5 FTSE 100 companies have suffered impersonation-based (deepfake) frauds already this year

Will your organisation be the next victim of a ‘‘CEO scam’?

The Times recently that a growing number of FTSE companies have been subjected to convincing impersonation-based attacks.  AI has been used to generate deepfake clones of CEOs that then instruct employees to transfer money for a deal that requires speed and secrecy – a takeover for example.  The attacks which typically use a mix of instant messaging (WhatsApp) and voice calls using the cloned voice are now so prevalent they have been dubbed the ‘CEO scam’.

Five attacks on FTSE 100 companies and one on a FTSE 250, including the likes of WPP, discoverIE and Octopus Energy, have been reported, but it is likely that the true figure is substantially higher. Currently the National Fraud Intelligence Bureau, which is responsible for recording fraud cases in the UK, does not monitor impersonation based attacks. However, the FBI’s Internet Crime Report for 2023 highlights that phishing schemes (which use unsolicited e-mail, text messages, and telephone calls purportedly from a legitimate company to request personal, financial, and/or login credentials) was the most frequently reported crime in 2023.

While The Times article focuses on the financial fraud aspects of impersonation-based attacks, it is not difficult to see how this technology could be put to even more nefarious purposes.  For example, nation states looking to subvert the democratic political process, disrupt critical national infrastructure, or gain military intelligence.  Indeed, only a few weeks ago the then Foreign Secretary, David Cameron, was the victim on of a hoax video call from someone pretending to be the former Ukrainian President Petro Proshenko with whom he’d had numerous face-to-face meetings.  Fortunately Mr Cameron smelt a rat before any sensitive information was disclosed and finished the call.

How to mitigate the risk of deepfake fraud

The proliferation of AI-generated deepfake impersonation attacks has spiralled, and will only get worse as the technology continues to evolve. One way that organisations can protect against this threat is to use a secure communications platform that utilises identity-based encryption. Protocols such as the NCSC’s MIKEY-SAKKE ensure that people can be confident that they are communicating with who they think they are and not an impostor.

As these recent attacks demonstrate all too vividly, organisations of every shape and size in both public and commercial sectors need to start taking the cyber security of their communications seriously.  This means banning the use of unsanctioned shadow IT for business purposes.  When a built-for-purpose, Secure by Design secure comms platform can provide a slick user experience to rival any consumer app, plus the ability to manage and control your organisation’s data, there is really no excuse to use consumer-grade apps.

Whether deployed on-premises (on your own servers), or as a secure hosted solution, an enterprise-grade secure comms platform that covers voice calls, instant messaging and video conferencing ensures data sovereignty (your data stays on sovereign soil, something that Microsoft has recently admitted it can’t guarantee, even for UK Government users) and data separation (no mixing of data, be that of different classifications of data, or business and personal).

For more information about how the award-winning, Armour Secure Communications Platform can protect your organisation’s sensitive conversations, contact us today: sales@armourcomms.com