Posted on

Deepfakes and Social Engineering: The New Face of CEO and CFO Fraud

4 min read

What is a Deepfakes and Social EngineeringTechnological advancements have ushered in a new era of cybercrime, with deepfakes and social engineering tactics at the forefront of fraudulent activities. CEO and CFO fraud has become increasingly widespread, posing significant threats to organizations worldwide.

Understanding CEO and CFO Fraud

CEO and CFO fraud involves cybercriminals impersonating executives to manipulate employees to transfer funds or sensitive information. These scams often rely on social engineering techniques to deceive unsuspecting victims. While traditional phishing emails used in business email compromise (BEC)might use generic language, sophisticated cybercriminals now leverage deepfakes to make their schemes more convincing. They exploit human trust and undermine traditional security measures.

The Rise of Deepfakes

Deepfakes are highly realistic manipulated media created using deep learning technology, often involving video or audio recordings that appear genuine. With the aid of generative artificial intelligence (AI) tools, deepfake technology has become increasingly sophisticated. This is because the synthetic media generated using AI can realistically replicate a person’s voice, appearance, and mannerisms. These advancements in AI technology have made it increasingly challenging to distinguish between real and manipulated content, amplifying the effectiveness of social engineering tactics.

It is worth noting that deepfakes alone are not enough to guarantee success for these scams. Social engineering plays a crucial role in manipulating victims and exploiting their vulnerabilities. The fraudsters deploy various tactics, including creating a sense of urgency, leveraging trust and authority, and targeting specific individuals with access to sensitive information or decision-making authority.

A notable instance of this fraud is that of a Hong Kong-based multinational firm that lost $25 million after being duped by a deepfake impersonation of their CFO. Using a realistic video call, the scammer instructed an employee to transfer the funds to a supposedly urgent business acquisition in China. Unfortunately, the employee was unaware of the deepfake and fell victim to the elaborate scam.

In another instance, a cybercriminal impersonated the CFO of a prominent financial institution using a deepfake audio recording. The fraudulent call, which sounded identical to the CFO’s voice, instructed an employee to disclose sensitive client information. Believing it was a legitimate request from the CFO, the employee complied, unintentionally compromising confidential data and exposing the organization to regulatory penalties and lawsuits.

Mitigating the Threat

Organizations must implement robust cybersecurity measures and employee training initiatives to deal with the rising threat of CEO and CFO fraud facilitated by deepfakes and social engineering. Below are some strategies to consider:

  • Employee education and awareness: Companies can hold regular training sessions to educate employees about the dangers of social engineering tactics and how to identify suspicious communications, including deepfake content. They also can encourage vigilance and emphasize the importance of verifying requests, especially those involving financial transactions or sensitive information.
  • Multi-factor authentication (MFA): Businesses are implementing MFA protocols for financial transactions and accessing sensitive data. By requiring multiple verification forms, such as passwords, biometrics or one-time codes, MFA adds an extra layer of security that can help hinder unauthorized access, even if credentials are compromised.
  • Strict verification procedures and zero-trust policy: Organizations can establish strict verification procedures for any requests involving changes to payment instructions or the disclosure of sensitive information. Employees must verify such requests through multiple channels, such as phone calls or in-person meetings.
  • Advanced detection technologies: Companies also might invest in advanced detection technologies capable of identifying deepfake content and other forms of manipulated media. These tools use AI algorithms to analyze multimedia content for signs of tampering or manipulation, helping organizations identify potential threats before they escalate.

As deepfake technology advances, these scams will likely become even more sophisticated and challenging to detect. As Gartner predicts, by 2026, identity verification and authentication solutions such as face biometrics could become unreliable due to AI-generated deepfakes. Therefore, it is crucial to acknowledge the broader implications of deepfakes and social engineering. Regulatory bodies, technology companies, and other concerned institutions must collaborate to develop comprehensive frameworks that address the ethical use of AI, establish clear guidelines for deepfake technology, and enhance overall cybersecurity resilience.

Conclusion

As deepfakes and social engineering tactics continue to evolve, the threat of CEO and CFO fraud is a real challenge for organizations of all sizes. Sophisticated technology and deceptive practices have made it easier than ever for cybercriminals to impersonate executives and manipulate employees into unknowingly facilitating fraudulent activities. Organizations must adopt proactive approaches to mitigate the risks associated with deep fake-enabled fraud and to safeguard their assets and reputations in an increasingly digital landscape.

Posted on

U.S. Beneficial Ownership Information Reporting Begins

4 min read

The U.S. Treasury recently enacted a new reporting requirement aimed at quashing illicit financial transactions. The agency believes that corporate anonymity is enabling money laundering, terrorism, and drug trafficking. As part of the 2021 Corporate Transparency Act (CTA), certain companies are now required to report information about their beneficial owners. The goal of the new registration requirements is to create a centralized database of beneficial ownership information.

There has been push-back from some lawmakers and small business organizations, citing this as an erroneous regulatory process that just makes life harder for small businesses. Efforts to carve out exceptions or delay the implementation failed. As a result, the Treasury Department officially opened beneficial ownership information reporting on Jan. 1, 2024.

Who is Subject to Reporting?

Generally, a company may need to report beneficial ownership information if it is a corporation, LLC, or other business entity created by the filing with a U.S. secretary of state or a foreign company registered to do business in the United States. Reporting requirements for trusts and other entity types are more dependent on state law.

