ICAEW.com works better with JavaScript enabled.

The rise of deepfake audio fraud

20 February 2020: the emergence of “deepfake” technology – where genuine recordings of people are processed and manipulated via artificial intelligence – has morphed into a sinister new type of corporate fraud

Internet security experts Symantec have reported three cases of audio deepfakes being deployed to steal millions of pounds from private companies by impersonating the voice of the business’s CEO.

The fraudsters trained machine learning engines on conference calls, YouTube, social media updates and even TED talks, to copy the voice patterns of company bosses. They then mimicked the CEOs and called senior members of the finance department to ask for funds to be sent urgently. 

“CEO fraud” itself is not new, but until now hoaxers have been limited to using fake email addresses in the hope of tricking a senior executive into releasing funds. 

The use of voice manipulation software marks a new step in the threat to business, with experts warning the damage may not be limited to extorting cash. The technology could also be used maliciously to put out fake statements that result in stock price collapses or damage reputations. 

“This kind of high-tech heist is not a futuristic vision but an imminent reality for businesses who may be lax about data validation,” said Caroline Winch, Commercial Director at secure audit service Confirmation.

Technology and the profession

Find out how AI and automation is changing accountancy.

Read more
For accountants and auditors, uncovering the truth around financial data – particularly when things have gone wrong – may become a lot harder when the business network and audit trail has been disrupted or distorted deliberately. 

 “This is the next generation of threats in the area of impersonation fraud, which many accountants will be familiar with,” said Kirstin Gillon, Technical Manager, Tech Faculty, ICAEW. 

“Staff are on the frontline of defence here so training and raising awareness of these new types of attack is critical, as well as reviewing and refining controls and authorization processes where needed.”

Experts believe that the current global economic instability is exacerbating the risk to business, with campaigns of disinformation being waged by entire states.

“Fake news” has entered the public lexicon and the modern internet era has caused trust in politics and the media to fall – as empirical evidence shows false information spreads faster than true stories. 

According to the Association of Certified Fraud Examiners, corporate fraud increases during times of economic uncertainty and geopolitical instability. It said the 2008 financial crisis triggered a massive upswing in corruption and fraudulent disbursements and statements. 

“It is essential that during times of uncertainty the corporate world not only prepares for the inevitable impact of fraud-enabling technologies that are emerging but also educates employees about existing threats and guards against complacency,” said Winch.

The threat of audio deepfakes may be enough to force companies to revisit their financial network and consider more robust authentication defences or other practices that can strengthen the approval chain.