Unlike classic scams such as the email-based boss scam, the Deep Fake Boss method uses high-tech manipulation to steal money.
An employee, often in the finance department, appears to be personally instructed by company management to transfer money. The instructions are given convincingly in the form of a video conference in which the “boss” is supposedly present. Richard Werner, Business Consultant at Trend Micro: The “boss scam” is one of the so-called “confidence scams” – i.e. fraud that has to do with the victim’s belief. The story and overall impression must be right. An email that is (or appears to be) sent from the company management account is often sufficient.
Protection from Deep Fake Boss
The best protection against the “boss scam” (also BEC) is to design the internal processes in such a way that they are not possible at the request or instruction of certain people, but rather have to go through a more complex approval process (principle of “double” confirmation). If the instructions came via email, we called and asked. If she came by phone, an email confirmation was requested. That still applies today. However, one should learn from the deep fake attack. The video and audio confirmation occurred - only there was no interaction, the employee just listened and watched. This allowed a video previously created using deep fakes to be played. The employee was deceived and transferred the money.
More at TrendMicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.