Money Transfer Scams Through Deepfakes
These attacks are typically called Business Email Compromise (BEC) or Email Account Compromise (EAC). It’s a scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. Between 2019 and 2021 the FBI says it has received an increase of complaints that involve money scams over video calls. There are multiple ways in which the scammer operates:
- Compromising an employer or financial director’s email, such as a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or “deep fake” audio, and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
- Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business’s day-to-day operations.
- Compromising an employer’s email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.
The FBI lists suggestions for protection, such using secondary channels or two-factor authentication to verify requests for changes in account information, ensuring the URL in emails is associated with the business/individual it claims to be from, and not sending login credentials or personally identifiable information over email.
In 2019, scammers swindled the CEO of a UK-based energy company by using deepfake software to impersonate an executive’s voice over the phone. They demanded a transfer of €220,000 (US$243,000). The money that was transferred to the Hungarian bank account was subsequently moved to Mexico and distributed to other locations.