Allan BerkovitzWednesday, September 4, 2019
The scams are getting better, and we can thank AI for the improved attempts at fooling professionals. It’s not just the foreign representative of Nigerian royalty with promises to pay you back with interest anymore, it’s thanks to AI DeepFakes, a technique for human image and vocal synthesis based on artificial intelligence that can be used to combine and superimpose images, videos, and sound using machine learning to create fake videos and vocals that appear real, that now it’s seemingly your own CFO or CEO demanding you follow through on a bank transfer within the hour. We have crossed a new threshold in the art of scams and likewise need to ramp up our security game to prevent the attacks from succeeding
Recently, the CEO of an energy firm in the UK thought he was following orders from his boss in Germany only to find out later he was being scammed, and only because of his suspicion after the scammer attempted to conduct a transfer a second and third time. The DeepFake was so good, the company CEO in the UK believed he was actually hearing the very same voice, tone, and inflection of speaking that his boss would actually use, until recognizing the out of character multiple requests. The scammer got greedy, but not without already collecting a sizable sum of money.
DeepFakes have become so good that even video representation can be made to fool the public. Just imagine getting a video call from your boss asking you to provide company tax information, or employees contacting you by video to request changes to ACH payroll accounts. This is already happening by spoofing email accounts and texts that fraudulent con artists are conducting via human hacking. Every employee at your company is an asset that can be utilized to hack the system, no matter how expensive and bullet proof your network and firewall is configured.
The solutions to ramping up your security game are plenty. Increase awareness training with your staff to ensure they understand the existence of these types of threats, and train them on what to do in case such a threat arises. Encourage your staff to feel comfortable approaching your IT department with suspicious emails, calls, and texts so your cyber security team can investigate further and take any necessary actions. Most importantly, document everything. If it isn’t written down, it didn’t happen. Any requests that are made, should be done so in writing, by email preferably, or through a request form built into the office environment you already use such as a project management suite, ERP, or even something as simple as a monitored Google Form. Paying special attention to the details in written submissions, such as the senders actual email address compared to the name of the sender being used, or your IT Manager’s investigation into the email header files or IP address to determine where the request came from, can also help prevent subversive attacks on your company’s ecosystem.
If you don’t keep up with the latest in security technology, at least put the effort in to recognize that a proper security policy and employee training can prevent these clever scammers from getting past the first correspondence with your staff. You can stop phishing and hacking with just a small amount of effort and save yourself the trouble of spending tens of thousands or more to undo the damage otherwise. Ramp up your security game, and you too can sleep like a prince at night knowing your company is safe from these advanced attacks.