The increase of remote and hybrid working, as well as digitization and networking of a wide range of devices and systems, has made IT landscapes much more complex. Employees use so many devices – desktop computers, laptops, tablets, phones – that it’s all too easy to unwittingly give out information.
While organizations being exposed to cyber criminals is nothing new, over half of businesses in the U.S and UK have been targets of a financial scam powered by ‘deepfake’ technology, highlighting ‘deepfake’ scams are a high concern.
Head of Offensive Security at Bridewell.The Growing Danger of AI-Generated ‘Colleagues’
In today’s digital landscape, CEOs and CFOs have large digital footprints. They have speeches, interviews and videos across many social media and business channels like YouTube and LinkedIn as well as corporate websites.
And while generative AI has transformed the way people can work and create the vast amount of online content now available is providing criminals with endless material to generate convincing deepfakes, which are being used by scammers worldwide.
In May 2024, British engineering group Arup was duped into transferring $25 million to cybercriminals. The employee attended a video call, where everyone looked and sounded like familiar coworkers and bosses. But everyone in the call was a deepfake, AI-generated imitations of real people used to manipulate the employee into making the transfer.
This wasn’t an isolated incident, either. Advertising group WPP were also targeted for a deepfake scam but thankfully, it was unsuccessful. The group’s CEO detailed the attempted fraud in an email to leadership, warning them to look out for calls claiming to be top executives.
The number of deepfake attacks in the corporate world has surged in recent years. The use of rapidly advancing and now widely available technology is making it possible, and people in workplaces are susceptible to falling for it.
Why does this matter to you
This deepfake technology presents a growing threat to businesses, particularly through financial fraud and so when scams like these happen, the damage isn’t just monetary, it can also come back on you. If you were the one who let the scammer in, accidentally shared sensitive data, or approved a fraudulent request, you could be held accountable, even if you didn’t realize what was happening.
AI-generated deepfakes exploit the element of trust, so while cybercriminals might be targeting your employer, you may be the entry point. Corporate deepfake fraud undermines business confidence and public trust.
Defending Your Employer (and Your Job)
Given how quickly these threats are evolving, organizations and their employees must develop adequate safeguards and policies to stay safe from exploitation.
Take Your Time and Confirm
Make sure you scrutinize and verify before responding to requests received digitally, especially if they include a request to disclose sensitive information or conduct financial transactions. If you’re encouraged to respond to any requests via phone or video call, call back using the channels you’re familiar with to confirm the task.
Watch for Signs of Unusual Behavior
If a co-worker’s voice sounds a bit off or their camera seems strangely blurry, it may be a sign of something unusual. Other signs that can indicate something is amiss include unnatural blinking or speech that is out of sync with their lips. AI and deepfakes can be deceiving, but they’re not perfect.
Create a culture of cyber awareness
Encourage conversations with your colleagues that allow you to take a step back, pause and raise concerns whenever you feel concerned about a request. And while AI can be useful for a myriad of tasks, workplaces need to have detailed guidelines on its use.
Verify Attendees Before Letting Them In
If you’ve been invited to a meeting, double-check the invite to ensure you know who the sender is. If you’re hosting a meeting, it’s worth enabling waiting rooms or lobbies so you can approve who joins.
Don’t Hesitate to Question Unusual IT Assistance
If someone appears in a meeting claiming to be from IT and begins asking you to install software or allow them access, be cautious. Instead, verify with your IT department through your usual work channels about what the procedure is to make changes to your device.
We list the best online cybersecurity course.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
