A First of Its Kind: The $25 Million Deepfake Scam

AI Deepfakes are on the hype cycle today, thanks to a CFO who was tricked into paying $25M to a scammer.

This is a very real and current threat to organizations of all types and sizes. While the regulatory landscape around deepfakes continues its struggle to strike a balance of depth and breadth, all business leaders should prepare to respond to an inevitable attack (currently, there's no federal law governing deepfakes, though the creation and/or distribution of deepfakes is illegal in some U.S. states).

For those new to this technology, deepfakes are AI-generated videos or audio clips that make it appear as though someone is saying or doing something that they never did. In this instance, a finance worker was tricked into processing a $25.6 million payment to scammers using deepfake AI to pose as the company’s CFO on a conference call (in fact, every single person on the call was fake). Here are some tips to help prevent and detect deepfakes.

How to Prevent Deepfakes at Your Business
  • Start with prioritizing cyber awareness training
  • Incorporate a corroborative verbal and/or physical approval process for certain financial transactions
  • Maintain a secret code word/phrase with other organizational leaders
  • Test your response to a variety of incidents through a tabletop test scenario
  • Tighten up and TEST logical security controls (MFA, password-management or PAM tool, etc.)
How to Detect Deepfakes at Your Business

There are several signs of deepfakes which, when you know what to look for, are still perceptible to your human eye. Be on the lookout for: 

  • Any irregularities on the skin or body parts
  • Blurred or misaligned visuals
  • Inconsistencies in audio/video
  • Unnatural coloring/shape (lips, teeth, skin coloration or facial hair compared to face)
  • Unrealistic beauty marks on the face
  • Unusual emotional response
  • Unusual eye movement or blinking, mouth/body movements or posture or facial expressions
  • Unusual glare on eyeglasses
  • Unusual shadows around the body or eyes

From a software perspective, you should also consider tools that automatically look for AI-generated glitches and patterns to separate legitimate audio/video from fake through hashtag discrepancies, digital fingerprints and reverse image searches.

Deepfake attacks are evolving rapidly in sophistication and accuracy, and failure to swiftly recognize the very real potential of these attacks can have severe implications for businesses across all industries.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind. 

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe

To learn more, visit our dedicated Cybersecurity page. 


You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2024 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Get the Low Down Before You Download: Exploring the Temu App’s Security Risks
Understanding SOC Report Opinions
Six-Figure Ransomware Attack Hits Washington County, PA
SOC 2 - What is ACTUALLY required?
Romance Scams: Guarding Your Heart and Wallet
Update on GLBA for Higher Ed
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.