Is the video deepfake risk real?

Short answer, yes.

More nuanced answer, yes but there's quite a bit you can do to prevent most of these attacks from working - some of them human based and some technical controls. I expect to see much more of this sort of news, particularly where the CEO/CFO are public.

For those that didn't see it, an employee in Hong Kong was tricked via video chat into believing their CEO wanted them to transfer $25M in a secret transaction.

To get ahead of it, ensure a few basic checks for requested wire transfers:

1)  It should _always_ warrant extra validation when someone asks for an out of the ordinary transfer that requires secrecy. Make sure everyone involved with transfers in your company is aware of this and repeat it  often.

2) In the age of deepfakes, you can't rely on inbound ad hoc requests to transfer real money, even if  they seem believable. The person receiving the request needs to initiate a call back to a *known* number/email of the individual to validate the  request. If the requestor indicates that they are only reachable via  some new contact info for whatever reason, this should trigger even more  scrutiny.

3) The CEO/CFO and everyone with power to transfer money needs to be aligned on and communicate the  above. You want to ensure the person doing the transfer doesn't feel  that by asking for additional validation that they're pushing back  against or acting in a way that signals they don't trust the leader.

4)  Setup dual-control / two-person integrity for new wire transfers to ensure that the process is being followed and add an extra layer of eyes.

These scams will be much more prevalent as deepfake tech matures so prepare your finance team by  ensuring they're aware of the risk. Work with them to build the process and prevent next week's payroll from funding a super secret but critically strategic investment that doesn't actually exist.