WHY THIS MATTERS IN BRIEF
If this happened to your company would you know about it and how would you prevent it?
Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.
Yes, we’ve seen the world’s richest people, fake CEO’s, and even dead dictators appear in them – DeepFake videos. And now joining this prestigious group is the head of the world’s biggest advertising group WPP who was the target of an elaborate deepfake scam that involved an Artificial Intelligence (AI) voice clone. Mark Read, detailed the attempted fraud in a recent E-Mail to leadership, warning others at the company to look out for calls claiming to be from top executives.
Fraudsters created a WhatsApp account with a publicly available image of Read and used it to set up a Microsoft Teams meeting that appeared to be with him and another senior WPP executive, according to the E-Mail obtained by the Guardian. During the meeting, the impostors deployed a voice clone of the executive as well as YouTube footage of them. The scammers impersonated Read off-camera using the meeting’s chat window. The scam, which was unsuccessful, targeted an “agency leader,” asking them to set up a new business in an attempt to solicit money and personal details.
The Future of Misinformation, by Futurist Matthew Griffin
“Fortunately, the attackers were not successful,” Read wrote in the email. “We all need to be vigilant to the techniques that go beyond emails to take advantage of virtual meetings, AI and deepfakes.”
A WPP spokesperson confirmed the vishing attempt bore no fruit in a statement: “Thanks to the vigilance of our people, including the executive concerned, the incident was prevented.” WPP did not respond to questions on when the attack took place or which executives besides Read were involved.
Once primarily a concern related to online harassment, pornography and political disinformation, the number of deepfake attacks in the corporate world has surged over the past year. AI voice clones have fooled banks, duped firms out of millions and put cybersecurity departments on high alert. In one high-profile example, an executive of the defunct digital media startup Ozy pleaded guilty to fraud and identity theft after it was reported he used voice-faking software to impersonate a YouTube executive in an attempt to fool Goldman Sachs into investing $40m in 2021.
The attempted fraud on WPP likewise appeared to use Generative AI for voice cloning, but also included simpler techniques like taking a publicly available image and using it as a contact display picture. The attack is representative of the many tools that scammers now have at their disposal to mimic legitimate corporate communications and imitate executives.
“We have seen increasing sophistication in the cyber-attacks on our colleagues, and those targeted at senior leaders in particular,” Read said in the E-Mail.
Read’s E-Mail listed a number of bullet points to look out for as red flags, including requests for passports, money transfers and any mention of a “secret acquisition, transaction, or payment that no one else knows about.”
“Just because the account has my photo doesn’t mean it’s me,” Read said.
WPP, a publicly traded company with a market cap of about $11.3bn, also stated on its website that it had been dealing with fake sites using its brand name and was working with relevant authorities to stop the fraud.
“Please be aware that WPP’s name and those of its agencies have been fraudulently used by third parties – often communicating via messaging services – on unofficial websites and apps,” a pop-up message on the company’s contact page states.
Many companies are grappling with the boom of generative AI, pivoting resources toward the technology while simultaneously facing its potential harms. WPP announced last year that it was partnering with the chip-maker Nvidia to create advertisements with generative AI, touting it as a sea change in the industry.
“Generative AI is changing the world of marketing at incredible speed. This new technology will transform the way that brands create content for commercial use,” Read said in a statement last May.
In recent years, low-cost audio deepfake technology has become widely available and far more convincing. Some AI models can generate realistic imitations of a person’s voice using only a few minutes of audio, which is easily obtained from public figures, allowing scammers to create manipulated recordings of almost anyone.
The rise of deepfake audio has targeted political candidates around the world, but also crept into other less prominent targets. A school principal in Baltimore was put on leave this year over audio recordings that sounded like he was making racist and antisemitic comments, only for it to turn out to be a deepfake perpetrated by one of his colleagues. Bots have impersonated Joe Biden and former presidential candidate Dean Phillips. And we’re not even at the warm up act yet …
[…] 12 By Matthew Griffin Security and Privacy 21st June […]