Nearly two-thirds of finance professionals have been targeted by deepfake fraud, new research shows, with 44% revealing they've actually fallen for the scam.
In a new survey carried out by Medius, nearly three-quarters (73%) of respondents said deepfake technology poses an existential crisis to the business’ financial security.
Despite this, though, eight-in-ten said they'd make a payment if called to do so by a senior figure such as a chief executive or CFO. This, the study noted, is a concerning statistics given that 70% of respondents could make financial transactions independently without being checked.
"Today’s CEOs and CFOs have large digital footprints. They have speeches, interviews and videos plastered across YouTube, LinkedIn and corporate websites," said Ahmed Fessi, chief transformation and information officer at Medius.
"Artificial intelligence (AI) can now use existing online audio content to create fake audio that sounds just like business leaders. Scammers are creating fake audio clips of CEOs and CFOs and calling the finance team asking them to pay bogus suppliers.”
Only 16% of professionals said protecting the business from deepfakes is a top priority, and around a third don’t feel well educated on the matter. Similarly, respondents said they don’t have faith in their colleagues’ ability to identify a potential deepfake fraud attempt.
Only 5% were aware of any technology being used to protect against deepfakes.
"There are three important factors to prevent falling victim to deepfake attacks. One is education: employees should understand the threats and know how to counteract them," Fessi said. "Second is the process. Too many businesses allow employees to make payments without the right checks and balances.”
Late last year, a survey from verification platform Sumsub found a ten-fold increase in the number of deepfakes detected globally across all industries from 2022 to 2023, with Spain the most affected country.
"Deepfakes pave the way for identity theft, scams, and misinformation campaigns on an unprecedented scale," said Pavel Goldman-Kalaydin, head of AI/ML at Sumsub.
According to digital identity firm Signicat, one-in-fifteen fraud attempts now use deepfakes to attack not just B2C companies but also, increasingly, B2B firms.
Cyber criminals are ramping up deepfake fraud attacks
Deepfake scams are by no means a new phenomenon, and have been a popular attack method among cyber criminals since around 2017.
With the emergence of generative AI, however, threat actors have fine-tuned their techniques to create more sophisticated and convincing scams – and to great effect.
There have been several high-profile deepfake scams in recent years, highlighting the potentially devastating consequences of falling prey to this attack method.
Gain visibility into attack paths and identify potential breaches
In May this year, British engineering company Arup fell victim to deepfake fraud after an employee was duped into sending £20 million to criminals posing as a senior staff member.
Earlier this year, British engineering company Arup fell victim to deepfake fraud after an employee was duped into sending £20 million to criminals posing as a senior figure at the firm.
In May, the chief executive of WPP, one of the world’s largest advertising firms, was targeted in a deepfake fraud attempt. On this occasion, however, the individual didn’t fall for the scam.
