Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            1. The Threat Landscape

            Modified on Mon, 13 Apr at 8:42 PM

            Foreword

            Seeing is no longer believing. Hearing is no longer believing.

            In February 2024, a finance employee at Arup joined a video conference with his CFO and several colleagues. Every person on screen looked and sounded right. All were AI-generated deepfakes. The employee executed 15 wire transfers totaling US$25.6 million before the fraud was discovered.

            Voice can now be cloned from three seconds of audio. Video can be generated in real time. Caller ID can be spoofed in minutes. This manual gives employees a concrete protocol—and a tool—to restore verifiable trust. Your job is not to detect deepfakes. Your job is to challenge and verify.

            1.1  Scale

            $16.6B in U.S. cybercrime losses in 2024 (FBI IC3). Deepfake fraud up 700% in Q1 2025. Vishing attacks surged 442% between H1 and H2 of 2024. One deepfake attack every five minutes. Human detection rate of high-quality video deepfakes: 24.5%. Voice cloning requires as little as 3 seconds of audio and costs ~$5 via criminal-as-a-service tools.

            1.2  Why Detection Alone Fails

            Using AI to detect AI deepfakes is an arms race. The only sustainable defense is cryptographic proof of identity at the point of interaction—which is what SureCircle provides.

            1.3  Four Attack Patterns

            Attack Type

            Pattern & Psychological Levers

            Real-World Anchor

            CEO/Executive Impersonation (Whaling)

            Spoofed number or voice clone requests urgent wire transfer or gift cards. Levers: authority, urgency, secrecy (“don’t discuss”).

            Arup $25.6M deepfake video call (2024); UK energy firm $243K voice clone (2019); Uber 2022 breach

            IT/Support Desk Impersonation

            Caller claims active breach, requests remote-access install or MFA codes. Levers: fear of compromise, technical authority.

            MGM Resorts 2023 — 10-min vishing call → full VPN reset → $100M+ impact

            Bank/Finance Impersonation

            Caller flags “fraudulent activity,” needs credentials to “verify” or “reverse.” Levers: fear of financial loss, time pressure.

            Common vs. SMBs; typical losses $50K–$500K per incident

            Vendor/Supplier Impersonation

            Known vendor requests payment to “new” account due to “audit.” Often combines BEC email + phone confirmation. Levers: established trust, plausible pretext.

            Top FBI IC3 category; billions in annual BEC/vendor fraud losses


            1.4  Why You Are the Target

            Nearly 3 in 4 new hires clicked a phishing email within their first 90 days. But tenure alone is not protection—sophisticated attacks exploit trust, not ignorance. Attackers target people who are helpful, responsive, and respectful of authority. Roles with elevated exposure: Finance & Accounting, IT Helpdesk, Executive Assistants, HR, and Procurement.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0