Artificial intelligence (AI) is revolutionizing our daily lives and workplaces by automating tasks and creating and analyzing content at an unprecedented speed. However, fraudsters also use these same tools.
AI-based scams take many forms: cloned voices, deepfake videos, automatically generated emails, etc. Some scams involve impersonating a CEO or colleague to manipulate an employee or divert funds. Others just try to provoke a quick reaction by triggering your emotions.
The problem is that these messages often seem authentic. A familiar tone, professional language, or even a known voice can be enough to trick people, especially when there is a sense of urgency.
Beware of messages that are “too perfect”
- A faultless email in a perfect tone is very possibly AI generated.
A professional message does not always guarantee trustworthiness. Be careful if you see:
- an unusual request (pay, click, share access);
- a pressing or urgent tone;
- an email address or link that does not look quite right.
If something seems too perfect or urgent, take the time to check before taking action.
Five reflexes to use AI without getting scammed
- Validate your sources: A name or a photo is not enough. Confirm any unusual requests by another means (call, meeting, text to a known number).
- Protect your data: Any shared information can be used to create fake profiles. Avoid entering sensitive data, even into AI tools.
- Stay in control: A message that urges you to act quickly or skip a procedure should raise red flags. Urgency is often a sign of a trap.
- Be on the lookout for sophisticated scams: AI makes scams harder to detect. If it seems too good to be true, do further research.
- Learn how to spot deepfakes: A video or familiar voice can be faked. Pay close attention to details such as expressions, fluidity, or visual and sound inconsistencies.
Real-life cases: When fake looks real US$25M deepfake videoconference scam
In 2024, an employee at Arup’s Hong Kong office was tricked by an unprecedented scam. He received an email seemingly sent by the company’s CFO inviting him to a “secret” videoconference. On the screen, he saw and heard what appeared to be several of the company’s senior executives, who insisted on the urgency of the transactions. In fact, the faces and voices were AI-generated deepfakes. Convinced of the legitimacy of the instructions, the employee made 15 transfers, totalling US$25M, to bank accounts controlled by the scammers.
When the image of your child becomes a cybersecurity lesson As part of a striking campaign, Deutsche Telekom created a video featuring an AI-generated child that was digitally aged using real images shared online by her parents. It sends a strong message: the deepfake of the daughter addresses the parents directly in a movie theatre, showing them how easy it is to misappropriate photos and videos posted online. An English version of the video with French subtitles is available online (link below).
Cybersecurity is everyone’s business Cybersecurity relies on simple and regular actions. Every user is a key link in the security chain. You can help protect all users by acting cautiously, asking questions, and reporting suspicious behaviours. Protecting your access credentials also strengthens collective security.
For more information:
- Deutsche Telekom campaign on deepfakes (English video with French subtitles)
https://www.youtube.com/watch?v=xrpVBuUDS1s - Arup case analysis by Adaptive Security (English)
https://www.adaptivesecurity.com/blog/arup-deepfake-scam-attack