Tag Archive for: Cyber Scams

A.I. Deepfake Posing as the CFO Scams $25 Million: How to Protect Your Organization from the Exploding Deepfake AI Cyber Scam

Deepfakes use Artificial Intelligence (A.I) to create fake, hyper-realistic audio and video that is generally used to manipulate the viewer’s perception of reality. In most deepfakes, the legitimate person’s face or body has been digitally altered to appear to be someone else’s. Well known deepfakes have been created using movie stars and even poorly produced videos of world leaders.

Removing the malicious part of the definition, deepfakes have been used in the film industry for quite some time to de-age actors (think Luke Skywalker in The Mandalorian) or resurrect deceased actors for roles or voiceovers (think Carey Fisher in Rogue One – okay, can you tell I’m a Star Wars geek?). Cybercriminals have latched on to the technology, using AI-generated deepfakes in conjunction with business email compromise (also known as whaling and CEO fraud) to scam organizations out of massive amounts of money.

Just recently, a finance worker at an international firm was tricked into wrongly paying out $25 million to cybercriminals using deepfake technology to pose as the company’s Chief Financial Officer during a video conference. And it wasn’t just one deepfake! The fraudsters generated deepfakes of several other members of the staff, removing any red flags that it wasn’t a legitimate virtual meeting. As a subordinate, would you refuse a request from your boss that is made face-to-face (albeit virtually)? You might be savvy enough, but most employees aren’t willing to risk upsetting their boss.

The days of just sending suspicious emails to spam is no longer adequate. Our Spidey Sense (the B.S. Reflex I talk about in my keynotes) must be attuned to more than business email and phone compromise. We have entered the age of Business Communication Compromise, which encompasses email, video conferences, phone calls, FaceTime, texts, Slack, WhatsApp, Instagram, Snap and all other forms of communication. It takes a rewiring of the brain; TO NOT BELIEVE WHAT YOU SEE. AI is so effective and believable that workers may even feel like they are being silly or paranoid for questioning a video’s validity. But I’m sure as the employee who lost their organization $25M can attest, it’s way less expensive to be safe than sorry.

The solution to not falling prey to deepfake scams is similar to the tools used to detect and deter any type of social engineering or human manipulation. Empowering your employees, executives and customers with a sophisticated but simple reflex is the most powerful way to avoid huge losses to fraud. When you build such a fraud reflex, people will be less likely to ignore their gut feeling when something is “off.” And that moment of pause, that willingness to verify before sharing information or sending money, is like gold. These are the skills that I emphasize and flesh out in my newly-crafted keynote speech, Savvy Cybersecurity in a World of Weaponized A.I.

Get in touch if you’d like to learn more about how I will customize a keynote for your organization to prepare your people for the whole new world of AI cybercrime. Email contact@sileo.com or call 303.777.3221.

Beware Cyber Security Grinches & Holiday Scams

[youtube https://www.youtube.com/watch?v=gERBwp1o-yE&rel=0]

‘Tis the season to receive holiday scams in your email, on your Facebook page and via text. But you won’t be singing tra la la la la if you click on links that install malware on your computer! More and more of us seem to be conducting our holiday shopping online, and the cyber security Grinches are taking advantage of this new-found holiday convenience. There are several varieties of holiday scams that seem to come around each year.

The first red flag might be the Subject line of the email: “Order Confirmation”, “Acknowledgement of Order”, “Order Status”, “Thanks for Your Order”, “Problem With Your Order”, “Delivery Failure”, “Canceling Your Scheduled Delivery”, etc. It may tell you that an order is ready for you and you just need to click on the link to get the information about how to redeem it. Or, it may play on your fear of not getting a package out before Christmas and say you haven’t provided a correct address – this is a fear-based holiday scam.

Holiday scams usually appear to come from well-known companies, are VERY realistic looking and even use actual logos.

Once you click on the link, however, malware is installed on your computer that may gather email credentials, credit card data, logins and passwords in addition to making your computer a magnet for junk mail. It can also deploy a scanning technology that uses your computer to scan websites for vulnerabilities and then hack them!

Cyber Grinch or Real Deal? How to Tell the Difference…

If you do receive an email, scammy or otherwise, even if you did indeed order from that store, follow these steps:

  1. DO NOT CLICK ON ANY LINKS IN THE EMAIL!
  2. Instead, open your web browser and type in the merchant site and log in to your account (which you had to establish to order from them).
  3. If it the email you received was about a legitimate order, they will provide you with an order or reference number which you can type into their website to verify activity.

In other words, verify that the email is legitimate by going directly to the site; don’t depend on the email. If for some reason you did click on a link that brought you to a website, make sure that you don’t click any more times on that site, and don’t fill out any information that they might be requesting.

(For more solutions to common scams related to the holidays, or really, all year long, check out our entire 12 Days to a Safe Christmas blog series.)

When not protecting readers around the holidays, John Sileo is an an award-winning author and keynote speaker on identity theft, cyber security, internet privacy & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.
[youtube https://www.youtube.com/watch?v=B1st4gzcdLs&rel=0]