increasing scenarios before it’s too late?

CompuOne specializes in IT services including cybersecurity solutions. Click below to schedule a complimentary cybersecurity assessment and find out how we can ensure your business is protected.

Contact Us

Similar Posts