by Mike McMahan & Charles Gallaer

We’ve all been offered wealth beyond our wildest dreams by a mysterious Nigerian Prince, given a chance to win a free cruise to the Mediterranean by a new travel agency, or asked by a cryptic email from your boss to go get Visa gift cards at the local drug store. If you’ve been on the internet a while, you can spot these scams from a mile off.

But what happens when your boss calls you on video chat and asks you to release a multimillion dollar wire? You would follow what your boss tells you. That’s what one worker at a multinational finance firm did, turning over $25 million of the company’s money–but it wasn’t his boss at all. It was an elaborate deepfake:

The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.

“(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.

But what is a “deepfake”? A deepfake is a highly-realistic, computer-generated or -aided edit to photos or videos that fools all but the most trained observers. A Tom Cruise impersonator made headlines when he worked with a sophisticated deepfake visual effects artist–making the world believe, for a moment, that Tom Cruise had joined TikTok with a series of funny and nonsensical videos.

That was three years ago. In the time since, deepfaking has taken off, aided by the availability of AI models and platforms. Disney was roasted for its poor “de-aging” of Mark Hamill during the (spoilers) finale of Mandalorian Season 2. A YouTuber and deepfake artist known as Shamook posted a much improved version of the surprise cameo, using AI and other tools. LucasFilm then hired him and Luke’s subsequent appearances in (again, spoilers) the Book of Boba Fett were even better–only Mark Hamill wasn’t used at all. A body double was visually deepfaked. More impressive (and frightening) still, LucasFilm even deepfaked Luke Skywalker’s voice, using clips of Mark Hamill from the original trilogy and feeding them into the commercially available Respeecher voice AI program.

So we have nostalgia entertainment. Why does that affect you and your dealership? Because what was once the province of billion-dollar Hollywood studios is now available relatively cheaply and easily to the masses, including scammers. Runway.ml can process any video you upload and turn it into something else, like this video of “President Donald Trump” praising Auto Intel:

Now, even newer and more advanced technologies allow the deepfaking to be done on live video. The head of the Senate Foreign Relations Committee was almost duped by someone posing as Ukraine’s former foreign minister. The deepfaker even looked and sounded like her, but was acting strangely, and thus was caught. Had the deepfaker engaged the Senator in a more normal interaction, none would have been the wiser.

What impact does this have on you? More and more cars are being bought and delivered remotely, or through brokers. With stolen information on the dark web and deepfake technology, customers could purchase cars on other people’s credit scores, and those people will wake up sorely surprised when they are charged for a car they didn’t buy and don’t have. Or, your F&I manager might call you up late at night to authorize a last minute wire, except your F&I manager is at home asleep. Without careful protections, you could get caught dealing with the consequences of a scam.

Ferrari was almost the victim of such a scam. A deepfaker pretended to be CEO Benedetto Vigna, starting a text chat on WhatsApp, and eventually graduating to a video call where the scammer looked and sounded like the CEO. Because the real executive felt like something was off, they thwarted the scheme with a simple question: “What was the last book I recommended to you?” When the scammer couldn’t answer, the jig was up. 

So how can you protect yourself? In three main ways:

First, establish protocols for all large transactions, whether internally or with customers. Require in person signature authority for cash or wire transfers over a certain amount. For internal transfers, consider creating vocal passphrases–akin to how spies greet each other in old movies–to be sure you’re talking to a verified employee or manager. Ask personal questions and probe further if anything seems off. Train your employees on these protocols.

Second, use technological protection, like those offered by Intel or Duck Duck Goose. Just as AI Deepfakes have been on the rise, so too have Deepfake Detection tools, powered by AI. Intel’s program, for example, looks for subtle shifts in the video indicating blood flow–something currently missing from most deepfakes. 

Third, consider insurance. Check your cyber privacy policy, if you have one, to ensure that deepfake scams are covered as possible breaches. Also check your crime policy, fraud policy, etc. Talk to your insurance broker to make sure you are covered.

With the right tools and training, you can prevent yourself from being fooled by the latest scams and scammers. For a comprehensive review of your protocols, tools, and insurance, consider engaging attorneys who know your business and the cyber risks you face.

Be smart and stay up to date on the latest Auto Intel by subscribing to our newsletter below.

Questions? Ask the authors–Mike and Charles have contact information in their bios.