It’s been more than a month and Miranda* still can’t bring herself to watch the entire video.
On February 13, hackers took control of the Melbourne woman’s Instagram account and posted a deep fake of the 34-year-old spruiking a cryptocurrency scam.
“Hi guys, I just invested $1000 and got $10,000 back into my bank account straight away,” the deep fake version of Miranda says in the clip. Her followers were then asked to follow a suspicious account and many also received private messages, purportedly from Miranda, asking them to follow the dodgy account.
Miranda is an e-commerce worker and does not want to disclose her real name because her company has not given her permission to speak publicly.
The woman in the Instagram story looked and sounded like Miranda. She was wearing the same comfy tomato-print dress that Miranda slips into when working from home, and moved her hands in the same animated way. She even punctuated her sentence with the word “literally”, which Miranda uses regularly.
“I was so traumatised,” she said. “My husband showed me the video, but I could only watch it for a few seconds. Seeing yourself on a screen when it is not you is so disturbing.“
Miranda is not an influencer and has no idea why she, and the 470 followers on her private Instagram account, were targeted.
Cybersecurity and consumer experts say cryptocurrency scams are becoming increasingly sophisticated.
The concern comes as new data from the Australian Competition and Consumer Commission shows cryptocurrency investment scams have exploded in the past year, with 4730 reports and victims’ losses more than tripling from $27.9 million to $99 million.
Earlier this month, the consumer watchdog launched legal action against Facebook owner Meta for publishing scam cryptocurrency ads featuring well-known Australians, including former businessman Dick Smith, TV personality David Koch and mining magnate Andrew Forrest.
David Cook, an expert in information warfare and cybersecurity management at Edith Cowan University, has recently received reports of cryptocurrency rorts that involved scammers creating deep fakes of ordinary people.
He said these deep fakes – which use artificial intelligence and machine learning to create fake videos and images – were more convincing when they centred on regular people.
“When you target celebrities, it’s almost a theatre because you will see someone say something outlandish,” he said.
“The ring of truth works for mum and dad investors because it is much more believable when it’s just an ordinary person because you don’t question that theatre side of it. You just take it as that’s a person saying what they believe.”
He said the deep fake video of Miranda could be created in as little as half an hour using free online software.
“Deep fakes weaponise your own imagery and your own voice against you,” he said.
The hackers are understood to have gained access to Miranda’s account by bypassing her work’s virtual private network, which was only recently updated with two-step authentication.
She believes they gleaned data of her face and voice by accessing her Microsoft teams meetings and then transformed the material into a convincing deep fake video.
While many of Miranda’s followers were suspicious of the deep fake video because the movement of her lips did not match the audio, at least one acquaintance was almost duped after they responded to the hacker.
Miranda smashed her phone with a hammer when she first discovered she had been hacked and panicked that someone had been in her house, filming her. She reported the matter to police and the Australian Cyber Security Centre.
The experience left her feeling violated, and she wants to ensure no one goes through a similar ordeal.
The Office of the eSafety Commissioner is concerned about a rise in deep fakes and said the tools being used to create these images and videos were becoming “relatively cheap, user-friendly and mainstream”.
“Deep fakes have the potential to cause significant damage,” it said in a recent position paper.
Consumer Action Law Centre chief executive Gerard Brody said cryptocurrency scams had become increasingly sophisticated, and scammers had gone to great lengths to take advantage of familial ties.
“As soon as there are warnings about one type of scam, the fraudsters are able to change their modus operandi and find new ways of scamming us,” he said.
Susan McClean, a cyber security expert and 27-year veteran of Victoria Police, said only a couple of people needed to fall victim to the scam to make it worthwhile.
Victoria Police and the Australian Cyber Security Centre said they could not comment on individual reports due to privacy reasons.
Meta, which owns Instagram, was contacted for comment.
*Not her real name
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.