The corona pandemic has forced cybercriminals to be more creative. Increasingly, they are using fake videos to scam people, businesses and organizations. They sometimes go as far as deepfaking or imitating the voice of a company’s CEO to shape their scams.
The FBI’s Internet Crime Complaint Center (IC3) warns against this.
CEO fraud, fake invoices and fake videos
Due to the coronavirus, the advice was to work from home as much as possible. Working Netherlands responded to this on a large scale. Because we were less often on the shop floor, many consultations, meetings and get-togethers took place digitally. Employees used programs such as Zoom, Google Meet and Microsoft Teams for this.
This has not gone unnoticed by hackers and cybercriminals. Since the outbreak of the corona pandemic, Business Email Compromise (BEC) has been on the rise. IC3 says it received significantly more reports of BEC fraud between 2019 and 2021. The agency omits precise numbers or percentages.
Traditionally, there are two variants of BEC fraud: a fraudster pretends to be the CEO of a large company ( CEO fraud ), or a scammer sends a ghost or fake invoice to a company. We can now add a third form of fraud: fake video.
Three Ways Cybercriminals Are Using Fake Videos
The FBI’s Internet Scam hotline reports that fake video scams happen in a variety of ways. A common ruse is that a high-ranking employee of the company – for example, the director or financial chief – asks his employees via email to participate in a virtual meeting.
Then a profile photo or deepfake video of the employee appears on the screen and he says that his audio is not working properly. That explains why his voice sounds strange. In reality, it is cybercriminals who have manipulated his face and voice. The CEO then comes up with an excuse to encourage his employees to pay an outstanding invoice. ‘I’m too busy and I don’t have time’ or ‘I’m out today’ are common excuses. Once the money has been transferred, the company can whistle for its money.
Cybercriminals sometimes abuse an employee’s hacked email address to invite themselves to a video meeting. In reality, this is how the scammers try to learn more about the day-to-day business or get their hands on confidential data. A third and final trick is that fraudsters send orders to employees to transfer money to an account via the hacked e-mail address of the CEO. A digital meeting is then used as an excuse for why the director is not in a position to do it himself.
How to avoid falling victim to fake videos
IC3 has listed several tips to protect employees of companies and organizations against this relatively new form of fraud. Most companies structurally use the same program to conduct digital meetings. If an employee or the director suddenly comes up with a proposal to use a different program without discussing it beforehand, there is a good chance that someone is trying to scam you.
Another tip the Complaint Center gives is to use two-factor authentication if someone asks for confidential information. In that case, this person cannot access the data without an access code. Employees would also do well to check the sender’s email address. If this is not a company address but, for example, a Gmail account, it could be that someone is trying to screw things up.
Furthermore, IC3 advises to be aware of URLs that point to malicious pages and not to provide personal or login details via video calling programs. Finally, the agency recommends that you regularly check your own bank account for suspicious transactions.
Catch up on more articles here
Follow us on Twitter here