Hong Kong: $26 million stolen thanks to a deepfake
Cybercriminals spoofed the face and voice of a multinational’s CFO to demand payments from an unsuspecting employee.
On February 5, 2024, Hong Kong police revealed that crooks had used deepfakes to steal around $26 million (around €24 million) from a multinational company. An employee at one of the firm’s Chinese financial centers received « videoconference calls from someone posing as a company executive, asking them to transfer money to designated bank accounts« , local police told AFP.
The videoconference brought together several participants, including the company’s alleged CFO, based in the UK. The only actual human being present was the victim. « The scammers found publicly available videos and audio via YouTube, then used deepfake technology to mimic their voices…to trick the victim into following their instructions, » says Baron Chan, a senior Hong Kong police official. According to him, the deepfakes were pre-recorded, and the fraud involved no dialogue with the victim.
The employee obeyed the false CFO’s orders and authorized 15 money transfers to accounts controlled by the cybercriminals. The total loss is around 200 million Hong Kong dollars (24 million euros). « The investigation is still ongoing, and no arrests have been made so far, » said the police, who did not reveal the name of the targeted company.