How to Avoid a Business Email Deepfake Scam

Do you think you’d know the difference between your actual boss and an AI fake version on a video call? You’d like to think so, but sophisticated technology makes it exceptionally difficult to tell the difference between truth and deception. Imagine how difficult it is to distinguish a legit email from a counterfeit one. In the story we’ll explore below, scammers extorted $25 million from a company during one deepfake scam video call.

This isn’t an isolated case. It’s estimated that a cybersecurity attack takes place every 2 seconds (Cybersecurity Ventures). Recent research shows that one in five businesses were victims of a cyber attack 2022-2023 (Aviva). And cybercrime is predicted to cost the world an alarming $10.5 trillion annually by 2025 (Cybercrime Magazine). 

In this blog, we’ll share a super sophisticated business email deepfake scam and provide expert insights on how you can reduce the risk of it happening to you.

How a Multinational Company Fell for a $25million Business Email Deepfake Scam

If you received an email, meeting invite or a video call from your CFO, would you question its authenticity? This was the situation for a Hong Kong based finance worker. The employee at a multinational company believed that they were in a video conference with their CFO and colleagues. The reality was that everyone on the call, the CFO included, was a deepfake scam impersonation.

When the employee was asked to authorize a huge financial transaction to the sum of $25 million, they did as they were told. Whilst they’d had some early suspicions when they’d received an email about a secret transaction, the video call with authority figures that they recognized allayed their fears. So sophisticated were these AI-generated images, that they complied with the scammer’s request (MSN). 

The Rise of Whaling and Other Business Email Phishing Attacks

This deepfake scam story may sound unbelievable but it’s a fairly typical case of whaling. Whaling is a type of phishing that targets a very specific person, rather than a broad number of users. That person being targeted will be a big ticket item, typically a senior executive. The contact, such as an email or meeting invite, seems genuine and is likely to include personalized information about the targeted company or person. Whaling is one of the biggest risks facing businesses today. 

How to Optimize Business Email Security With Planck

You may think that you’ve taken steps to ensure your business emails remain secure. The truth in most cases is that businesses are not doing enough, and leave themselves vulnerable to email cybersecurity attacks. 

91% of cyber attacks start with email, and in most of the cases they’re hosted on well-known services that are believed to provide built-in security. To prevent these attacks at the source, you can make your communication intrinsically more secure with Planck's business email security solutions. Planck validates the identity of senders with full certainty, preventing whaling and other phishing attacks like the one described in this article. 

With Planck, the recipient would have been able to verify that the email invite came from the CFO rather than an outside adversary. Planck would have identified that the meeting wasn’t legitimate. With Planck installed, you can easily define a process that asks every payment request to be sent by verified email. That provides another obstacle for the attackers and an additional level of security for you. 

Reduce your risk of attack and make your communication intrinsically more secure with Planck’s email solutions. It’s the most effective and easy-to-use business communication protection software on the market. 

Planck’s solutions are designed to protect enterprises from sophisticated cyber threats, like a deepfake scam. Our simple yet sophisticated plugin works seamlessly with your existing email service provider to optimize its security on many levels. 

Contact us to discuss your unique business email security requirements. 

Recent posts

Insight

Top 5 Security and Privacy Conferences to Attend in 2024

In the rapidly evolving landscape of cybersecurity, marked by constant advancements and evolving threats...

Insight

Successful Email Security Strategies for IP Protection

In this fast-paced digital landscape, where information flows seamlessly, intellectual property (IP), in...

Insight

Zero Trust and Cloud Services: How a Layered Approach Strikes a Balance Between Convenience an...

The Place of Cloud Services in the Modern Business Environment: An Overview Since its first steps in the...