Pierluigi Paganini February 05, 2024

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds.

Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds.

The employee attended a video conference call with deepfake recreations of the company’s chief financial officer (CFO) and other employees who instructed him to transfer the funds.

The news was reported by The South China Morning Post, however the local authorities did not name the company.

“Everyone present on the video calls except the victim was a fake representation of real people. The scammers applied deepfake technology to turn publicly available video and other footage into convincing versions of the meeting’s participants.” reads the post published by The South China Morning Post.

The scammers used publicly available footage of the company employees and used deepfake technology to create fake versions of the participants of the meeting.

Crooks targeted an employee in the finance department of the company. They send an email to the employee urging him to participate in a video call with the UK-based CFO to receive instructions for transactions to be performed.

The employee executed the money transfers during the meeting and transferred around HK$200 million to five bank accounts, with 15 transactions.

The employee discovered the scam a week later and notified the company and local authorities.

“Hong Kong police senior superintendent Baron Chan said that during the video call, the employee was asked to do a self-introduction, but did not interact with anyone else.” reported the website The Star.

“The “fake” colleagues gave orders to the victim, and the meeting ended abruptly after, added Chan.”

The police revealed that the scammers also targeted other employees of the company with the same technique, but the attempts failed.

The investigation is still ongoing, the police have yet to identify the gang behind the scam

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, deepfake)