Cybersecurity

Company heads and managers in the crosshairs of fraudsters

Increasingly sophisticated attacks: Hong Kong video conference with fake executives generated entirely by artificial intelligence

2' min read

2' min read

In the field of cybercrime, there is always talk of ransomware, that attack that locks up computers in companies by encrypting their data, followed by a demand for money to restore them. But the real king of extortion today is considered to be Bec (business email compromise), known in Italy as the ceo scam. According to Statista, in the US alone, almost three billion dollars were extorted with this technique in 2023. Basically, the criminals manage to compromise a computer that has access to an important mail account (usually the ceo, the company owner or one of the executive secretaries) and exploit the correspondence to understand how internal procedures work. When they have figured out the right buttons to press, they take advantage of the ceo's absence (on a trip to an area not covered by mobile phone such as an aeroplane flight or similar) to send a bogus message to the person ordering the payments and get a quick delivery of a sum congruent with the company's turnover. Those who receive instructions do so from a mail account they trust because they do not know that it has been compromised, they see that standard procedures are followed and quoted, and they cannot ask the ceo, or the manager on duty, for confirmation because he is not reachable, but the payment is urgent and so they execute it. The criminals quickly make the money disappear and it is often impossible to recover the ill-gotten gains. As it is, this technique is very effective, but now artificial intelligence has arrived with deepfakes, a technology that makes it possible to transform one person's voice into that of another or to replace a face in a video with that of someone else.

This means that following the e-mail requesting urgent payment, the criminal can phone the payment clerk and speak to him in the voice of his boss, confirming the necessary transactions. But there is an even more incredible version. In February this year, a bank in Hong Kong lost about USD 25 million in an attack conducted via a fake video conference. An employee with the ability to make large payments was invited to a video conference between several managers, who in a business discussion ordered the employee to move a large sum of money. The investigation that followed the theft established that the only 'real' person on the video call was the employee, while the other managers were all artificial intelligence-created videos with perfectly recreated faces and voices. While procedures used to be important to avoid payment fraud, they have now become indispensable and must be particularly stringent to cope with the new capabilities of artificial intelligence.

Loading...
Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti