How a deepfake CFO helped hackers steal $25 million

how-a-deepfake-cfo-helped-hackers-steal-25-million-dollars
Haluk Ulubay
Haluk Ulubay
12 February 2024


We knew this day was coming: How a deepfake CFO helped hackers steal $25 million. 

With the advent of deepfake technology, the cybersecurity community has been on high alert for several years. Scammers have already been using audio deepfakes to orchestrate sophisticated frauds. In such cases, criminals call unsuspecting individuals, masquerading as their distressed loved ones, to solicit funds. Add to this, the recent proliferation of deepfake videos, such as those featuring a disturbingly lifelike Tom Cruise, we knew that it would only be a matter of time before deepfake videos were used by bad actors. In early February, every CFO’s worst nightmare came true, and the news sent shockwaves throughout the business world.


On February 4th, the South China Morning Post reported that hackers managed to snatch $25.6 million by impersonating a multinational company's UK-based CFO and several other employees during a video conference call with the company’s Hong Kong branch. Utilizing deepfake technology to fabricate the appearance and voice of these individuals, the bad actors directed an unsuspecting employee (the only “real” person in the video call) to transfer funds to multiple bank accounts. The company realized the scam only a week later. 

Are You Prepared for the Deepfake Threat to Your Business?

Deepfake technology can convincingly mimic anyone's appearance and voice, leading to a surge in online fraud and deception. These digital doppelgängers threaten individuals and businesses and their substantial financial assets.


Imagine waking up to a significant financial loss at your company due to an alarmingly realistic deepfake. With deepfake technology becoming more sophisticated and accessible, it's crucial to stay ahead of the curve in cybersecurity and be proactive in reducing your attack surface. 


Understanding and Combating Deepfakes

Awareness and education are the first steps in protecting against deepfake fraud. Companies must train their teams to recognize and critically evaluate any and all digital communication before taking action. Advanced tools and technologies are also available to help detect and prevent deepfakes, but they must be part of a more comprehensive security strategy.




Timus's Unified Cybersecurity Solution

Timus provides a robust defense against such sophisticated scams with a single solution encompassing Zero Trust Network Access, Adaptive Cloud Firewall, and Secure Web Gateway.

Zero Trust Network Access: Never Trust, Always Verify

Timus's Zero Trust Network Access (ZTNA) is not just a feature—it's the foundation of our approach to security. By requiring strict verification for every access request, ZTNA ensures that only authenticated users can interact with your network, keeping potential fraudsters at bay.




Adaptive Cloud Firewall: Proactive Protection

The Adaptive Cloud Firewall offers dynamic and proactive defense mechanisms, adapting to various risk factors and ensuring your network is protected against the most cunning digital threats.

Secure Web Gateway: Safeguarding Digital Interactions

The Secure Web Gateway by Timus scrutinizes web traffic to block malicious sites and downloads preemptively, ensuring safe online interactions for all users within your network.

Empowering Your Team with Timus

Educating your workforce about the risks of deepfake technology and other scams is crucial. Timus supports this education with comprehensive training resources under its social responsibility project website, Cyber Awareness for All, and also equips your staff with the knowledge under Timus Knowledge Base to identify potential fraud.


Secure Your Digital Future with Timus

As deepfake technology evolves, so do the cybersecurity solutions needed to combat it. Timus's comprehensive solution offers the tools and expertise to protect against these emerging challenges. Contact Timus today to secure your digital future against the deepfake threat.