Small businesses have been warned that cybercriminals are using virtual meetings and ‘deep-fakes’ of executives to trick employees into transferring money to criminal-controlled bank accounts.
This warning came by an alert sent out this week by the FBI and is yet another reason for smaller businesses to pay attention to their cyber security protection procedures.
Usually, these types of so-called ‘business email compromise’ scams are done using email messages pretending to be from a senior executive of the employee’s firm. The messages typically ask for a money transfer, for example, to pay an invoice – when the employee makes these transfers thinking they’re doing the right thing, the money of course goes fraudulently into the criminals’ bank account.
However, the FBI said criminals were now taking it a step further, scheduling online meetings with a victim. But instead of the executive appearing live, the crook inserts a still photo of the CEO and uses a computer-generated fake audio voice that sounds like the chief executive but is actually generated using speeches or presentations that are publicly available online.
This so-called deep-fake then gives instructions to the unsuspecting employee.
To avoid these scams, the FBI said employees should be careful of virtual meetings arranged with their boss on a platform that isn’t normally used by the organisation. Before transferring funds, confirm with another person. And use two-factor authentication to verify any requests to change account information.
