LastPass, a password manager owned by GoTo, recently encountered a phishing attempt targeting one of its employees through deepfake technology. The incident occurred when threat actors impersonated the company’s CEO using deepfake audio via WhatsApp. However, the employee grew suspicious due to the urgency of the communication, its occurrence outside regular business hours, and signs of social engineering.
Fortunately, the employee’s quick thinking prevented any impact on LastPass as the communication was ignored and reported to the security team. LastPass emphasizes the increasing use of deepfakes by threat actors in executive impersonation fraud campaigns, highlighting the importance of employee training in detecting and thwarting such attacks.
Deepfakes, synthetic media crafted with AI and ML, have become a growing concern in cybersecurity, with potential applications in propaganda, misinformation, and cybercrime. LastPass warns of deepfakes’ use in business email compromise attacks, underscoring the need for organizations to prioritize internal communication verification and employee awareness to mitigate risks.
Reference:
