Wiz, a cybersecurity startup valued at $12 billion, recently experienced a deepfake attack that was thwarted because employees knew how the CEO usually speaks.
Wiz CEO Assaf Rappaport explained at TechCrunch Disrupt on Monday that hackers manipulated audio of his voice and sent a voice message to dozens of his team members to steal login credentials. The credential-based attack, if successful, would have allowed the hackers to gain access to Wiz's internal systems and steal its data.
Even though deepfake audio has become more convincing, Rappaport's team knew the message was fake because it was based on a clip of the CEO giving a speech — and that is not how he speaks in his daily life.
Wiz employees know that their CEO has public speaking anxiety, so there was a clear difference between how he communicated during the speech and how he usually talks.
"That's how they were able to say, 'That doesn't sound like Assaf,'" Rappaport said.
Assaf Rappaport. Photo Credit: David Paul Morris/Bloomberg via Getty Images
Deepfake audio scams have proliferated recently, going all the way up to the highest levels of an organization. In May, the world's biggest advertising company, WPP, experienced a deepfake attack involving the voice and face of the firm's CEO.
The hackers went as far as coordinating a Microsoft Teams meeting and created a deepfake of the CEO to "attend." They aimed to solicit money and gain personal information from the call. The attackers weren't successful in this case, either.
A survey released last week by cybersecurity company Regula shows that in 2024, half of all global companies have been subject to audio and video deepfake attacks. Moreover, 66% of business leaders said that deepfakes are a serious risk to their companies.
Related: Executives at the World's Largest Advertising Company Scammed Using Deepfake of Company CEO