Overview

The Singapore Police Force (SPF), the Monetary Authority of Singapore (MAS), and the Cyber Security Agency of Singapore (CSA) have jointly issued a public advisory warning about a new series of scams involving digital manipulation. These scams leverage Artificial Intelligence (AI) to create synthetic media, commonly known as deepfakes. This allows scammers to impersonate high-ranking executives and deceive employees into transferring funds from corporate accounts.

The Evolution of Digital Manipulation Scams

In this emerging scam variant, fraudsters exploit AI-driven technology to manipulate video and audio, convincingly mimicking the facial features, voice, and gestures of senior executives. The technique involves scammers contacting victims via unwanted WhatsApp messages, claiming to be executives from the victims’ own companies.

Victims are then invited to a live Zoom video call, during which they encounter fake visuals of their high-ranking executives, sometimes accompanied by individuals impersonating MAS officials or potential investors.

Step-by-Step Breakdown of the Scam

1. Initial Contact: Victims receive WhatsApp messages from scammers impersonating company executives.
2. Video Call Setup: The victims are invited to a live-streamed Zoom call, during which AI-driven digital manipulation is employed to create fake visuals of the executives.
3. Fake Business Justifications: The scammers instruct victims to initiate substantial fund transfers under the guise of legitimate business transactions such as project financing or investments.
4. Reinforcement Through Fake Legal Documentation: To harden their deception, the scammers introduce another fraudster mimicking the company’s legal counsel, who then provides seemingly authentic legal documents such as a Non-Disclosure Agreement or a Board Letter.
5. Realization of the Scam: Victims discover they have been duped when they attempt to follow up with their real company executives or legal counsel, who confirm that they were never part of the video calls or fund transfer requests. By this time, the scammers have usually become uncontactable, making recovery of funds challenging.

Key Indicators of AI-Driven Manipulation

While AI technology has significantly improved the realism of deepfakes, certain indicative signs can help employees identify digital manipulation:

• Lip-Sync Inconsistencies: Discrepancies between the executive’s lip movements and the spoken words.
• Unnatural Facial Expressions: The subject may appear overly stiff or lack natural micro-expressions.
• Audio Delays and Distortions: Lag or mismatched audio that does not align with facial movements.
• Low Video Quality in Key Areas: Pixelation or blurring, especially around the mouth and eyes.
• Unusual Lighting and Shadows: AI-generated videos often struggle to accurately replicate dynamic lighting effects.

How Businesses Can Stay Secure

To mitigate the risks posed by digital manipulation scams, businesses should implement the following precautionary strategies:

1. Verify Communications: Establish stringent verification protocols for any communication involving fund transfers, particularly those purportedly originating from senior executives or external stakeholders. Employees should be trained to scrutinize unexpected requests for fund transfers or sensitive data.
2. Leverage Advanced Monitoring Tools: AI-driven solutions like Cyble’s Executive Monitoring tool provide deepfake detection capabilities, enhancing digital security. This tool ensures comprehensive advanced monitoring, scanning social media and video platforms for AI-generated fake content. Prompt Alerts also notify businesses of suspected deepfake threats in real-time, allowing them to take swift action to secure their reputation and prevent fraud.
3. Authenticate Video Calls: Verify participants before engaging in high-stakes discussions using multi-factor authentication (MFA) or company-controlled video conferencing platforms.
4. Conduct Awareness Training: Foster a culture of cyber-awareness amongst the workforce and educate them on the risks of AI-driven fraud, how they can detect suspicious video and audio manipulations and take corrective actions accordingly.
5. Secure Communication Channels: Always verify fund transfer requests through a secondary, well-established internal communication method before processing transactions.
6. Restrict Access to Sensitive Data: Limit the number of employees who have authorization to access critical financial accounts and information.
7. Implement Fraud Detection Technology: AI-driven fraud detection tools can analyze video and audio anomalies to flag potential deepfake manipulations.

Responding to a Suspected Scam

If an organization suspects that it has fallen victim to a scam, immediate action is crucial:

• Contact the Associated Bank: Report and attempt to block fraudulent transactions at the earliest opportunity.
• Report to Authorities: File a police report to aid in ongoing investigations and prevent further incidents.
• Alert Employees: Ensure internal teams are aware of the incident to prevent recurrence.
• Engage Cybersecurity Experts: Conduct forensic analysis to determine the extent of the compromise and bolster future security measures.

Public Advisory from MAS

The Monetary Authority of Singapore has clearly stated that it does not request monetary transfers or personal banking credentials. Additionally, MAS does not maintain records of individuals’ financial transactions or hold funds for individuals. Businesses and individuals should remain cautious when approached by anyone claiming to represent MAS in financial matters.

Community Vigilance: A Shared Responsibility

Fighting cyber scams requires a collective effort. Organizations must prioritize cybersecurity awareness, while employees should remain vigilant and report suspicious activity. The Singapore authorities have also provided a dedicated 24/7 ScamShield Helpline (1799) for verification of potential scams.

Conclusion

The emergence of deepfake-driven financial fraud stresses the growing deception of cyber threats. As technology advances, so do the tactics employed by cybercriminals. Businesses must stay ahead of these threats by implementing security protocols, adopting cybersecurity awareness, and collaborating with regulatory authorities to mitigate risks. By remaining vigilant, organizations can safeguard their financial assets and protect employees from falling victim to AI-powered deception.

References:

• https://www.csa.gov.sg/alerts-and-advisories/advisories/ad-2025-005
• https://isomer-user-content.by.gov.sg/36/248c2c73-81ce-4650-b434-815a7db37390/Joint%20Advisory%20on%20Scams%20Involving%20Digital%20Manipulation.pdf

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.