What kind of company let’s a single employee transfer that amount of money without multiple different password entries or checks from different people though, seriously?

Doesn’t matter if they had a conference call with what appeared to be certain people as the article says they could easily have used key pair verification such as pgp. Sounds like poor security all around especially considering the amounts involved.

Acting senior superintendent Baron Chan Shun-ching of the Hong Kong police emphasized the novelty of this scam, noting that it was the first instance in Hong Kong where victims were deceived in a multi-person video conference setting. He pointed out the scammer’s strategy of not engaging directly with the victim beyond requesting a self-introduction, which made the scam more convincing.

The police have offered tips for verifying the authenticity of individuals in video calls, such as asking them to move their heads or answer questions that confirm their identity, especially when money transfer requests are involved. Another potential solution to deepfake scams in corporate environments is to equip every employee with an encrypted key pair, establishing trust by signing public keys at in-person meetings. Later, in remote communications, those signed keys could be used to authenticate parties within the meeting.

If you’re a rank-and-file employee in a virtual meeting with your company’s top brass, it probably won’t occur in your mind to ask them to turn their heads to see if it’ll glitch. The scammers can just act offended and ignore your request instead. Chance that you’re going to fear for your employment and apologize profusely.

The key exchange mechanism suggested by the article sounds impractical because the employees from HK likely never meet the CFO from UK in person. Maybe the corporate video conferencing system should have a company-wide key registry, but if the scammers managed to hack in and insert their own key or steal a top brass’s video conferencing accounts, then it’ll probably moot.

This is incredible. And scary. And incredible. I would hate to be the poor sap that fell for it though, oof.

I’d like to hear the whole story, like how hold was the scammed guy etc.

To me it smells like he was an accomplice, or a very old person who is full of his company shit.

Used to be so easy to spot scams and fakes, this stuff now is getting scary. I wonder if this will slow things down as we require face to face and in person confirmation.

And why can’t they claw back the funds through traditional banking? It’s not like they sent crypto to a unknown address

This is the best summary I could come up with:

Deepfakes utilize AI tools to create highly convincing fake videos or audio recordings, posing significant challenges for individuals and organizations to discern real from fabricated content.

This incident marks the first of its kind in Hong Kong involving a large sum and the use of deepfake technology to simulate a multi-person video conference where all participants (except the victim) were fabricated images of real individuals.

Despite initial doubts, the employee was convinced enough by the presence of the CFO and others in a group video call to make 15 transfers totaling HK$200 million to five different Hong Kong bank accounts.

The high-tech theft underscores the growing concern over new uses of AI technology, which has been spotlighted recently due to incidents like the spread of fake explicit images of pop superstar Taylor Swift.

Over the past year, scammers have been using audio deepfake technology to scam people out of money by impersonating loved ones in trouble.

The police have offered tips for verifying the authenticity of individuals in video calls, such as asking them to move their heads or answer questions that confirm their identity, especially when money transfer requests are involved.

The original article contains 519 words, the summary contains 192 words. Saved 63%. I’m a bot and I’m open source!

That’s scary but at the smme time super cool. I mean kudos to the thieves, they did the hard work apparently.