News & Knowledge

MNC defrauded US$25million from “deepfake”

人工智能合成技術猖獗
跨國公司被騙取2500萬美元

08/02/2024

A multinational company has lost HK$200M (approx. US$25M) to fraudsters impersonating senior executives using deepfake technology, being the first case of its kind in Hong Kong.

On 29 January 2024, Hong Kong Police received a report where a multinational’s Hong Kong employee was deceived by someone posing as the company’s UK-based CFO and other staff, instructing the employee to transfer money to designated bank accounts. As a result, the employee made 15 transfers totaling HK$200M (approx. US$25M).

At first, the employee received what appeared to be a message from the CFO, speaking of a “top secret” transaction that must be carried out swiftly and covertly. He believed (rightly so) that it was a fraud. However, the fraudster convinced the employee to attend a video conference call as proof. By using “deepfake” technology, the fraudster impersonated the CFO by using the CFO’s face and voice. Other staff (also impersonations using “deepfake”) were also on the same call.

As the employee had met the CFO before, and believing that what he saw was genuine, the employee transferred the monies according to instructions.

It turns out that the CFO’s videos were available on YouTube. The fraudsters simply used deepfake technology to emulate his voice and facial expressions.

The signs of a scam usually (if not always) consist of:-

  1. Urgency – the fraudster would not want to give you time to think rationally now, would he?
  2. Secrecy – informing a third party will likely expose the scheme or raise questions, why would the fraudster want you ask around?
  3. Threat – “if you don’t do it immediately, you will lose your job!”

Technology is always evolving, and so are scammers. In order to minimize the risk of scams, it is good practice to ensure that procedures and checks (preferably in-person approvals) are in place to minimize risk, especially when carrying out transactions of a certain value / volume.

一家跨國公司被騙徒利用人工智能合成技術冒充成該公司的高層,因而損失了 2 億港元(約 2,500 萬美元)。這宗案件成為了香港首例。

在2024年1月29日,香港警方接報,表示某跨國公司的一名香港員工被冒充成該公司駐英國財務長及其他員工的騙徒成功詐騙。騙徒指示該香港員工將款項轉入指定銀行帳戶。結果,該員工進行了 15 次轉賬,總額達 2 億港元(約 2,500 萬美元)。

起初,該員工收到了一則看似來自公司財務長的訊息,對方聲稱這是一項涉及「重大機密」的交易,故此必須迅速及秘密地進行。該員工原先恰當地相信這是一個騙局。然而,騙徒說服該員工參與視象電話會議以作查證。騙徒利用了「人工智能合成技術」(即”deepfake”) ,冒充公司財務長的面容和聲音,而所謂的「其他員工」亦同樣地使用了“deepfake”進行模仿,並一併出現在該視象通話中。

由於該員工曾與CFO見過面,並相信其所見屬實,因此依指示將那些款項轉帳。

據報,由於財務長的影片可以在 YouTube 上被觀看,騙徒直接使用了人工智能合成deepfake技術,以模仿該財務長的聲音和臉部表情。

要辨識是否面臨一場詐騙,雖然並無天書可循,惟通常有跡可尋,其中包括:-

  1. 緊迫性-騙徒不會希望給予你時間,以容讓你在當刻可以理性思考。
  2. 保密-騙徒不會容讓你有機會和空間通知第三方,以防止暴露他們的詭計或有人提出問題的可能。
  3. 威脅—「如果你不立即行動,你將面臨被解雇的後果」諸如此類的威脅。

科技不斷發展,騙徒的手法亦然。為了最大限度地降低被詐騙風險,最好確保有真人親自把關的既定程序和檢查,尤其是在進行具一定價值和數量的交易之際,以有效地降低被矇騙的風險。

2024-02-21T12:22:20+08:00