How to Avoid a Business Email AI Scam

Do you think you’d know the difference between your actual boss and an AI fake version on a video call? You’d like to think so, but sophisticated technology makes it exceptionally difficult to tell the difference between truth and deception. Imagine how difficult it is to distinguish a legit email from a counterfeit one. In the story we’ll explore below, scammers extorted $25 million from a company during one AI scam video call.

This isn’t an isolated case. It’s estimated that a cybersecurity attack takes place every 2 seconds (Cybersecurity Ventures). Recent research shows that one in five businesses were victims of a cyber attack 2022-2023 (Aviva). And cybercrime is predicted to cost the world an alarming $10.5 trillion annually by 2025 (Cybercrime Magazine). 

In this blog, we’ll share a super sophisticated business email AI scam and provide expert insights on how you can reduce the risk of it happening to you.

How a Multinational Company Fell for a $25million Business Email AI Scam

If you received an email, meeting invite or a video call from your CFO, would you question its authenticity? This was the situation for a Hong Kong based finance worker. The employee at a multinational company believed that they were in a video conference with their CFO and colleagues. The reality was that everyone on the call, the CFO included, was a AI scam impersonation.

When the employee was asked to authorize a huge financial transaction to the sum of $25 million, they did as they were told. Whilst they’d had some early suspicions when they’d received an email about a secret transaction, the video call with authority figures that they recognized allayed their fears. So sophisticated were these AI-generated images, that they complied with the scammer’s request (MSN). 

The Rise of Whaling and Other Business Email Phishing Attacks

This AI scam story may sound unbelievable but it’s a fairly typical case of whaling. Whaling is a type of phishing that targets a very specific person, rather than a broad number of users. That person being targeted will be a big ticket item, typically a senior executive. The contact, such as an email or meeting invite, seems genuine and is likely to include personalized information about the targeted company or person. Whaling is one of the biggest risks facing businesses today. 

How to Optimize Business Email Security With Planck

You may think that you’ve taken steps to ensure your business emails remain secure. The truth in most cases is that businesses are not doing enough, and leave themselves vulnerable to email cybersecurity attacks. 

91% of cyber attacks start with email, and in most of the cases they’re hosted on well-known services that are believed to provide built-in security. To prevent these attacks at the source, you can make your communication intrinsically more secure with Planck's business email security solutions. Planck validates the identity of senders with full certainty, preventing whaling and other phishing attacks like the one described in this article. 

With Planck, the recipient would have been able to verify that the email invite came from the CFO rather than an outside adversary. Planck would have identified that the meeting wasn’t legitimate. With Planck installed, you can easily define a process that asks every payment request to be sent by verified email. That provides another obstacle for the attackers and an additional level of security for you. 

Reduce your risk of attack and make your communication intrinsically more secure with Planck’s email solutions. It’s the most effective and easy-to-use business communication protection software on the market. 

Planck’s solutions are designed to protect enterprises from sophisticated cyber threats, like a AI scam. Our simple yet sophisticated plugin works seamlessly with your existing email service provider to optimize its security on many levels. 

Contact us to discuss your unique business email security requirements. 

Recent posts

Insight

NIS2 Compliance: Checklist for Office 365 Users

Understanding NIS2 Compliance The NIS2 Directive (Directive (EU) 2022/2555) is a pivotal piece of legisl...

Insight

Fixing Proofpoint Email Protection: 3 Steps to Avoid Spoofing and Phishing Campaigns From Your...

How Malicious Actors Broke Proofpoint's Cybersecurity What happened with Proofpoint Email Protection? In...

News

Research Data Protection for DiNAQOR and DiNABIOS

Cyber incidents, like theft of confidential intellectual property (think research data and patents), are...