A multinational company has been scammed out of €24 million following a deepfake. A cybercriminal posed as the company's chief financial officer during a video call using deepfake technology. This is how he convinced an employee to transfer the large amount. Employers should tighten their security policies and make employees aware of the dangers of deepfakes to reduce the chances of cybercriminals striking successfully.
Cybercriminals try to manipulate their victims, and in many cases they still do so with phishing emails. But as technology to produce deepfakes gets better and more accessible, we also see them starting to use audio and video to scam people or spread disinformation.
Accessible and effectively deployable technology to detect deepfakes unfortunately does not yet exist. Employers should therefore tighten their security policies by making clear and sometimes stricter agreements. Think about applying the four-eye principle when transferring large sums of money or making multifactor authentication mandatory.
It is also necessary for employers to educate their employees about how cybercriminals use deepfakes and the dangers they pose. By thus raising employee awareness, they help reduce the chances of company information falling into the wrong hands or money being transferred to the wrong account number.