Pierluigi Paganini April 12, 2024

Crooks targeted a LastPass employee using deepfake technology to impersonate the company’s CEO in a fraudulent scheme.

In a fraudulent scheme, criminals used deepfake technology to impersonate LastPass ‘s CEO, targeting an employee of the company.

The attack occurred this week, but the employed recognized the attack and the attempt failed. According to the password management software firm, the employee was contacted outside of the business hours.

Deepfakes are created using generative AI, attackers manipulate audio and/or visual data to fabricate content of interest of a targeted individual. The rise in quality and accessibility of deepfake technology poses concerns for both political and private sectors, with numerous readily available tools enabling their creation.

“In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp.” reported LastPass. “As the attempted communication was outside of normal business communication channels and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally.”

The employee ignored the contact and reported the attempt to the security team, the company confirmed that the incident did not impact the company.

LastPass shared the incident to raise awareness about using deepfakes for CEO fraud and other scams.

In October 2022, cybersecurity firm Resecurity identified a new spike of underground services enabling bad actors to generate deepfakes. According to company, this may be used for political propaganda, foreign influence activity, disinformation, scams, and fraud. 

“Impressing the importance of verifying potentially suspicious contacts by individuals claiming to be with your company through established and approved internal communications channels is an important lesson to take away from this attempt.” concludes the report.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Hacking, deepfakes)