Deep Fake: CEO Fraud

You’re in your normal routine at work and receive a text message from your CEO, saying: “Let me know if you get my text. Thanks.” After you quickly reply, your CEO then says, “I need to know if you can step out for a bit to get a task done now,” and of course you feel compelled to comply. So they ask you to run an errand for them. “I need you to grab some physical gift cards for giveaway prizes for a conference call soon. I’ll reimburse you later, but this needs to be done immediately.” Except it’s not your CEO, but neither you nor your CEO are aware you are considering leaving work, victimized by a fraudster.

Features of CEO Fraud

• Creating fakes is much easier with today’s tools: “What took hours to generate a few years ago can be done in real-time today; it’s something we have been monitoring and talking about with our customers,” Freudenberg said.
• This example of CEO fraud, sometimes called ‘whaling’, is executed through smishing, or SMS text-based phishing. Fraudsters may also attempt CEO fraud through social media messaging, or even through phone or video calls with AI. CEO fraud is most often perpetrated through email (business email compromise).
• There is a common pattern used in CEO fraud scams, and you can use this pattern to help you avoid becoming a victim.
  • The bad actor uses a person of authority and relies on their credibility and relationship with you to keep you from asking questions and to compel you to act.
  • They create urgency, give you a deadline, and attempt to make you act now, immediately.
  • They often want you to trade cash for gift cards and then ask you to email them the gift card numbers and codes.
  • They may also try to convince you to bypass security protocols and use company accounts to process fraudulent transactions.

CEO Fraud Prevention Facts

• CEO fraud makes up approximately half of business email compromise (BEC) schemes reported, where criminals leverage common typologies of impersonating organization executives, according to a BEC Report published by the Financial Crimes Enforcement Network (FINCEN).
• “Phishing is still a huge problem,” Freudenberg said, “and it’s estimated that 75% of all cybercrime is the result of people willingly giving up their credentials to a scammer. It makes sense for the scammers: Why get all technical when people are willing to just give it to you?” He pointed to the fact that he personally receives several texts a week asking him to provide “extra information” to complete a delivery or offering a link to “track your package here.”

Lean on Human Relationships

Nothing will take the place of reasonable common sense, but continued learning and education are necessary to remain prepared for the constantly evolving and increasingly sophisticated fraud threats we face.

That gut instinct will continue to be important, Freudenberg emphasized. Deep fakes frequently fall into just a few general categories:

• a trusted source supposedly promising to trade your cash for Bitcoin or promising to pay you back for gift cards,
• a familiar client or vendor purportedly asking you to reprocess a separate payment or change payment accounts or details,
• or a loved one claiming they are in urgent and desperate trouble and needing a wire transfer.

The scams will continue to become more advanced, and so will the complexity of their social engineering methods. Double-checking, calling back, or calling your community banker will need to be standard practice. “We empower our clients with information and then back them with our experience, so they have support and answers when they have questions or suspicion about a circumstance,” Freudenberg said.

TRB’s Chief Banking Officer Cesar Suarez added “Having a relationship with a banking partner you can trust can not only help you if you fall prey to a scam, but also can help you prevent it by providing education, tools, and resources that help you identify a potential scam as it comes your way.”

One advantage to the community bank model is clear: “Community banks are set up to respond to fraud quickly – and, when something happens, speed is really important,” Suarez said. “Those personal relationships at your bank in your community can prove crucial when special attention is needed.” Minutes can matter when your money is on the line, and ‘the people you know’ at TRB recommend establishing a relationship with your community bank to take advantage of that personal connection.

Think It’s Fraud? Ask “The People You Know”

The potential for sophisticated scams, including deep fakes, is becoming an ever-present threat. However, the solution to combating these schemes lies not only in technology but in human instincts and relationships. ‘The people you know’ at TRB emphasize the importance of trusting your gut, verifying suspicious requests, and maintaining strong personal connections with your community bank. By combining common sense with human communications, individuals can protect themselves against AI-driven fraud while also benefiting from the personalized support that only community banks like TRB can provide. In an increasingly complex digital world, vigilance, trust, and personal banking relationships remain key to safeguarding hard-earned assets.

Talk to One of Our Experts

Helpful Links