Bloomberg reported a story on July 26th that shook the media and alerted businesses across the world to the threat of AI-powered deepfake fraud. The story outlined how a high-powered executive at Ferrari almost fell victim to a sophisticated deepfake scam in which a caller was able to replicate the voice of Benedetto Vigna, Ferrari’s CEO. With global businesses standing to lose millions, this piece of news has underlined the importance of implementing advanced Identity Verification software and protocols within all operations.
Deepfake Fraud and the Ferrari Case Study: What Happened?
On a Tuesday morning like any other, a high-level executive at Ferrari started to receive several text messages that were seemingly from CEO Benedetto Vigna. The messages were coming from an unusual number. One of the messages read, “Hey, did you hear about the big acquisition we’re planning? I could need your help.”
The impersonator then stated he would need the executive to “be ready to sign the Non-Disclosure Agreement our lawyer is set to send you asap.” He continued, “Italy’s market regulator and Milan stock exchange have been already informed. Stay ready and please utmost discretion."
While these messages may fail to seem convincing, the voice call that then followed was far more deceiving. The fraudsters managed to replicate Vigna’s voice, as the impersonation perfectly echoed Vigna’s Italian accent and tone of voice.
The impersonator attempted to explain why he was, in fact, calling from a different phone number, as the nature of the conversation was incredibly confidential, with potential repercussions for China and requiring an unspecified currency-hedge transaction to be done.
“Sorry, Benedetto, but I need to identify you,” the executive said. He asked a question: “What was the title of the book you recommended a few days ago?”
After this verification question, the fraudster was quick to give up on the scheme and ended the call. The incident then led to an internal investigation within Ferrari, but representatives have decided not to comment on the matter.
How Deepfake Fraud Infiltrates Businesses
While this case is alarming, it’s certainly not the first of its kind. Deepfakes have been increasing their reach for several years now, with the number of deepfake videos online increasing by 550% from 2019 to 2023.
Astonishingly over a third of businesses across the US have experienced a deepfake security incident in the last 12 months.
In May, news outlets reported that the CEO of the advertising corporation WPP Plc, Mark Read, was targeted in a very similar scam. An elaborate deepfake was used to imitate the CEO on a Microsoft Teams call. As these AI-powered scams become more accurate, it becomes easier for teams to become victims and stand to lose millions.
Stefano Zanero, a Cybersecurity professor at Italy’s Politecnico di Milano, stated in an interview with Fortune Magazine that,
“It’s just a matter of time and these AI-based deepfake sophistication tools are expected to become incredibly accurate.”
The most likely scenario today for threat actors to use deepfakes is in business email compromise (BEC) attempts. Attackers can then use AI-powered voice and video-cloning technology to trick recipients into making corporate fund transfers.
Unfortunately, many businesses have already fallen victim to these types of scams. One example was reported by the South China Morning Post in February after scammers tricked employees using deepfakes, and an unnamed company faced a loss of HK$200 million ($26 million USD).
Reactions To Deepfakes Around The Globe
In the United Kingdom, the sharing of deepfakes was made illegal under the Online Safety Act, which was passed last year. This decision came about due to the widespread creation of sexually explicit deepfakes.
The EU released the EU AI Act, adopted by the European Parliament on the 13th of March 2024, specifically addresses how deepfakes should be regulated in the EU, stating, ”Users of an AI system that generates or manipulates image, audio or video content that appreciably resembles existing persons, objects, places or other entities or events and would falsely appear to a person to be authentic or truthful (‘deep fake’), shall disclose that the content has been artificially generated or manipulated.”
Though deepfakes are not banned in the EU, the AI Office is preparing codes of practice that will provide further advice on the classification of deepfakes. Whether the UK will follow this initiative or not is yet to be seen, however responses to the government’s AI Whitepaper pushed for increased transparency.
China has adopted specific regulations to target deepfakes directly after several major scandals, leading to the deepfake app ZAO being banned from app stores. This sharply contrasts with the USA’s stance on AI regulation, with no federal laws regarding the creation or sharing of deepfakes. Yet, change might be around the corner, with bills such as the US Senate’s NO FAKES Act being proposed.
Why We Need To Act Now
Despite the fact that scams such as this one are highly publicized online, many organizations remain oblivious to the threat of AI-powered fraud attacks. However, there are technologies that can identify these forms of deepfakes, and every business must leverage them.
Biometric Identity Verification (IDV) software with liveness detection examines facial features and subtle expressions in images or videos, analyzing whether they show signs of life. Deepfakes can, therefore, be spotted, yet not enough organizations leverage these technologies.
Benefits of AI-Powered eKYC for Businesses
eKYC solutions that leverage AI are needed to safeguard organizations. There have been many cases of deepfakes bypassing identity verification methods, leading to scammers managing to infiltrate all kinds of businesses.
En 2019, se utilizó un vídeo muy falso para estafar a un director ejecutivo transferir $243,000 a una cuenta bancaria. De manera similar, en 2021, una banda criminal utilizó deepfakes para eludir la autenticación eKYC y acceder a cuentas bancarias que contenían millones de dólares.
In 2019, a deepfake video tricked a CEO into sending $243,000 to a bank account. Similarly, in 2021, a gang of criminals bypassed eKYC authentication with deepfake videos and images, accessing bank accounts containing millions of dollars. As a result, many companies have become aware of the need to invest in advanced AI technologies to detect and prevent deepfakes from being used within authentication processes. eKYC can offer:
- Soluciones a medida: Flujos de trabajo automáticos que pueden adaptarse en gran medida para adaptarse a diferentes requisitos de cumplimiento. Al utilizar tecnologías de aprendizaje automático, las soluciones eKYC pueden agilizar la extracción de datos y al mismo tiempo brindar una experiencia de incorporación de usuarios fluida.
- Incorporación simplificada: La implementación de un proceso eKYC sólido le permite verificar a los clientes de manera rápida y eficiente, lo que permite a las organizaciones escalar de manera segura.
- Seguridad mejorada: eKYC es mucho más eficaz para proteger a las organizaciones del fraude de identidad y los delitos financieros. El uso de verificación biométrica avanzada, así como la detección de fraude basada en inteligencia artificial, permite a las organizaciones minimizar el riesgo de fraude.
- Experiencia del cliente mejorada: El proceso de incorporación simplificado también da como resultado una experiencia de usuario más positiva, lo que reduce la fricción y aumenta la satisfacción del cliente.
- Alcance global: Las soluciones eKYC permiten a las empresas operar globalmente, verificando rápidamente a muchos clientes y admitiendo múltiples idiomas y diversas regulaciones internacionales.
eKYC con ComplyCube
ComplyCube es una plataforma todo en uno RegTech100 para automatizar el cumplimiento de la verificación de identidad (IDV), la lucha contra el lavado de dinero (AML) y el conocimiento de su cliente (KYC). Tiene clientes globales en los sectores legal, telecomunicaciones, servicios financieros, atención médica, comercio electrónico, criptomonedas, viajes y más.
Nuestro conjunto completo de soluciones KYC/AML impulsadas por IA mejoradas con flujos de trabajo automáticos están altamente adaptadas para satisfacer los requisitos de cumplimiento de nuestros clientes. Al utilizar tecnologías de aprendizaje automático desarrolladas y propiedad de nuestro equipo, nuestras soluciones agilizan la extracción de datos y al mismo tiempo brindan una experiencia de incorporación fluida para el usuario.
Contacto our expert team today.