Reported Audio Deepfake Impersonating CEO Karim Toubba Targets LastPass Employee via WhatsApp

LastPass experienced an attempted deepfake audio scam where threat actors used AI-generated voice technology to impersonate CEO Karim Toubba. The attack involved a series of calls, texts, and at least one voicemail sent to a LastPass employee via WhatsApp, featuring an audio deepfake of the CEO's voice. The employee recognized red flags including the unusual use of WhatsApp for business communication and typical social engineering tactics such as forced urgency. The employee appropriately ignored the messages and reported the incident to LastPass's internal security team. The company confirmed there was no impact to their security posture or operations. LastPass publicized the incident to raise awareness about the growing threat of deepfake technology being used for executive impersonation fraud. The report also references other similar incidents, including a February 2024 case where a Hong Kong multinational company employee was tricked into paying HK$200 million (approximately US$25.6 million) to scammers using AI-generated deepfake technology, and an August 2022 incident involving Binance where scammers used a deepfake hologram of their communications officer.