At first glance, the rules make it look like all businesses are subject to reporting. There are exemptions, however, including nonprofits, publicly traded companies, and certain large operating companies. The FinCEN’s Compliance Guide provides an exemption qualification checklist.

Reporting Timelines and Requirements

First, you only must file an initial report once. There are no annual reporting requirements. Filing deadlines vary based on when a company was created or registered with the relevant secretary of state.

  • Before Jan. 1, 2024, => Deadline of Jan. 1, 2025
  • Between Jan. 1, 2024, and Jan. 1, 2025, => You have 90 calendar days after receiving notice of the company’s creation or registration to file.
  • On or after Jan. 1, 2025, => Deadline is 30 calendar days from the company’s creation or registration.

While there is no annual filing requirement, filing updates are necessary within 30 days of any changes. Ownership activity subject to change reporting includes registering a new business name, a change in beneficial owners, or a beneficial owner’s name, address, or unique identifying number previously provided.

What Do You Need to Report?

Beneficial ownership reporting must identify the following data.

At the company level, it must report:

  • Company name, both legal and trade (if applicable)
  • Company physical address (no post office boxes)
  • Jurisdiction of formation or registration
  • Taxpayer Identification Number

For each beneficial owner, the following must be reported:

  • Name
  • Date of birth
  • Address
  • Driver’s license, passport, or other acceptable identification

Depending on the situation, there also may be reporting requirements about the company applicant. This is generally a person involved in the creation or registration of the company. The same four pieces of data as for a beneficial owner would need to be provided.

As a general rule, a beneficial owner is someone who controls the company or owns 25 percent or more.

The full definition and all exemptions to whom constitutes a beneficial owner or company applicant can be found here.

No financial information or details about the business operations are required.

How and Where to File

You have the option to file online or via PDF. Filing online can be done through the Beneficial Ownership Information (BOI) E-Filing System on the FinCEN site.

There is no cost to file.

Conclusion and Cautions

While the reporting is simple, the requirements should not be taken lightly. Failure to report could result in civil penalties of up to $500 per day and criminal charges of up to two years imprisonment and a fine of up to $10,000.

The message is this: Don’t wait – and don’t forget to file!

Posted on

Actions Lottery Winners Should Consider

4 min read

What to do if you win a lotteryWe all have those days when we dream of striking it rich with a winning lottery ticket. Never having to work again while living a life of luxury. While your chance of finding a four-leaf clover is higher than winning the lottery, we can still dream, right? And while we are dreaming, let’s talk about the best ways to deal with landing such a large sum of cash. And since lottery winners have a limited time to claim their prize, it’s important to take prudent steps when managing the money.

How Much Do Winners Actually Take Home?

Let’s take a look at actual prize amounts from recent winnings. The October 2023 Powerball jackpot of $1.2 billion translated to a cash value of $551.7 million. Depending on what the winner decides – either taking the lump sum or opting for a multi-decade annuity – they have a serious decision to make.

It’s important to consider inflation factors if choosing the multi-decade annuity option. For example, when it comes to 30 payments taken over 29 years, the first consideration is to determine if there’s a 5 percent increase in the amount for each subsequent year. However, it’s important to keep inflation and the value of money going forward in mind.

For example, between March 2021 and March 2023, the average monthly inflation rate was 5 percent or higher, according to Statista Research Department. It peaked during June 2022 at 9.1 percent on a monthly basis. If the lump sum was taken before inflation increased during the post-COVID-19 reopening, or the annuity was increased by 5 percent, lottery winners without a plan to preserve and increase their earnings would have seen their money’s purchasing power decline.

Another thing to consider is how to legally navigate the tax code. For example, when it comes to federal taxes, 24 percent is automatically withheld. According to the 2024 Federal Tax Code, large winnings will put the winner in the 37 percent tax bracket. If the winner is single or married, the 37 percent bracket kicks in at $578,125 and $693,750, respectively. Additionally, winners also are required to determine compliance with state, county, city, etc. taxes. State taxes can vary greatly; looking at you: Pennsylvania at 3.07 percent, and New York at 10.9 percent.

When it comes to being generous through philanthropy, winners can work with their legal and financial professionals to determine how to offset taxes. This can take the form of direct donations, creating a donor advisor fund (DAF) to get the tax benefit immediately, especially if the lump sum is taken, but also if an annuity is taken. With 2023’s standard deduction threshold of $13,850 (single) and $27,700 (married couples), winners might consider how to make charitable donations part of a tax reduction plan.

Another question to ask is whether establishing a trust would be helpful when sorting out one’s distribution of assets. If a winner dies intestate (without a will), the state of that person’s residence will determine who gets your money – regardless of who you may have wanted to receive it.

Similarly, setting up a trust may be beneficial for both claiming the lottery winning anonymously, and it can help determine how to give money to family members. A trust can be set up for a family member or a pet’s care and can be conditional on releasing the funds when the individual reaches a certain age.

While these steps are not comprehensive, and each winner will have unique circumstances, there are many legal and financial considerations to think about immediately upon winning and before claiming a jackpot.

Sources

https://www.irs.gov/credits-and-deductions-for-individuals

https://www.statista.com/statistics/273418/unadjusted-monthly-inflation-rate-in-the-us/