Multinational Loses $25 Million in AI Deepfake Attack: A Wake-Up Call for Cybersecurity

Nametag Team
Nametag console showing a successful verification result

Enable Self-Service Account Recovery

Nametag sends MFA and password resets to self-service while protecting your helpdesk against social engineering.


News broke in February of a finance worker at a multinational firm, later confirmed as British engineering group Arun, being tricked by video deepfakes to wire out $25 million to scammers posing as the company’s CFO. Cybersecurity experts are sounding the alarm about the evolving tactics of malicious actors, but what really happened here and, more importantly, what can we learn from it? Nametag’s Head of Product Marketing Noah Blier and VP Business Development Leonard Navarro hopped on a call to discuss in detail. Watch the recording, or read on for a summary.

What happened?

An unsuspecting finance employee received an email purportedly from the company's CFO, requesting a significant financial transaction. Upon expressing skepticism, the employee was lured into a Zoom call involving multiple supposed company executives, including Arun's CFO. The trick? All of the participants on the call were live video deepfakes. The unsuspecting worker proceeded to transfer $25 million to five bank accounts in 15 transactions. The scam was only identified days later, when the employee became concerned and checked with the corporate head office.

How did the attackers succeed?

The hack on Arun sheds light on an important frontier of cyberthreats: deepfake attacks. This cutting-edge vector involves the creation of highly realistic but entirely fabricated videos using artificial intelligence.

Unlike traditional phishing attempts, where employees may receive suspicious emails prompting them to take unauthorized actions, this attack leveraged deepfake videos to deceive the victim. Albeit unprecedented, deepfake attacks aren’t new and they’re only going to continue gaining prominence. It’s believed that 37% of organizations were hit by deepfake voice or deepfake video fraud in 2022. In 2023, deepfake phishing and fraud surged by an astounding 3,000%.

“Traditional visual verification, doing it via video call, is not sufficient anymore. It’s onerous and can take hours to get set up, but as this attack shows, it’s also not secure.”

The platforms that companies use for visual verification often allow users to change video inputs and the user on the other end of the line would have absolutely no clue. So while video-based verification methods may seem secure, they are actually highly vulnerable to manipulation and exploitation by sophisticated threat actors.

“I can have a device attached to my laptop that's some video streaming device or a live AI generator that I've spoofed to make look like a camera. Zoom thinks it's a camera. They’re not doing any tests. So from your end, it just looks like you and I are talking, and I’m telling you to wire $25 million externally and you wouldn’t know.”

How could this attack have been mitigated?

If the [organization’s] process for approving this high value transaction had included a Nametag step for verification, this would not have happened.”

This attack should serve as a wake-up call for businesses worldwide to bolster their cybersecurity defenses in the face of increasingly sophisticated threats.

By leveraging mobile device capabilities and attestation features, solutions like Nametag help organizations enhance their security with a flow similar to KYC but with higher fidelity and reusable identity verification for customers and employees alike.

Secure your helpdesk against social engineering and impersonators.
Accept All Cookies