Recommendations for preventing Audio cloning and Deepfake Fraud in Corporate Environments

This year, a finance employee transferred 25 million dollars to attackers after being convinced to join a Zoom call that the CFO and other C-Level members had supposedly attended. However, all participants were deepfakes except him. This incident demonstrated that any organization can fall victim to deepfakes and audio cloning, which is why it’s essential to follow the recommendations below:

Recommendations for Finance and Purchasing Departments

  • Establish a process that involves more than one person to authorize money transfers above a certain amount.
  • Prohibit all finance employees from moving funds based on phone calls or urgent video conferences from C-Level members, including the CFO.
  • Request the CEO to issue a statement prohibiting urgent fund transfers without following the defined process explaining the increasing use of deepfakes in fraud; this will make the employees more aware if a Deepfake CEO tries to contact them.
  • For transactions above a certain amount, use dual verification to validate the identity of those involved through a method different from the one used for the request.
  • For money-related requests made via phone or video call, use an authentication phrase known only to the C-level and finance team members.
  • Establish a process with suppliers that includes identity verification through more than two means for changing bank accounts for payments.
  • If receiving an urgent call from any C-Level member, hang up and contact them through predefined channels.
  • Do not accept bank account changes for supplier payments made by phone or video call.
  • Avoid unexpected discounts in exchange for urgent payments to new supplier account numbers.
  • Be wary of investment offers for the organization’s cash presented through video or phone calls that involve changing the bank account where the finance team should transfer the money.
  • Be cautious of debt payment discounts offered via audio or video that involve payment to a new bank account.
  • Add identity validation to transaction processes related to the organization’s investments to ensure an attacker is not impersonating the financial advisor.
  • Add identity validations to registering bank accounts for supplier payments.
  • For bank transfer requests, always be cautious of the call, even if it comes from a registered phone number, as attackers have found ways to impersonate it. Always hang up and call the person on their known number.

Recommendations for the Sales Departments

  • Add identity validation processes for urgent product shipments to an existing client that deviates from the usual purchasing pattern.
  • Evaluate the identity of new clients before fulfilling purchase orders, as attackers could impersonate a CEO from a major company to deceive the salesperson through a video call, leading them to skip necessary validations as part of the new client registration process.
  • Be cautious of the phone number making the call, even if it’s registered in contacts, as attackers can impersonate it along with the voice. Hang up and call back for urgent orders.

Recommendations for Security and IT Departments

  • For security or infrastructure change requests done by senior executives, hang up and call the registered number as part of the process.
  • If you doubt a security or infrastructure change request coming from a senior executive, validate it with the immediate manager to ensure its legitimacy.
  • Do not perform the following activities coming from a senior executive by audio or video call without prior identity verification :
    • Disable MFA.
    • Create new VPN or Citrix accounts.
    • Enable remote access tools.
    • Register new administrator users in the active directory or security tools.
    • Register new administrator users in SAP or Salesforce.
    • Make changes that weaken the organization’s security.

Recommendations for All Employees

  • In the office, if asked to transfer a call to a senior executive or finance employee, hang up and alert the executive who supposedly made the call.
  • Upon receiving a call from a senior executive, hang up and return the call to their known number.
  • Do not trust audio or video call requests involving urgent bank transfers. Attackers may attempt to reach the finance team through another employee, which could lead finance to skip identity validations for the supplier or senior executive requesting the transfer.