Artificial intelligence has already transformed the cybersecurity landscape, enabling everything from sophisticated phishing campaigns to highly convincing deepfake content. What was once considered a futuristic threat is now a reality, as criminals increasingly use AI-generated voices, images, and videos to impersonate trusted individuals and manipulate victims into taking immediate action. A recent case involving a fraudulent €220,000 transfer demonstrates how quickly deepfake technology is evolving and why organizations must rethink traditional methods of authentication.
AI has been used to create deep fake images, voices and videos. Researchers believe that it may soon be impossible to tell the difference between a real person and a fake. This article in WSJ indicates criminals used deep fake technology to request a transfer of €220,000 immediately:
“Criminals used artificial intelligence-based software to impersonate a chief executive’s voice and demand a fraudulent transfer of €220,000 ($243,000) in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking.
The CEO of a U.K.-based energy firm thought he was speaking on the phone with his boss, the chief executive of the firm’s German parent company, who asked him to send the funds to a Hungarian supplier. The caller said the request was urgent, directing the executive to pay within an hour, according to the company’s insurance firm, Euler Hermes Group SA.
Euler Hermes declined to name the victim companies.
Law enforcement authorities and AI experts have predicted that criminals would use AI to automate cyberattacks. Whoever was behind this incident appears to have used AI-based software to successfully mimic the German executive’s voice by phone. The U.K. CEO recognized his boss’ slight German accent and the melody of his voice on the phone, said Rüdiger Kirsch, a fraud expert at Euler Hermes, a subsidiary of Munich-based financial services company Allianz SE.
Several officials said the voice-spoofing attack in Europe is the first cybercrime they have heard of in which criminals clearly drew on AI. Euler Hermes, which covered the entire amount of the victim company’s claim, hasn’t dealt with other claims seeking to recover losses from crimes involving AI, according to Mr. Kirsch.”
It’s probably time to assign code words between associates that verbally or visually approve large value transactions.
The rise of AI-powered impersonation attacks highlights a growing weakness in relying solely on voice recognition, visual confirmation, or perceived familiarity when authorizing financial transactions. As deepfake technology becomes more convincing and accessible, organizations will need stronger verification controls, including multi-factor approval processes, out-of-band authentication, and predetermined code words or challenge-response procedures for high-value transactions. In an era where seeing and hearing are no longer sufficient proof, trust must be supported by verification.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
