Connect with us

Startups

A Deepfake Phone Call Dupes An Employee Into Giving Away $35 Million

Published

on

Opinions expressed by Entrepreneur contributors are their own.

“Hi Susan, it’s Gene. Sorry for calling after hours, but I’m travelling. Can you please transfer $35,000 from our business checking account to a new supplier for a deposit on a job? Here’s their banking info…”

Does this sound like a familiar scenario? It should. It’s not uncommon for the owner of a business to call a financial manager and instruct for a money transfer or online payment to be made to a supplier or to a personal account. Is anyone going to question the boss’ request? Usually not.

But what if it’s not the boss? What if it was just someone impersonating the boss? Or, more ominously, what if it was the actual voice of the boss, but manipulated into saying something different? Or that the request was for $35 million?

This is exactly what happened in early 2020 to a Hong Kong bank.

Related: Why Are So Many People Still Eating Spam?

According to a report in Forbes, a manager at the bank got a call from one of the bank’s directors requesting that he make a transfer of $35 million in order to fund an acquisition. However, it wasn’t the director calling. It was a “deepfake” of the director’s voice. And by the time the bank discovered the error, the money was long gone.

Oh, and this isn’t the first time something like this has happened. Forbes also reported that an energy company in the UK fell for a similar ruse in 2019 and lost about $243,000.

“Audio and visual deep fakes represent the fascinating development of 21st century technology, yet they are also potentially incredibly dangerous posing a huge threat to data, money and businesses,” Jake Moore, a cybersecurity expert, told Forbes. “We are currently on the cusp of malicious actors shifting expertise and resources into using the latest technology to manipulate people who are innocently unaware of the realms of deep fake technology and even their existence.”

What’s even more terrifying is that deep fake technology is easily found online. Just go to sites like Resemble or Descript and then check out how amateur pranksters are creating videos like these that show just how easily we can be fooled into thinking something that we see (and hear) is real, even when it’s not. Now that it’s out there, this technology is increasingly being used for blackmail, fraud and identity theft. And it’s likely that audio will be more commonly used than video because, according to Moore, manipulating audio is “easier to orchestrate than making deep fake videos.”

You may think that your business is too small to be impacted, but I don’t think so. That’s because if you’re like most of my clients, you have fewer financial controls than larger organizations and you’re probably increasing your use of online services to pay your bills. And getting a copy of your voice is easy, particularly if you’ve posted company videos on your website, did a public presentation, appeared in the media or got chatty with a “sales representative” on a cold call that’s being recorded without your knowledge. With only a few hours of work, someone can likely dupe your financial manager out of tens of thousands and be gone before you know it.

Related: Elon Musk Is An Awful Speaker. But Keep Listening.

So what to do? Tighten up your internal controls. Require more than two authorizations for any bank transfers or payments and perhaps three (and at the very least your own) for disbursements over a certain amount, like $5,000. Hire your IT firm or subscribe to tools like KnowBe4 or Mimecast to provide ongoing training for your employees so that they can spot warning sign. (In the case of the Hong Kong bank, fraudulent emails were also sent confirming the deepfake phone call.) Abolish any transactions of a certain size that are authorized by phone unless the person making the request has been called back. Involve your financial managers in large deals early so that they’re more aware of the dollars involved. Because let’s face it: This problem is only going to get worse.

“Manipulating audio, which is easier to orchestrate than making deep fake videos, is only going to increase in volume,” Moore told Forbes. “And without the education and awareness of this new type of attack vector, along with better authentication methods, more businesses are likely to fall victim to very convincing conversations.”

Kilito Chan | Getty Images

Startups

Identity in the metaverse: Creating a global identity system

Published

on

With the advent of the metaverse, the need for a global identity system has become apparent. There are many different ways to create an identity in the metaverse, but no single system is universally accepted. 

The challenge is usually two-fold: first, how to create an identity that is accepted by all the different platforms and services in the metaverse, and second, how to keep track of all the different identities a person may have.

There are many proposed solutions to these challenges, but no clear consensus has emerged. Some believe that a single, global identity system is the only way to ensure interoperability between different platforms and services. Others believe that multiple identities are necessary to allow people to maintain their privacy and security.

The debate is ongoing, but it is clear that the need for a global identity system is becoming more urgent as the metaverse continues to grow.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.


Register Now

In this article, we will explore the various options for creating a global identity system in the metaverse. We will discuss the pros and cons of each option, and try to identify the best solution for the future.

Option 1: A single global identity

The simplest solution to the problem of identity in the metaverse is to create a single, global identity system. This would be a centralized system that would be responsible for managing all identities in the metaverse. 

