Multi-National Corporation Falls Victim to $25.6 Million Deepfake Scam

Over the brief video call, the fraudulent personas directed the employee to transfer HK$200 million into five local bank accounts in 15 installments.

Multi-National Corporation Falls Victim to $25.6 Million Deepfake Scam
Photo by Clint Patterson / Unsplash

Incident, a Hong Kong-based multinational corporation faced a severe financial setback of HK$200 million (US$25.6 million) due to an intricate deepfake scam. Cybercriminals deployed sophisticated deepfake technology to convincingly impersonate key company figures in a video conference, successfully deceiving an unsuspecting employee into executing substantial unauthorized transfers.

The perpetrators meticulously replicated the company's chief financial officer (CFO) and other participants, creating a completely synthetic video call, with the targeted employee being the only genuine participant. This marks the first reported case of a deepfake-related financial scam in Hong Kong, raising concerns about the evolving tactics of cybercriminals using advanced technology.

The duped employee, working in the finance department, received a phishing message in mid-January, allegedly from the UK-based CFO. The message instructed the victim to carry out a confidential transaction. Despite initial skepticism, the employee proceeded after being lured into a group video conference where digitally manipulated representations of the CFO and other seemingly legitimate participants were present.

Over the course of a week, the victim made 15 transfers totaling HK$200 million to five Hong Kong bank accounts, following instructions from the fraudulent video conference. The elaborate scam was only uncovered when the victim sought confirmation from the company's headquarters, revealing that the scammers had digitally fabricated the entire meeting.

Police investigations revealed that the scammers utilized publicly available video and audio footage to create highly convincing deepfake representations of the targeted individuals. The use of deepfake technology extended beyond video calls, with scammers obtaining contact through instant messaging platforms, emails, and additional one-on-one video calls with other employees in the branch.

This case underscores the evolving threat posed by deepfake technology, moving beyond being an online curiosity to a serious financial crime risk. As the accessibility of this technology increases, its potential for misuse is expected to expand.