Technological innovation brings both promise and peril. From QR code fraud to phishing attacks, scammers are now exploiting new technologies like artificial intelligence (AI) to enhance their scams such that it’s even more unassuming. Case in point: an employee in Hong Kong, duped by AI-generated fakes¹, transferred HK$200 million after a video call with supposed senior officers of her organisation.

This incident is alarming not just to large corporations, but even more so for micro and small businesses (SMEs). Phishing emails, once given away by poor grammar and spelling, now evade detection thanks to advanced language models like ChatGPT. More so now with the use of Generative AI, it makes cybercrime almost impossible to detect even with the best security protocols. SMEs need to remain vigilant against social engineering scams – especially now that they’re reinforced with gen AI deep fakes.

Previously, we’ve shared about how you can guard your business against social engineering and phishing scams – in this fourth instalment, we’ve put together the key information you and your employees should know to avoid being scammed by deep fakes.

The anatomy of a deep fake

Deep fakes, a product of gen AI, are manipulated audio and video recordings that convincingly depict individuals saying or doing things they never did. Anyone with access to a computer and the internet can now create realistic audio and video content from old footage and text prompts. This level of sophistication blurs the line between authentic communications and fraudulent ones.

Executing a deep fake scam requires time and effort, but its effectiveness makes it worthwhile for cybercriminals. They first gather extensive data on their target, scouring social media profiles and public records for personal details.

Once the scammers find what they need, they feed the information into AI programmes and use this model to create convincing simulations of interactions. Employees who are targeted by scammers, for instance, might receive a video call from their supposed CEO or Business Lead, instructing them to execute a business transaction. Before you know it, money has been funnelled out of the SMEs’ account into the scammer’s pockets.

Detecting and avoiding deep fake scams

Unfortunately, social engineering scams aided by deep fakes can deceive even the most vigilant. Still, there are some ways to detect a deep fake and avoid falling prey to these new-age scams.

1. Verify identities.

Once a request has been made, ensure that the person asking is really who they say they are. This is your best protection against being scammed. Remember, ANEXT Bank does not conduct video calls with SMEs regarding request of business or banking information, or even to share promotions deemed as a limited-time offer to induce a sense of urgency. Should you or your employees receive such a request, report it immediately to us and the police.

2. Do not share sensitive company information.

Even after identity verification of the caller, make sure that you and your employees do not disclose sensitive information too quickly. Requests for passwords, authentication keys, and other similar data are a red flag. ANEXT Bank will never request for your one-time-password, bank account details, or passwords. Neither will we request money transfers to secure the funds in your business account or to open a new, high-yielding fixed deposit account. If prompted to disclose such information or perform such transactions, refuse and report the incident immediately.

3. Watch for inconsistencies.

Lastly during the call, look out for cues such as unnatural colouring, body movement, and lack of emotion, which are common indicators of deep fakes. Scrutinise facial cues for signs of artificiality, including unnatural eye movements and misalignment of facial features. Testing the video with an unexpected remark or a localised joke can further reveal discrepancies that suggest manipulation.

Vigilance and awareness are key

Outsmarting cybercriminals requires you to always keep your guard up and maintain these baseline security hygiene practices and checks – starting with a regular update of your account passwords – especially those accounts that have sensitive business information and high privilege access. Do only install legitimate versions of software and update them regularly to prevent exploits; lastly opt for secure channels when handling sensitive transactions. If you suspect fraud, don’t hesitate to temporarily suspend your ANEXT Business Account until the issue has been thoroughly investigated and resolved. With these measures, you can shield yourself and your business from financial harm in a world that’s being constantly reshaped by AI.