Finance director in S'pore transfers S$670,000 to scammers who used deepfake to impersonate company's executives

A finance director of a multi-national corporation transferred US$499,000 (around S$670,000) from the company’s HSBC bank account to another local corporate bank account under the instructions of the company’s chief financial officer (CFO).

It turned out later that the person he was speaking to was a scammer who had used deepfake technology to impersonate the CFO.

Within three days of realising the scam, local and overseas authorities successfully traced the illicitly transferred funds, the Singapore Police Force (SPF) said in a media release.

Deepfake used to impersonate company officials

The scammers first convinced the man to attend a video conference regarding a restructuring of the firm's regional business and got him to sign a non-disclosure agreement with a purported lawyer.

He participated in the Zoom call on Mar. 25, where deepfake technology was used to impersonate the CEO and other executives.

During the call and subsequent communications with the lawyer-impersonator, the victim was instructed to transfer over US$499,000 (around S$670,000) from the company's HSBC account to a local corporate account.

He completed the transaction on Mar. 26.

Unbeknownst to him, the beneficiary corporate bank account was a money mule account controlled by the scammers.

From the account, funds amounting to over US$494,000 (around S$670,000) were transferred out of jurisdiction to Hong Kong bank accounts.

Realised the scam

The victim only became aware of the scam on Mar. 27 when the scammer asked for an additional US$1.4 million (around S$1.88 million) to be transferred.

He quickly alerted HSBC, which immediately notified the SPF's Anti-Scam Centre (ASC).

On Mar. 28, ASC, with the assistance of its overseas counterpart and FRONTIER+ member, the Hong Kong Police Force’s (HKPF) Anti-Deception Coordination Centre (ADCC), successfully traced and withheld the funds lost to the scam.

FRONTIER+ was established on Oct. 21, 2024, as an initiative to strengthen the region's capability to combat sophisticated cross-border scam operations and recover illicitly transferred funds.

Acting on information provided by HSBC, the ASC quickly established the destination of the scam proceeds and sought the assistance of the ADCC to recover the funds.

The ASC has also seized the remaining amount of over US$5,000 (around S$7,000) in the local mule account.

Investigations into the case are ongoing.

Advisory

SPF also advised businesses to adopt the following precautionary measures:

• Establish protocols for employees to verify the authenticity of any video calls or messages, particularly those purportedly from senior executives or key stakeholders. Train employees to be vigilant about unsolicited video calls or messages, even if they appear to come from known business contacts;
• Be mindful of any sudden or urgent fund transfer instructions and verify the authenticity of the instructions with the relevant departments or personnel directly through established communication channels;
• Never disclose confidential or personal information or send money to any unknown persons; and
• If you suspect that your company has fallen victim to a scam, call the associated bank immediately to report and block any fraudulent transactions and lodge a police report.

If in doubt, you can call the 24/7 ScamShield Helpline at 1799.

For more information on scams, you can also visit www.scamshield.gov.sg.

Top photo from Canva