Cyber criminals have used artificial intelligence (AI) and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of $243,000 (201,000).
In March this year, what is believed to be an unknown hacker group is said to have exploited AI-powered software to mimic the prominent business leader's voice to fool his subordinate, the CEO of a UK-based energy subsidiary, according to the Wall Street Journal (WSJ).
The hackers were then able to convince the CEO to carry out transactions in the guise of urgent funds destined for its German parent company.
It's believed that the fraudsters phoned the UK-based CEO to demand a transfer to a Hungarian supplier. They contacted him again, still impersonating the parent company's chief executive, to reassure him the transfer would be reimbursed.
The CEO was then contacted a third time, before any reimbursement funds had appeared, to request a second urgent transfer. It was at this point the CEO became suspicious and declined to make any further payments.
The funds that were transferred to Hungary, however, were soon moved on to Mexico and various other locations, with law enforcement still looking for suspects.
This social engineering attack could be a sign for things to come, according to ESET cyber security specialist Jake Moore, who expects to see a huge rise in machine-learned cyber crimes in the near future.
"We have already seen DeepFakes imitate celebrities and public figures in video format, but these have taken around 17 hours of footage to create convincingly," he said.
"Being able to fake voices takes fewer recordings to produce. As computing power increases, we are starting to see these become even easier to create, which paints a scary picture ahead."
With enterprise security practices becoming more robust with time, criminals may increasingly look to staff as the most easily-exploitable gaps in an organisation's defence.
Social engineering has, indeed, grown to be far more sophisticated in recent years with employees faced with slicker phishing campaigns and highly targeted attempts at deception.
"To reduce risks it is imperative not only to make people aware that such imitations are possible now, but also to include verification techniques before any money is transferred," Moore added.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to knowNews Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
-
Phishing campaign targets developers with fake CrowdStrike job offersNews Victims are drawn in with the promise of an interview for a junior developer role at CrowdStrike
-
Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a weekNews Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
-
Malware being pushed to businesses by search engines remains a pervasive threatNews High-profile malvertising campaigns in recent months have surged
-
CISA: Phishing campaign targeting US federal agencies went undetected for monthsNews Threat actors used legitimate remote access software to maliciously target federal employees
-
Google Ads malvertising campaign prompts questions around Search securityNews A leading security researcher has called into question why Google still allows malware links to top search results
-
Uber hacked via basic smishing attackNews The self-taught hacker impersonated an IT worker to gain an Uber employee's password, obtaining broad access to internal systems and posting taunting messages
