AI Fraud, Deepfakes & the Death of Trust - Episode 215

On this week's Compliance Unfiltered, AI-driven fraud is escalating, with deepfake voices and synthetic identities posing new threats. This episode reveals how traditional security measures fall short against sophisticated scams, like a $25 million fraud in Hong Kong. Discover innovative detection techniques and why real-time monitoring is crucial. Perfect for security professionals and leaders, this episode is a wake-up call to adapt and protect your organization from AI-enabled deception.

Episode Transcript:

Adam Goslin:
I’m doing good. It is today, Cinco de Mayo. So nicely done.

Todd Coshow:
Thank you, sir. Today we’re going to have a conversation up and down about fraud, but before we get there, I want to make sure that we say thank you to our listeners.

We would love to hear from you. If you’ve got something that you’d like to share, if you have some suggestions or show ideas, please do not hesitate to reach out to us at complianceunfiltered@totalcompliancetracking.com. We’re excited to hear what you have to say.

As I teased just a moment ago, today we are talking about AI fraud, deepfakes, and the death of trust. Let me ask you a kind of off-the-wall question, Adam: if your CEO called asking for a wire transfer, would you trust it? Obviously, in this instance, you are a CEO. In your past life, if you were to receive a call from your CEO, would you trust it?

Adam Goslin:
It’s becoming more and more difficult these days. I was going to say, if I got a call from me, then the cat would be out of the bag.

Looking at it philosophically, it used to be that the bigger concern was somebody taking over an email account and passing you weird messages, or they’ve ghosted out the number and they’re sending texts to your phone from the appropriate number, or phone calls that would come in with somebody trying to mimic their voice or whatever. But nowadays, it’s not a safe assumption.

AI can clone voices. You can clone identities well enough to trick. Let’s say you got a real strong training program and people are going through training not once a year, but twice a year, three times a year, monthly. It’s tough because when you’ve got the capability to mirror off faces, voices, etc., it becomes astronomically difficult to blindly trust.

It’s the same mantra that we’ve had in this arena for quite some period of time. One needs to ask themselves, does what is happening right now feel right? Trust your gut and be a little skeptical because I would much rather have somebody coming in and saying, “Hey, I got this request. I’m coming through a back channel just to validate that this is actually legitimate.” I would rather answer those types of inquiries from my people a hundred times than take one opportunity for somebody to not bother or drop the ball or trust what they were hearing. It’s what these people need to do.

There was a recent thing that happened out of Hong Kong, and this was just fascinating. It was a finance worker in Hong Kong where the fraudsters were using AI deepfake technology. They impersonated the company’s CFO and other colleagues on a video conference call. Initially, the employee was doubting the request, but was convinced when all these different participants in the video call appeared to be familiar staff members. They basically set up this multi-person video call with everybody where everybody except the finance guy was fake.

They basically told them they needed to execute a confidential transaction. That’s why you hadn’t heard about this previously, etc. They convinced this dude on this call to go in, and they did 15 different transfers to five different local bank accounts totaling $25.6 million. They didn’t even figure out what the heck happened until later on, the employee checked the validation with the company’s UK-based headquarters. That’s when they ended up discovering, “No, you’ve just been had.”