LEGALAUDIT

Scam Watch

Comment reconnaitre Multi party deepfake Zoom call impersonating CFO + execs (Arup $25M HK case Jan 2024)?

En bref

Attackers harvested LinkedIn/YouTube/webinar footage of Arup execs, trained real time face swap + voice clone models, then invited a Hong Kong finance staffer to a Microsoft Teams call where EVERY other participant (CFO + colleagues) was...

Comment ca fonctionne

Attackers harvested LinkedIn/YouTube/webinar footage of Arup execs, trained real time face swap + voice clone models, then invited a Hong Kong finance staffer to a Microsoft Teams call where EVERY other participant (CFO + colleagues) was...

Signaux d'alerte

  • Pression urgente pour cliquer, payer ou partager des codes immediatement.
  • Lien ou expediteur qui ne correspond pas a l'organisation officielle.
  • Demande de carte, mot de passe, OTP, signature wallet ou virement.

Que faire

  1. 1Tells: 1) all 'execs' on call respond but never reference shared private context; 2) lip sync drifts during long sentences; 3) eye contact unnatural — gaze fixed to center; 4) participants never accidentally interrupt each other; 5) initial spear phish email preceded video invite; 6) urgency to wire before market close.
  2. 2DO: enforce out of band verification (known mobile, code word) for ANY wire threshold; ban single approver wires.

Source

Hong-Kong-Police-Force

Source verifiee par Mythos Forensic Team

https://www.cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk

FAQ

Multi party deepfake Zoom call impersonating CFO + execs (Arup $25M HK case Jan 2024) est une vraie arnaque ?

Oui. Traitez le message, l'appel ou la demande de paiement comme suspect jusqu'a verification via un canal officiel.

Quels sont les premiers signaux ?

Pression urgente pour cliquer, payer ou partager des codes immediatement.; Lien ou expediteur qui ne correspond pas a l'organisation officielle.; Demande de carte, mot de passe, OTP, signature wallet ou virement.

Que faire en premier ?

Tells: 1) all 'execs' on call respond but never reference shared private context; 2) lip sync drifts during long sentences; 3) eye contact unnatural — gaze fixed to center; 4) participants never accidentally interrupt each other; 5) initial spear phish email preceded video invite; 6) urgency to wire before market close.; DO: enforce out of band verification (known mobile, code word) for ANY wire threshold; ban single approver wires.

LegalAudit peut-il verifier mon cas ?

Oui. Lancez le chat gratuit et collez le message, le lien, l'expediteur ou les details de paiement.