The increasing use of artificial intelligence has made CEO impersonation fraud more accessible, against the backdrop of inflation and economic uncertainty. Here’s what risk managers must know
A version of this article previously appeared in our sister publication, Insurance Times
Back in 2019, the chief executive of an unnamed UK-based energy firm was called by his boss, the chief executive of the firm’s German parent company, and asked to transfer €220,000 (£189, 570) into the bank account of a Hungarian supplier.
Little did the CEO know, the voice on the phone actually belonged to a fraudster who had used artificial intelligence (AI) voice tools to impersonate his boss.
This is just one example of the growing threat of authorised application push fraud, although the story claims to represent the first documented case of CEO fraud.
During times of economic recession, fraud is always on the up and this is certainly the case for chief executive (CEO) impersonation fraud.
CEO fraud occurs when a scammer impersonates a senior staff member, usually, the chief executive, to convince employees at the organisation to make an urgent payment into the fraudster’s account.
Businesses remain a prime target for this fraud type – according to a report by Pinsent Masons published earlier this year, losses in the UK alone were £77m.
Understanding the risks
For Vikshay Vijai, business fraud sales manager at Allianz Trade, the most interesting and more common sort of fraud the credit insurer had seen over the last five years was impersonation fraud.
This can be classified as external fraud which includes robbery, theft, and certain social engineering attacks where the scammer assumes a false identity.
“It is a criminal act and sadly, due to continued economic changes such as remote working, it is on the rise”
He said: “In recent years, impersonation fraud has become one of the most common types of fraud, with fraudsters acting as chief executives or directors and putting employees under pressure to release funds and important information eventually resulting in significant financial loss to businesses.
“It is a criminal act and sadly, due to continued economic changes such as remote working, it is on the rise.
“We’ve seen various kinds of payments diversion where cheques… are forged that lead to payment being made to someone it’s not supposed to be made to. That’s how criminals pilfer away money into a fake bank account that is set up just for the purpose of committing fraud there.”
Risk of deepfakes
Impersonation fraud includes the use of deepfakes, which has been further complicated with the explosion of AI programs such as ChatGPT making this more and more convincing. DAC Beachcroft listed impersonation fraud as one of its top tech risks last year.
Deepfakes use generative AI to replace the likeness of one person with another in image, video, or audio and can be deployed via various platforms such as Zoom, Microsoft Teams, Slack, email, text messages and the metaverse.
”As attackers get more familiar with these technologies, what they can do and how to operate them – we are going to see an increase in these scam attacks.”
The threat of deep fakes has also thrown a spanner in the works for cyber liability insurers by providing criminals with the ability to sidestep biometric controls, manipulate employees to click malicious links and coax financial agents to transfer capital.
Simulating someone else’s voice in impersonation scams is not a new tactic from cyber criminals, but the proliferation of AI technology has made it more accessible.
In an interview with NBC News in March 2023, Coalition’s vice president of research Tiago Henriques said: “As attackers get more familiar with these technologies, what they can do and how to operate them – we are going to see an increase in these scam attacks.”
The role of insurance in tackling the risk
Allianz Trade has launched a new standalone fraud insurance product for businesses, following a rise in internal employee fraud and external scams in the UK post-pandemic.
Speaking during a briefing call with journalists last month (20 July 2023) Sarah Murrow, chief executive of Allianz Trade, explained: “We do see fraud increase during times of economic downturn and this is what we were expecting in the coming period.”
The product also covers external fraud including robbery, burglary, intercepted payments and payments made based on a forged order.
“We do see fraud increase during times of economic downturn”
The trade credit insurer is already seeing strong interest from its existing client base, according to a statement, and will be using brokers alongside cross-selling as a distribution strategy.
The UK fidelity market, also known as the business fraud insurance sector, is currently made up of around 60% brokers, according to Steve Stennet, standard commercial director for UK and Ireland at Allianz Trade
The advent of remote working, lack of monitoring or processes in hybrid working, explosion of AI and the current economic climate have made fraud easier to commit, he added.
Other risk management approaches
Alex West, director of the restructuring and forensics team at Pricewaterhouse Coopers (PwC), said: ”Fraudsters are increasingly using new technologies such as generative AI and deepfakes to scam victims and we all need to better understand fraud threats and improve our personal level of defence.
”We expect the cost of living crisis to increase pressures on businesses and individuals, incentivising people to take risks, which is likely to lead to an increase in fraud in the coming years, a trend that already seems to be evident in money mule levels.”
Risk managers must therefore be equally quick at spotting potential fraud vulnerabilities and in their use of technologies like AI improve fraud prevention and detection.