I am the chief financial officer of a family business (and a member of the family myself). I am increasingly concerned about being targeted by scammers using deepfake technology to pose as me, with the aim of persuading other family members to make a financial transfer. What should we do if we are scammed in this way? Are there steps we can take to prevent it?
Stephen Ross, partner and head of civil fraud group at Withers, says deepfakes are the latest weapon in the tech-driven fraud arms race. Preventing and responding to them requires a smart mix of both technology and human protocols.Â
As a preventive measure, try to limit your media and online video exposure by avoiding posting videos, audio clips or high-resolution images, and take steps to take existing ones down from social media sites or websites. Deepfakes require some source content, so making yourself a harder target will help.
You should also agree with the family and relevant employees on a protocol document for high-value transfers. This would include how to verify identity, the relevant chain of command when instructions are given and when not to act on instructions, such as during the middle of the night. It would also set out acceptable communication channels and provide a holding period for transactions to allow for further verification.
This protocol should be reviewed regularly to ensure it remains up to date with technological developments. As part of this protocol, you might set up an agreed multi-step verification processes for transfers over a particular amount. This would require a certain combination of steps, such as using known phone numbers, company email addresses, personal questions or code words for video calls that change periodically or platforms that offer end-to-end encryption.Â
Given that this is a technological arms race, you could also consider biometric logins, watermarking tools or deepfake video-scanners or voice authenticators, though there is a cost to these and any investment needs to be periodically reviewed to check it is still effective.Â
If you are scammed, contact your bank’s fraud team immediately and tell them to freeze the account and try to initiate a recall through the Swift payments system or equivalent. You should then notify relevant family members or employees and any affected platforms before reporting the matter to the police in your jurisdiction. In the panic of realising you have been deepfaked, it is hard to keep a cool head.
Our next question
I have just separated from my partner, with whom I share a child. When we were together, we were very much 50:50 parents, but since separation my partner has shown little intention of contributing financially or emotionally. I still need the financial assistance and would like my child to have both parents in their life. Can I compel my ex-partner to do the right thing?
Many businesses have a fraud recovery plan in place which sets out a step-by-step guide as to what to do, who to contact and how to contact them. This can help everyone stay calm, aligned and focused in the first hours after the fraud is discovered. Lawyers and cyber security specialists can help with all of the above, including tracking down the funds and fraudsters if the sums are significant, but prevention is always better than a cure.
The opinions in this column are intended for general information purposes only and should not be used as a substitute for professional advice. The Financial Times Ltd and the authors are not responsible for any direct or indirect result arising from any reliance placed on replies, including any loss, and exclude liability to the full extent.
Do you have a financial dilemma that you’d like FT Money’s team of professional experts to look into? Email your problem in confidence to money@ft.com.