Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio deepfake technology.

This incident underscores the urgent need for heightened cybersecurity awareness and the implementation of robust verification processes within organizations.

The Rise of Deepfake Technology

Deepfake technology, which employs generative artificial intelligence to create hyper-realistic audio or visual content, has been a growing concern among cybersecurity experts for several years.

Initially associated with political misinformation campaigns, the technology’s potential for harm has expanded into the private sector, with fraudsters leveraging it for elaborate impersonation schemes.

The technology’s accessibility has dramatically increased, with numerous websites and applications enabling virtually anyone to craft convincing deepfakes.

Historically, deep fakes have been used in high-profile fraud cases, such as a 2019 incident where a UK company’s employee was tricked into transferring funds to a fraudster impersonating the CEO through voice-generating AI.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

More recently, a finance worker at a Hong Kong-based multinational was deceived into sending $25 million to perpetrators using video deepfake technology to impersonate key company officials during a video call.

The LastPass Incident: A Close Call

The recent attempt on a LastPass employee represents a significant escalation in using deepfake technology for corporate fraud.

The employee received multiple calls, texts, and at least one voicemail via WhatsApp, all featuring an audio deepfake of the company’s CEO.

The fraudulent communication was immediately suspicious to the employee due to its occurrence outside normal business channels and the presence of social engineering red flags, such as undue urgency.

Screen capture displaying the WhatsApp attempted contact using deepfake audio as part of a CEO impersonation

Screen capture displaying the WhatsApp attempted contact using deepfake audio as part of a CEO impersonation.

Fortunately, the LastPass employee did not engage with the fraudulent messages and promptly reported the incident to the company’s internal security team.

This swift action allowed LastPass to mitigate any potential threat and use the incident as a case study to enhance awareness of deepfake technology’s dangers within the company and the broader cybersecurity community.

The incident serves as a critical reminder of the importance of verifying the identity of individuals claiming affiliation with a company, especially when contacted through unconventional channels.

LastPass’s proactive approach in sharing details of the attempted fraud aims to encourage other organizations to remain vigilant and educate their employees about cybercriminals’ evolving tactics.

In response to the growing threat posed by deepfake technology, LastPass is collaborating with intelligence-sharing partners and other cybersecurity entities to share knowledge about such tactics.

This collective effort is crucial for staying ahead of fraudsters and safeguarding the integrity of corporate communications and transactions.

The attempted deepfake call targeting a LastPass employee is a stark illustration of the sophisticated methods employed by cybercriminals in the digital age.

It highlights the imperative for continuous education, vigilance, and developing secure verification protocols to protect against the ever-evolving threats posed by malicious actors in the cyber realm.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning and…

18 hours ago

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is transmitted…

18 hours ago

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services (IIS)…

18 hours ago

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques like…

21 hours ago

New Scareware Attack Targeting Mobile Users to Deploy Malicious Antivirus Apps

A new wave of scareware attacks has emerged, targeting unsuspecting mobile users with fake antivirus…

21 hours ago

Ghidra 11.3 Released – A Major Update to NSA’s Open-Source Tool

The National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its…

21 hours ago