Imagine jumping on a video call with your CEO, CFO, and other members of your leadership team. As the virtual meeting wraps up, they forward you an invoice and instruct you to pay the new vendor millions of dollars for a new, custom AI buildout that will save the company 50% in SG&A costs and increase sales potential by an additional 25% in five years.
Your gut may tell you something doesn’t feel right about the request, but given the excitement generated in the company for this paradigm-changing technology, during the video call with your leadership team, you process the payment anyway. Days later, the payment is flagged, and your CFO gives you a call asking why the cash account was drained. (And that is the nice version of how that call would go!)
A similar scenario happened to a multinational company in Hong Kong. Scammers used deepfake AI technology to create a realistic, virtual meeting with “a CFO & other leaders” and an employee. The scammers were able to trick the employee into sending $25 million to their account.
While new technology brings the promise of improved productivity in future, it also creates a new plethora of risks for organizations.
Larry Hartmann, the CEO of RoseRyan’s parent company, ZRG Partners—a Global Talent Advisory firm—provided the following tactics that employees can use to help protect their companies from this type of scam:
- Verify Requests: If you receive an unexpected request, whether it is via email, phone or video call—especially involving money or sensitive information—first verify it through multiple channels. Call the person directly using a known number, not one provided in the suspicious communication.
- Look for Red Flags: Pay attention to unusual email addresses, typos, and formatting issues. Be wary of emails that convey a sense of urgency or demand secrecy.
- Use Secure Channels: Always use secure, encrypted channels for sharing sensitive information.
- Report Suspicious Activity: Have employees immediately report any suspicious communications to your IT department. The IT team should also have protocols in place to investigate and respond to these security threats.
- Educate Yourself: Familiarize yourself with the characteristics of phishing emails and voice scams. Have your IT department provide additional resources and training sessions on these things.
It takes the collective effort, awareness, and vigilance of ALL employees; a strong cybersecurity and IT function; and strong internal controls to protect an organization, its employees, and its customers from bad actors in the world today.
RoseRyan and the greater ZRG Partners organization are here to help!
- Our internal audit experts can help identify and evaluate risk and test your system, to make sure your organization has the proper procedures in place to mitigate these concerns.
- We provide on demand, flexible talent for IT and cybersecurity-related roles and projects.
- ZRG Partners’ Executive Search teams place top talent in related fields, including Finance and Accounting, Audit, and Technology (among many others).
If you’re feeling unsure about how secure your organization’s systems and tech applications are, get in touch with us to ensure peace of mind.