Bloomberg reported a story on July 26th that shook the media and alerted businesses across the world to the threat of AI-powered deepfake fraud. The story outlined how a high-powered executive at Ferrari almost fell victim to a sophisticated deepfake scam in which a caller was able to replicate the voice of Benedetto Vigna, Ferrari’s CEO. With global businesses standing to lose millions, this piece of news has underlined the importance of implementing advanced Identity Verification software and protocols within all operations.
Deepfake Fraud and the Ferrari Case Study: What Happened?
On a Tuesday morning like any other, a high-level executive at Ferrari started to receive several text messages that were seemingly from CEO Benedetto Vigna. The messages were coming from an unusual number. One of the messages read, “Hey, did you hear about the big acquisition we’re planning? I could need your help.”
The impersonator then stated he would need the executive to “be ready to sign the Non-Disclosure Agreement our lawyer is set to send you asap.” He continued, “Italy’s market regulator and Milan stock exchange have been already informed. Stay ready and please utmost discretion.”
While these messages may fail to seem convincing, the voice call that then followed was far more deceiving. The fraudsters managed to replicate Vigna’s voice, as the impersonation perfectly echoed Vigna’s Italian accent and tone of voice.
The impersonator attempted to explain why he was, in fact, calling from a different phone number, as the nature of the conversation was incredibly confidential, with potential repercussions for China and requiring an unspecified currency-hedge transaction to be done.
“Sorry, Benedetto, but I need to identify you,” the executive said. He asked a question: “What was the title of the book you recommended a few days ago?”
After this verification question, the fraudster was quick to give up on the scheme and ended the call. The incident then led to an internal investigation within Ferrari, but representatives have decided not to comment on the matter.
How Deepfake Fraud Infiltrates Businesses
While this case is alarming, it’s certainly not the first of its kind. Deepfakes have been increasing their reach for several years now, with the number of deepfake videos online increasing by 550% from 2019 to 2023.
Astonishingly over a third of businesses across the US have experienced a deepfake security incident in the last 12 months.
In May, news outlets reported that the CEO of the advertising corporation WPP Plc, Mark Read, was targeted in a very similar scam. An elaborate deepfake was used to imitate the CEO on a Microsoft Teams call. As these AI-powered scams become more accurate, it becomes easier for teams to become victims and stand to lose millions.
Stefano Zanero, a Cybersecurity professor at Italy’s Politecnico di Milano, stated in an interview with Fortune Magazine that,
“It’s just a matter of time and these AI-based deepfake sophistication tools are expected to become incredibly accurate.”
The most likely scenario today for threat actors to use deepfakes is in business email compromise (BEC) attempts. Attackers can then use AI-powered voice and video-cloning technology to trick recipients into making corporate fund transfers.
Unfortunately, many businesses have already fallen victim to these types of scams. One example was reported by the South China Morning Post in February after scammers tricked employees using deepfakes, and an unnamed company faced a loss of HK$200 million ($26 million USD).
Reactions To Deepfakes Around The Globe
In the United Kingdom, the sharing of deepfakes was made illegal under the Online Safety Act, which was passed last year. This decision came about due to the widespread creation of sexually explicit deepfakes.
The EU released the EU AI Act, adopted by the European Parliament on the 13th of March 2024, specifically addresses how deepfakes should be regulated in the EU, stating, ”Users of an AI system that generates or manipulates image, audio or video content that appreciably resembles existing persons, objects, places or other entities or events and would falsely appear to a person to be authentic or truthful (‘deep fake’), shall disclose that the content has been artificially generated or manipulated.”
Though deepfakes are not banned in the EU, the AI Office is preparing codes of practice that will provide further advice on the classification of deepfakes. Whether the UK will follow this initiative or not is yet to be seen, however responses to the government’s AI Whitepaper pushed for increased transparency.
China has adopted specific regulations to target deepfakes directly after several major scandals, leading to the deepfake app ZAO being banned from app stores. This sharply contrasts with the USA’s stance on AI regulation, with no federal laws regarding the creation or sharing of deepfakes. Yet, change might be around the corner, with bills such as the US Senate’s NO FAKES Act being proposed.
Why We Need To Act Now
Despite the fact that scams such as this one are highly publicized online, many organizations remain oblivious to the threat of AI-powered fraud attacks. However, there are technologies that can identify these forms of deepfakes, and every business must leverage them.
Biometric Identity Verification (IDV) software with liveness detection examines facial features and subtle expressions in images or videos, analyzing whether they show signs of life. Deepfakes can, therefore, be spotted, yet not enough organizations leverage these technologies.
Benefits of AI-Powered eKYC for Businesses
eKYC solutions that leverage AI are needed to safeguard organizations. There have been many cases of deepfakes bypassing identity verification methods, leading to scammers managing to infiltrate all kinds of businesses.
In 2019, a deep-fake video was used to scam a CEO into wiring $243,000 to a bank account. Similarly, in 2021, a criminal gang used deepfakes to bypass eKYC authentication and access bank accounts containing millions of dollars.
In 2019, a deepfake video tricked a CEO into sending $243,000 to a bank account. Similarly, in 2021, a gang of criminals bypassed eKYC authentication with deepfake videos and images, accessing bank accounts containing millions of dollars. As a result, many companies have become aware of the need to invest in advanced AI technologies to detect and prevent deepfakes from being used within authentication processes. eKYC can offer:
- Bespoke Solutions: Automatic workflows that can be highly tailored to fit different compliance requirements. Utilizing machine learning technologies, eKYC solutions can streamline data extraction while providing a smooth user onboarding experience.
- Streamlined Onboarding: Implementing a robust eKYC process allows you to verify customers quickly and efficiently, enabling organizations to scale safely.
- Enhanced Security: eKYC is far more effective at protecting organizations from identity fraud and financial crime. The use of advanced biometric verification, as well as AI-driven fraud detection, allows organizations to minimize fraud risk.
- Improved Customer Experience: The streamlined onboarding process also results in a more positive user experience, reducing friction and increasing customer satisfaction.
- Global Reach: eKYC solutions enable businesses to operate globally, quickly verifying many customers and supporting multiple languages and various international regulations.
eKYC with ComplyCube
ComplyCube is a RegTech100 all-in-one platform for automating Identity Verification (IDV), Anti-Money Laundering (AML), and Know-Your-Customer (KYC) compliance. It has global customers in legal, telecoms, financial services, healthcare, e-commerce, cryptocurrency, travel, and more.
Our full suite of AI-powered KYC/AML solutions enhanced with automatic workflows is highly tailored to fit our customers’ compliance requirements. Utilizing machine learning technologies developed and owned by our team, our solutions streamline data extraction while providing a smooth user onboarding experience.
Contact our expert team today.
