현실을 파산시키는 신뢰 해킹

Source: Dev.to

The Arup Deepfake Fraud

The finance worker’s video call seemed perfectly normal at first. Colleagues from across the company had dialed in for an urgent meeting, including the chief financial officer. The familiar voices discussed routine business matters, the video quality was crisp, and the participants’ mannerisms felt authentic. Then came the request: transfer $25 million immediately.

What the employee at Arup, the global engineering consultancy, couldn’t see was that every single person on that call—except himself—was a deepfake: sophisticated AI‑generated replicas that fooled both human intuition and the company’s security protocols.

This isn’t science fiction. In Hong Kong, February 2024, an Arup employee authorized 15 transfers totalling $25.6 million before discovering the deception. The attack combined multiple AI technologies—voice cloning, facial synthesis, and behavioural modelling—to create a convincing corporate scenario that bypassed both technological security measures and human intuition.

Rise of AI‑Driven Financial Fraud

The Hong Kong incident is more than an expensive fraud; it offers a glimpse into a future where artificial intelligence fundamentally alters financial manipulation. As AI systems become more sophisticated and accessible, they are not just changing how we manage money—they’re revolutionising how criminals steal it.

“The data we’re releasing today shows that scammers’ tactics are constantly evolving,” warns Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection. “The FTC is monitoring those trends closely and working hard to protect the American people from fraud.”

• In 2024 alone, consumers lost more than $12.5 billion to fraud—a 25 % increase over the previous year.
• Synthetic identity fraud surged by 18 %.
• AI‑driven fraud now accounts for 42.5 % of all detected fraud attempts.

Scale and Impact

• Deloitte research (2024): 25.9 % of executives reported deepfake incidents targeting financial and accounting data in the preceding 12 months.
• Centre for Financial Services (Deloitte): Predicts generative AI could enable fraud losses to reach $40 billion in the United States by 2027, up from $12.3 billion in 2023 (CAGR ≈ 32 %).

These figures illustrate a widening sophistication gap between attackers and defenders. While financial institutions invest heavily in fraud‑detection systems, criminals have access to many of the same AI tools and techniques.

Technical Mechanics of Contemporary AI Fraud

1. Data Harvesting: Machine‑learning models scrape social‑media profiles, purchase histories, and public records to build detailed psychological profiles of potential victims.
2. Personalised Phishing: The profiles inform campaigns that reference specific details about targets’ lives, finances, and emotional states.
3. Voice Cloning: What once required hours of audio now needs only a few seconds of speech to generate convincing impersonations of family members, colleagues, or trusted advisors.

“AI models today require only a few seconds of voice recording to generate highly convincing voice clones freely or at a very low cost,” note cybersecurity researchers studying deepfake vishing attacks. “These scams are highly deceptive due to the hyper‑realistic nature of the cloned voice and the emotional familiarity it creates.”

Psychological Manipulation

AI’s most insidious capability in financial manipulation isn’t technical—it’s psychological. Modern algorithms excel at identifying and exploiting cognitive biases, emotional vulnerabilities, and decision‑making patterns that humans barely recognise in themselves. This marks a shift from traditional fraud, which relied on generic psychological tricks, to personalised manipulation engines that adapt based on individual responses.

AI‑Enabled Manipulation Techniques (Ontario Securities Commission, Sep 2024)

• AI‑generated promotional videos featuring fabricated testimonials from “respected industry experts.”
• Sophisticated editing of investment posts to improve grammar, formatting, and persuasiveness.
• Algorithms promising unrealistic returns while employing scarcity tactics and generalized statements designed to bypass critical thinking.

Researchers summarise:

“Manipulation can take many forms: the exploitation of human biases detected by AI algorithms, personalised addictive strategies for consumption of goods, or taking advantage of the emotionally vulnerable state of individuals.”

Real‑World Case Studies

• Steve Beauchamp, an 82‑year‑old retiree, told The New York Times he drained his retirement fund and invested $690,000 in scam schemes after watching deepfake videos purporting to show Elon Musk promoting investment opportunities.
• A French woman lost nearly $1 million to scammers using AI‑generated content to impersonate Brad Pitt, demonstrating how deepfake technology can exploit parasocial relationships and emotional vulnerabilities.

Robo‑Advisors and Emerging Risks

The financial services industry’s embrace of AI extends beyond fraud detection into investment advice, creating new manipulation vectors that blur the line between legitimate algorithmic guidance and predatory practices.

• Assets under management: Robo‑advisors manage over $8 billion as of 2024, projected to reach $33.38 billion by 2030.
• Growth rate: CAGR of 26.71 %.

The rapid expansion creates competitive pressures that may incentivise platforms to prioritise engagement and revenue over genuine fiduciary duty. Unlike human advisers, AI‑driven platforms operate in a regulatory grey area where traditional rules of financial advice haven’t been fully adapted to algorithmic decision‑making.

“Every robo‑adviser provider uses a unique algorithm created by individuals, which means the technology cannot be completely free from human affect, cognition, or opinion,” observe researchers studying robo‑advisory systems. “Therefore, despite the sophisticated processing power of robo‑advisers, any recommendations they make may still carry biases from the data itself.”