Forbes reported that a second known Deep Fake Voice Scam took place in 2020. A bank manager in the UAE authorized over USD 35 million in bank transfers on behalf of victims in a highly sophisticated deep fake voice scam that included up to 17 scammers.
- Knowbe4 blogged about the first known deep voice scam in September of 2019, which nailed a company in the UK. DEEP FAKE CEO’s VOICE USED TO STEAL $243,000 USD IN SOCIAL ENGINEERING BEC SCAM!
Forbes became aware of the documents filled in the US Federal courts when the victim attempted to recover more than USD 400,000 transferred to several accounts spread all over the world and at Centennial Bank in the US authorized by the bank manager.
The UAE bank manager had previously known the Director from investment dealings. The scammers did their OSINT research and created “a good enough” deep voice fake convincing the bank manager to authorized transfers under the ruse that The Director was making an imminent investment. To add more ammo they also spoofed and impersonated a real lawyer in emails to appear he was helping with the transaction that the Director referenced in the deep fake voice clone. When the bank manager received the emails from the scammers, they were seen as more credible. Inspecting these emails might have been a social engineering red flag to someone who had stepped through Security Awareness Training. Any bank authorization transfer should be given zero trust and require follow up with further authentication methods to avoid spoofing.
United States District Court for the District of Columbia
“The caller told the branch manager by phone and email that the Victim Company was about to acquire another company and that a lawyer named Martin Zelner ( Zelner ) had been authorized to coordinate procedures for the acquisition. The branch manager then received several emails from Zelner regarding the acquisition, including a letter of authorization from the Director to Zelner . Because of these communications, when Zelner asked the branch manager to transfer USD 35 million to several accounts as part of the acquisition, the branch manager followed his instructions.”
Takeaway: It’s highly recommended that your company’s C-Suite employees step through Security Awareness Training to help prevent falling victim to a very costly social engineering scam. With this second reported deep fake we need to take them seriously. It only takes one to succeed. Lower level employees still need to have training so they are aware of these scams so as not to unwillingly provide access to the network.
Read more here.