The rise of deep fake video scams is imminent and represents a significant threat to businesses. With advancements in artificial intelligence (AI), creating realistic fake videos and audio recordings has never been easier. This development raises the stakes for both individuals and organizations globally, making it imperative for them to implement strong security measures. Jim Egelston, IT Operations Manager at MIS Solutions, discussed how companies can safeguard themselves against these evolving threats.
The Rise of Deep Fake Video Scams
Celebrities and politicians aren’t the only ones at risk of being victimized by deep fake technology. Recently an employee of a large corporation in Hong Kong was duped into wiring $25.6 million to scammers. This incident occurred during a video call, where the employee believed he was communicating with the company’s CFO. Unbeknownst to him, all of the attendees in the video conference were deep fake AI entities. As a result, the employee acted on the fraudulent request, transferring millions to the scammers’ account.
Jim remarked on the severity of the situation, noting, “AI is getting better and better all the time. It’s making it easier for almost anyone to create a deep fake video. Unfortunately, this means we will see more of these scams, and they will be harder to detect.”
Recognizing the Threat
The threat of deep fake technology extends beyond multinational corporations – it can affect any business. With AI-generated videos becoming more sophisticated, individuals and organizations must stay vigilant. Jim stressed the importance of suspicion and scrutiny when receiving requests for sensitive information or financial transactions, even if the source appears familiar.
Implementing Protective Measures
Given the growing risks, businesses must adopt several administrative controls to safeguard against deep fake scams:
1. Call to Verify the Request
When receiving a request via video or phone call, the recipient should disconnect and then make a quick phone call back to the requester to verify its legitimacy. “A quick yes or no answer solves the problem,” said Jim. It’s important to call, rather than email or text, as scammers can intercept unsecure emails and texts.
2. Two-Step Verification
Beyond phone calls, companies can employ two-step verification methods before proceeding with any request. For example, consider requiring all financial requests, such as changes in banking information or wire transfers, to be verified and approved by both a manager and a designated approver.
3. Secret Code Words
Another effective security measure is the use of secret code words or verbal passwords known only by the manager and approver.
This concept extends beyond corporate use and can even be employed by families. Here are a couple of scenarios where a family secret code word can help determine if a video or audio is real or fake:
You receive a phone call from your college-aged child saying they’re in serious trouble and they need you to wire them money asap. Or your younger child, who is supposed to be in school, calls to say they’ve been kidnapped. In situations like these, it’s easy to freak out. Asking your “child” to repeat the code word will reveal a deep fake and save you from panic and sending money to a devious criminal.
Final Thoughts and Recommendations
As deep fake technology becomes more sophisticated and accessible, the potential for harm increases. Businesses and individuals alike need to stay vigilant and adopt various administrative and verification methods to protect themselves against these threats. While AI has the power to bring significant innovations and improvements, it also has the potential to be used maliciously.
Businesses can take significant steps to protect themselves against deep fake scams by employing the following measures.
Create a Culture of Skepticism
Encourage employees to be cautious when responding to requests involving sensitive information or financial transactions. Suspicious behavior should be reported and investigated thoroughly.
Provide Continuous Education and Training
Educate employees regularly about the risks associated with deep fake technology and other scams. Training sessions can help staff recognize potential red flags and reinforce the importance of verification protocols.
Update Policies and Procedures
Institute robust policies and procedures designed to mitigate the risks posed by deep fake scams, including detailed verification steps for high-stakes transactions.
Leverage Technology
Utilizing advanced software solutions that can detect anomalies in video and audio communications. These tools can provide an additional layer of security by identifying deep fake content based on inconsistencies or digital artifacts.
Build a Multi-layered Defense
Combining administrative controls, technical measures, and human vigilance to form a comprehensive defense against deep fake threats. No single solution is foolproof; a multi-layered approach is essential for robust protection.
Conclusion
The rise of deep fake video scams underscores the need for heightened awareness and proactive measures. By implementing effective verification processes, leveraging technology, and fostering a security-conscious culture, businesses can significantly reduce their vulnerability to these sophisticated threats. As deep fake technology continues to evolve, so must our strategies for combating it.
Stay informed, stay cautious, and protect your business from the ever-evolving landscape of digital threats.