this post was submitted on 06 Feb 2024
202 points (98.1% liked)

Technology

59092 readers
6622 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L4s@lemmy.world
L3s@fry.gs
L4s@fry.gs
enu@lemmy.world
202
Deepfake scammer walks off with $25 million in first-of-its-kind AI heist (arstechnica.com)
submitted 9 months ago by L4s@lemmy.world to c/technology@lemmy.world
22 comments fedilink hide all child comments
 

Deepfake scammer walks off with $25 million in first-of-its-kind AI heist::Hong Kong firm tricked by simulation of multiple real people in video chat, including voices.

you are viewing a single comment's thread
view the rest of the comments
[–] redcalcium@lemmy.institute 18 points 9 months ago* (last edited 9 months ago)

Acting senior superintendent Baron Chan Shun-ching of the Hong Kong police emphasized the novelty of this scam, noting that it was the first instance in Hong Kong where victims were deceived in a multi-person video conference setting. He pointed out the scammer's strategy of not engaging directly with the victim beyond requesting a self-introduction, which made the scam more convincing.

The police have offered tips for verifying the authenticity of individuals in video calls, such as asking them to move their heads or answer questions that confirm their identity, especially when money transfer requests are involved. Another potential solution to deepfake scams in corporate environments is to equip every employee with an encrypted key pair, establishing trust by signing public keys at in-person meetings. Later, in remote communications, those signed keys could be used to authenticate parties within the meeting.

If you're a rank-and-file employee in a virtual meeting with your company's top brass, it probably won't occur in your mind to ask them to turn their heads to see if it'll glitch. The scammers can just act offended and ignore your request instead. Chance that you're going to fear for your employment and apologize profusely.

The key exchange mechanism suggested by the article sounds impractical because the employees from HK likely never meet the CFO from UK in person. Maybe the corporate video conferencing system should have a company-wide key registry, but if the scammers managed to hack in and insert their own key or steal a top brass's video conferencing accounts, then it'll probably moot.