Company worker in Hong Kong pays out £20m in deepfake video call scam

Publisher
The Guardian
Date published
February 2024

Relevant impacts: Security impact, Financial impact, Business impact.

Hong Kong police have launched an investigation after an employee at an unnamed company claimed she was duped into paying HK$200m (£20m) of her firm’s money to fraudsters in a deepfake video conference call.

Hong Kong’s public broadcaster, RTHK, reported that the employee was a clerk working for an unnamed multinational firm. It quoted acting Hong Kong Police senior superintendent Baron Chan as speculating that the fraudster used artificial intelligence to dupe the worker.

“[The fraudster] invited the informant [clerk] to a video conference that would have many participants. Because the people in the video conference looked like the real people, the informant … made 15 transactions as instructed to 5 local bank accounts, which came to a total of HK$200m,” he said.

“We can see from this case that fraudsters are able to use AI technology in online meetings, so people must be vigilant even in meetings with lots of participants.”.

Access the source

Related fraudster personas

The Impersonator

The Impersonator pretends they are another person or entity to dishonestly gain personal benefits.

The Deceiver

The Deceiver makes others believe something that is not true to dishonestly gain personal benefits.

Related countermeasures

Confirm identity

Confirm the identity or attribute of the individual. Evidence of identity should be collected and verified using policies, rules, processes and systems to make sure only known, authorised identities can gain access to information stored in networks and systems.

Authenticate identity

Authenticate customer or third-party identities during each interaction to confirm the person owns the identity record they are trying to access.

Unique identifiers

Create and use unique and random identifiers to avoid misuse, such as: unique and random account numbers, claim references or asset numbers.

Verify information

Verify any requests or claim information you receive with an independent and credible source.

Segregation of duties

Separate duties by allocating tasks and associated privileges for a business process to multiple staff. This is very important in areas such as payroll, finance, procurement, contract management and human resources. Systems help to enforce the strong separation of duties. This is also known as segregation of duties.

Incident reporting

Report on incidents or breaches to help identify if further investigation is required. Clients, public officials or contractors can take advantage of a lack of reporting and transparency to commit fraud, act corruptly and avoid exposure.

Submit a case study

We'd like to hear from you if you have a case study to share.

Submit your case study

Was this page helpful?