Experts are forecasting a worrying rise in incidents of deepfake cyber-crime that has already claimed one high profile UK victim.
The engineering group Arup, which has been involved in world-famous buildings such as the Sydney Opera House, lost £19.7m ($25m) in one of the world’s biggest known deepfake scams which used a hyper-realistic video generated by AI to facilitate the cyber-crime.
The Financial Times reported fraudsters used a digitally cloned version of a senior manager to order financial transfers during a video conference involving the company’s Hong Kong office.
This could be just the start of high profile attacks with VPNRanks, which compiles real-world user feedback, predicting a substantial rise in deepfakes by the end of 2024, highlighting the urgency for robust cybersecurity measures. By 2025, it is projected that 8 out of 10 people will likely encounter a deepfake.
According to Home Security Heroes, the total number of deepfake videos online in 2023 was 95,820, marking a 550% increase since 2019. Besides the increase in deepfake video incidents, deepfake AI images have also been identified while audio is emerging as a growing concern.
Deepfakes can also be used in business email compromise (BEC) scams by cybercriminals to trick staff into transferring large sums into dummy accounts.
Arup, which employs about 18,000 people globally and has annual revenues of more than £2bn, was subjected to what Hong Kong police have classified as “obtaining property by deception”.
The Arup fraud was triggered when a member of staff at the targeted company received a message purporting to be from the UK-based chief financial officer regarding a “confidential transaction”.
After a video conference joined by the company’s digitally cloned CFO and other fake company employees, the staff member is understood to have made a total of 15 transfers to five Hong Kong bank accounts before eventually discovering it was a scam.
The FT has previously reported that international advertising agency WPP had been the target of an unsuccessful deepfake scam in which criminals used a voice clone and YouTube footage to set up a video meeting with executives.
In the face of this new threat, experts are urging businesses to purchase IT solutions to counter cyber security scams with banks needing to alert their clients on suspicious payments.
Cyber policies offered by W Denis provide more than just insurance, they are inclusive of additional services which help to mitigate the impact of a data breach/hack etc, including PR services to manage the crisis, forensics to investigate the root cause and expertise to eradicate the issue. Locked systems and ransomware can be catastrophic to a business. Prudent risk managers who buy comprehensive cyber insurance gain access to a wide range of support services to help the business in the event of a claim in addition to ransomware payment negotiations.
To discuss this further with a broker at W Denis, please make arrangements with Daniel Moss at [email protected] or on 0044 (0)113 2439812 or contact Mark Dutton at [email protected] or on 0044 (0) 7831 366 469.
