Imagine receiving an urgent email from one of your bosses asking you to participate in a confidential video conference. You log in, recognize the familiar faces of colleagues and superiors, discuss an important transfer… then, in the hours that follow, you realize that it was all fake. Even the faces. Even the voices.
That’s exactly what happened to a Hong Kong-based employee of engineering firm Arup, who authorized transfers totaling 37 million Canadian dollars after a virtual meeting… with digital clones of his colleagues. No networks were hacked. No passwords were stolen. Just faces, voices, and a good dose of trust. (La Presse)
Deepfake: the art of recreating reality
This type of fraud relies on a technology called deepfake. A contraction of “deep learning” and “fake,” deepfake is a technique that uses artificial intelligence to create realistic images or videos of people… who aren’t really there.
More specifically, a program analyzes hundreds of public images and audio clips—such as those found on YouTube or LinkedIn—to learn how to reproduce a person’s facial expressions, lip movements, and even their voice. Once well trained, the tool can then generate a video in which that person appears to say or do anything.
In Arup’s case, the fraudsters organized a credible video conference with AI-generated faces. As a result, it was convincing enough to fool a savvy employee who had initially been suspicious of the initial email.
This isn’t science fiction: it’s now
However, Arup’s story is not an isolated case. It is part of a growing trend: AI-powered fraud. Whether it’s imitating a loved one’s voice, replicating a CEO’s appearance, or creating a fake website, AI is making scams faster, more accurate, and harder to detect.
What’s more, contrary to what you might think, it’s not always highly technical. Many of these tools are now easily accessible. For example, some websites offer to clone a voice from just a few seconds of recording. It’s even possible to buy ready-to-use models on the dark web.
Should we panic? No. Should we learn? Absolutely.
It would be tempting to give in to panic. But it’s better to understand in order to protect yourself. Here are some key points to remember:
1. Appearances are no longer enough
In today’s digital world, what you see is not always what you get. A video or Zoom meeting does not guarantee the authenticity of the person you are talking to. That is why it is essential to verify their identity using independent means (known phone number, internal procedures, etc.).
2. Voices can be cloned
In addition, some banks still use voice recognition to secure access to accounts. However, recent programs such as La facture have shown that a well-made voice clone can fool several major Canadian financial institutions. (La facture)
3. Prevention through education
Finally, experts and investigators agree: the human element is the main target. Unfortunately, cybersecurity training is still too rare in our schools, colleges, and businesses. Yet knowing how to recognize the signs of hyper-faking or fraud attempts should be part of the digital basics of the 21st century.
In business: simple but crucial steps
To better protect ourselves collectively, a few concrete measures can make a big difference:
- Train employees to detect anomalies in communications.
- Manually verify the identity of individuals involved in sensitive transactions, even after a videoconference.
- Prioritize in-person meetings for high-importance topics.
- Implement strict procedures for money transfers or critical decisions.
A world to understand
In reality, deepfakes are not just tools for fraud. They are also used in movies, video games, and even historical reenactments. Like any technology, their use depends on the intentions of those who manipulate them.
But as these tools become more sophisticated, we must become more vigilant. Not out of fear, but out of understanding. Not to block everything, but to make better choices.
And in this constantly evolving context, companies have everything to gain by training their teams.
At My Technician, we offer accessible, practical, and concrete cybersecurity training to help your employees recognize modern threats… before it’s too late.
Thought of the day: “Trust, but verify.”
in your taskbar.