Imagine your company’s CFO messages you about a confidential, urgent merger. You are skeptical of this unexpected email requests, but the CFO invites you to a video conference to reassure you. You join the call and see familiar faces and hear familiar voices, sitting alongside colleagues you’ve known for years. They discuss the transaction details, nod in agreement, and give you the go-ahead. You relax, trust what you see, and authorize the wire transfer. In that moment, you have just handed over millions of dollars to an AI.
This scenario is not a hypothetical exercise; it is the exact sequence of events that cost a multinational engineering firm HK$200 million (US$25.6 million) in early 2024 [1]. The victim, a finance employee at the firm’s Hong Kong branch, was the only real person on the video call. Every other participant, including the CFO and external legal staff, was a deepfake avatar. These digital puppets were made using publicly available footage of the real executives, rendered in real-time to simulate a live, interactive meeting. No special access.
The success of this attack marks a serious failure of the belief that seeing is believing in security. For decades, a live video feed was seen as the ultimate way to verify identity in high-value transactions. The attackers took advantage of this reliance by creating a fake reality that held up during the live interaction. Unlike static deepfake videos, these avatars were advanced enough to give instructions and maintain the illusion of presence, effectively calming the employee’s initial doubts.
This incident highlights the dangerous shift from Business Email Compromise (BEC) to Business Video Compromise. The traditional need for two people to approve a transaction becomes useless when the second pair of eyes is created by an algorithm. For corporate security teams, this means they need to adopt a zero trust approach for multimedia. Unless organizations put in place cryptographic-grade identity key verification technology, video conferencing will remain a wide-open backdoor for large financial crimes.
