What happened?
Mark Read, the CEO of WPP, recently became the target of an elaborate deepfake scam. The attackers used AI technology to clone Read's voice and manipulate his image in an attempt to deceive one of his colleagues into setting up a new business venture.
The scam involved creating a fake WhatsApp account using a publicly available image of Read. The scammers then arranged a Microsoft Teams meeting, impersonating Read both visually and vocally. They used AI-generated audio and YouTube footage to create a convincing imitation of the CEO. During the meeting, the fraudsters utilised the chat function to further impersonate Read, trying to solicit money and personal details from the targeted executive.
The scam ultimately failed due to the vigilance of the WPP team. A spokesperson for WPP confirmed that no information or money was lost during the incident.
The bigger picture
This event highlights the growing threat of deepfake technology in the corporate world, where the misuse of AI-generated content poses significant cybersecurity risks. This incident is part of a broader trend of increasing deepfake attacks, driven by the widespread availability of low-cost deepfake technology.
What can be done to counter deepfakes?
The WPP incident underscores the importance of cybersecurity vigilance and the need for companies to educate their employees about the potential dangers of deepfake technology.
Following the deepfake attempt at WPP, the CEO sent an email, listing a number of bullet points to look out for as red flags, including requests for passports, money transfers and any mention of a “secret acquisition, transaction or payment that no one else knows about”. He also wrote in the email: “...just because the account has my photo doesn’t mean it’s me.”
