A First of Its Kind: The $25 Million Deepfake Scam

AI Deepfakes are on the hype cycle today, thanks to a 被骗支付2500万美元的首席财务官 to a scammer.

This is a very real and current threat to organizations of all types and sizes. While the regulatory landscape around deepfakes continues its struggle to strike a balance of depth and breadth, all business leaders should prepare to respond to an inevitable attack (currently, 没有针对深度造假的联邦法律, though the creation and/or distribution of deepfakes is illegal in some U.S. states).

对于那些刚接触这项技术的人, deepfakes are AI-generated videos or audio clips that make it appear as though someone is saying or doing something that they never did. In this instance, a finance worker was tricked into processing a $25.支付给骗子600万 using deepfake AI to pose as the company’s CFO on a conference call (in fact, 电话里的每个人都是假的). Here are some tips to help prevent and detect deepfakes.

如何在您的企业中防止深度假冒

• 从优先考虑网络意识培训开始
• Incorporate a corroborative verbal and/or physical approval process for certain financial transactions
• Maintain a secret code word/phrase with other organizational leaders
• Test your response to a variety of incidents through a tabletop test scenario
• Tighten up and TEST logical security controls (MFA, password-management or PAM tool, etc.)

如何在您的企业中检测深度伪造

有几个迹象表明深度造假, 当你知道要找什么时, 肉眼还能看出来吗. Be on the lookout for: 

• 皮肤或身体部位有任何异常
• 视觉模糊或错位
• 音频/视频不一致
• Unnatural coloring/shape (lips, teeth, skin coloration or facial hair compared to face)
• 脸上不切实际的美纹
• 不寻常的情绪反应
• Unusual eye movement or blinking, mouth/body movements or posture or facial expressions
• 眼镜上不寻常的眩光
• 身体或眼睛周围有不寻常的阴影

从软件的角度来看, you should also consider tools that automatically look for AI-generated glitches and patterns to separate legitimate audio/video from fake through hashtag discrepancies, 数字指纹和反向图像搜索.

Deepfake attacks are evolving rapidly in sophistication and accuracy, and failure to swiftly recognize the very real potential of these attacks can have severe implications for businesses across all industries.

关于施耐德唐斯网络安全

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? 订阅我们的双周通讯， Focus on Cybersecurity, at rainierbeachhs.3111427.com/subscribe. 

要了解更多信息，请访问我们专门的 Cybersecurity page.