A $35M Phishing Attack: Scammers Deepfaked Boss’s Voice

by | November 8, 2021 | Cybersecurity News

UAE police are investigating a $35 million phishing attack in which threat actors used artificial intelligence to copy a company director’s voice to persuade an employee to transfer the funds.

Next-Level Phishing Attack: Scammers Using AI

The United Arab Emirates police are looking into a massive cyberattack where threat actors allegedly used artificial intelligence (AI) a deepfake a company director’s voice and steal a jaw-dropping $35 million.

Although unusual, the cybercrime that made headlines is not the first of its kind. In a previous attack dating back to 2019, UK-based cybercriminals are thought to have used deepfake software to spoof the voice of an executive of an energy company to transfer approximately $243,000 to a fraudulent account.

While we can agree that AI will most likely make our lives much easier and open up a wide range of opportunities, there are some downsides that we cannot overlook. People fear that the rapid development of artificial intelligence will leave them unemployed, for many jobs may become machine-operated.

From a cybersecurity point of view, technological advancements also pose severe challenges in some areas, like privacy threats due to the massive use of facial recognition and audio and video deepfakes created by manipulating voices and appearances. For example, suppose your voice is publicly available, such as in posts on social media, YouTube, and so on. In that case, hackers can use software to clone it and impersonate you with minimal effort.

“Audio and visual deep fakes represent the fascinating development of 21st-century technology, yet they are also potentially incredibly dangerous posing a huge threat to data, money, and businesses,” Jake Moore explained, a former police officer and now a cybersecurity expert at security company ESET. “We are currently on the cusp of malicious actors shifting expertise and resources into using the latest technology to manipulate people who are innocently unaware of the realms of deep fake technology and even their existence.”

While the mainstream media focuses on the use of deepfakes for entertainment, this technology poses some significant risks, as exhibited in these next-level scams. If the proper measures aren’t taken, phishing might become an almost unstoppable threat.

“Manipulating audio, which is easier to orchestrate than making deep fake videos, is only going to increase in volume and without the education and awareness of this new type of attack vector, along with better authentication methods, more businesses are likely to fall victim to very convincing conversations,” Moore added.

The latest instance of cloned-voice exploit was spotted in the United Arab Emirates in early 2020 when scammers reportedly used artificial intelligence to copy a company director’s voice and ask a bank manager to transfer $35 million for a bogus acquisition. Believing everything was legitimate, the bank manager obliged and made the requested transfer, only to later realize they had just fallen victim to an elaborate high-tech scam. It turned out that the culprit used deepfake software to impersonate the manager and steal the money.

The UAE Asks US Authorities For Help

The UAE investigators are currently seeking assistance from the U.S. authorities to trace $400,000 of stolen funds that they believe are kept in fraudulent U.S. bank accounts, according to a court document.

UAE authorities think that the rest of the massive amount is stored in many different banks under different names, scattered around the world. According to the UAE investigators, at least seventeen hackers were involved in the theft, although they could not pinpoint their names or nationalities.

Defend Your Business With ATTACK Simulator’s Security Awareness Training

Phishing has been on the rise for a while now and has become painfully costly, especially for organizations of all kinds. The bad news is researchers expect it to become even worse.

So, what can you do to avoid such nasty incidents? Well, the bad guys don’t sleep, so neither should you sleep on their strategies. Keep in mind that they usually go for the weakest link in the chain – your employees. Thus, you need to prioritize educating them on relevant cybersecurity practices to keep scammers at bay.

Researching the latest phishing trends and strategies and properly training your employees can be a hassle, so leave it to professionals.

Here, at ATTACK Simulator, we put ourselves in the attacker’s shoes as we believe that understanding their thinking and actions is vital in designing an accurate simulation.

Here are a few perks of our approach to phishing simulations:

  • Automated attack simulation – we simulate all kinds of cyberattacks.
  • Real-life scenarios – we evaluate users’ vulnerability to give company or pesonal data away using realistic web-pages.
  • User behaviour analysis – we gather user data and compile it in extensive reports to give you a detailed picture of your employees’ security awareness level.
  • Malicious file replicas – our emails contain malware file repilcas, to make the simulation as realistic as it can be.
  • Interactive lessons – if employees fail to recognize our traps and fall into one, they will discover lessons on the best security practices.
  • Brand impersonation – we impersonate popular brands to make the phishing simulations all the more realistic.

Choose to be safe and request your quote for our comprehensive Security Awareness Training program today.


Screen Rant Criminals Used AI To Clone Company Director’s Voice And Steal $35 Million

Forbes Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find


Photo by Saj Shafique on Unsplash

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.