I keep writing about deepfakes and it is only going to get worse.
If you are hoping that either the legislature(s) or law enforcement agency(ies) are going to help you, you should give that one up for two reasons. First, there are just not enough law enforcement people with the needed skills to even investigate these attacks, never mind prosecute them and second, a lot of these attacks come from foreign countries and even if these countries are sort of friendly to us, the amount of time and money it takes to investigate are not in the budget for any law enforcement agency.
That means that you are on your own.
Worse yet, unless you can catch the bank violating their own policies (we actually acted as an expert witness in a case where we proved just that), the odds of any business getting their money back is very slim. On the other hand, there are things that you can do to reduce your risk.
Deepfakes are getting so good that even the experts are having a difficult time telling the fakes from the reals.
Recently a business lost $25 million to a deepfake video conference with the CEO. THE ENTIRE VIDEO CALL WAS FAKE EXCEPT FOR THE VICTIM WHO SENT THE $25 MIL TO THE HACKER.
So what can you do. There are a number of things.
Employee training is a big one.
Out of band verification is another.
And there are many other tools to use as well.
Certainly looking for clues in the calls, emails, videos, etc. is okay, but it is getting very hard.
Remember that this is not like your company getting hacked. There are different technical controls for that.
This is an employee who thinks he or she is doing what the boss wants him or her to do.
Recently here in Colorado, an employee at a casino took a half million dollars from the cage and just gave it to the hacker. She was originally charged with a crime, but eventually, all charges were dropped because the cops could not make a case that she was benefitting from doing this. In the meantime the casino is out the money.
If you want to “up your game” in defending against this type of attack, please contact us. If you are a victim to this sort of attack, please contact us as well.
Credit: Dark Reading