The advantages of this approach are obvious: It would be much easier to keep track of identities, and there would be no need to worry about different platforms and services accepting different identities. In addition, a centralized identity system would allow for better security and privacy controls, as well as the ability to track identity theft and fraud.

However, this approach also has several disadvantages. First, it would be very difficult to create a global identity system that is accepted by everyone. Also, a centralized system would be vulnerable to attack and could be used to track people’s movements and activities. Third, it would be difficult to protect the privacy of users in a centralized system.

Option 2: Multiple identities

Another solution to the problem of identity in the metaverse is to allow each person to have multiple identities. This would mean that each person could have one or more identities that they use for different purposes. 

One of the main advantages of this approach is that it would allow people to maintain their privacy and security. Each person could choose which identity to use for each situation, and they would not have to worry about their entire identity being exposed. In addition, this approach would be more resilient to attack, as it would be much harder to take down multiple identities than a single one.

The limitations of such an approach would be that it could be difficult to keep track of all the different identities, and there would be no guarantee that different platforms and services would accept all of them. In addition, multiple identities could lead to confusion and could make it more difficult for people to build trust with others.

Option 3: A decentralized identity system

A third solution to the problem of identity in the metaverse is to create a decentralized identity system. This would be an identity system that is not controlled by any one centralized authority but rather is distributed among many different nodes. 

This might seem like the ideal approach, since decentralization is a common theme in the metaverse. However, there are still some challenges that need to be overcome. For instance, it would need to be ensured that all the different nodes in the system are properly synchronized and that the system as a whole is secure. In addition, it might be difficult to get people to adopt such a system if they are used to the more traditional centralized approach.

One solution would be to get the nodes in the system to be run by different organizations. This would help to decentralize the system and make it more secure. Another advantage of this approach is that it would allow different organizations to offer their own identity services, which could be more tailored to their needs.

Another would be to incorporate an edge computing solution into the system. This would allow for more decentralized processing of data and could help to improve performance. It would also make the system more resilient to attack since there would be no centralized point of failure.

The best solution for the future of identity in the metaverse is likely to be a combination of these approaches. A centralized system might be necessary to provide a basic level of identity services, but it should be supplemented by a decentralized system that is more secure and resilient. Ultimately, the goal should be to create an identity system that is both easy to use and secure.

The ideal identity standards of the metaverse

Now that we have explored the various options for identity in the metaverse, we can start to identify the ideal standards that should be met by any future global identity system. 

It is no easy task to create a global identity system that meets all of the criteria, but it is important to strive for an ideal solution. After all, the metaverse is still in its early stages, and the decisions made now will have a lasting impact on its future. 

Current iterations of the metaverse have used very traditional approaches to identity, but it is time to start thinking outside the box. The ideal solution will be one that is secure, private, decentralized, and easy to use. It will be a solution that allows people to maintain their privacy while still being able to interact with others in the metaverse. 

Most importantly, it will be a solution that can be accepted and used by everyone. Only then can we hope to create a truly global identity system for the metaverse.

The bottom line on identity in the metaverse

The question of identity in the metaverse is a complex one, but it is an important issue that needs to be addressed. 

The challenges associated with creating an implementation that is secure, private and decentralized are significant, but they are not insurmountable. For one, it will be important to get buy-in from organizations that have a vested interest in the metaverse. These organizations can help to promote and support the adoption of identity standards. 

It is also important to keep in mind that the metaverse is still evolving, and the solution that is ideal today might not be ideal tomorrow. As such, it will be critical to have a flexible identity system that can adapt as the needs of the metaverse change. 

Ultimately, the goal should be to create an identity system that is both easy to use and secure. Only then can we hope to create a truly global identity system for the metaverse.

Daniel Saito is CEO and cofounder of StrongNode

Source link

Continue Reading

Startups

How to Eliminate Scheduling Inefficiencies in Your Business

Published

on

What do salons, consultancies, and home service providers all have in common? This question may seem like the prime setup for a joke, but there’s no punchline to look forward…

Continue Reading

Startups

Why You Should Start a Business Only While You Have a Job

Published

on

Opinions expressed by Entrepreneur contributors are their own.

Many people that I meet tell me that they dream of starting their own . I always ask them, “Then why don’t you?” They typically respond by saying that they have so many financial and personal responsibilities, that they can’t just quit their job to start a company, etc. Then I tell them my story …



Hero Images | Getty Images

Related: How to Use Your Current Job to Start Your Next Business

Continue Reading

Trending

URGENT: CYBER SECURITY UPDATE