It is a curious case. Katja L., a Berlin entrepreneur from the entertainment industry, was ensnared for weeks by Vin Diesel, the Hollywood star best known for the Fast & Furious film series – or so she thought. As it turned out, however, it was not the actor with whom Katja L. first wrote messages and later even made video calls, but a scammer. It has been the victim of a cyber attack.

The case arouses the interest of the investigative magazine “Täter, Opfer, Polizei” (RBB). In it, Katja L. describes the facts of the crime and the perpetrator’s modus operandi. Perseus supports the reporting as an expert in cybercrime and provides insights and background information that help the viewer to correctly classify and understand what is happening.

Contact between victim and perpetrator was made via the social media platform Instagram. However, the fraudster quickly shifted the dialogue to the Google platform “Hangouts”. There are some benefits to using this platform for the perpetrator. On the one hand, he can register relatively anonymously or by using a fake e-mail address. On the other hand, he can adjust chat settings so that conversation histories are automatically deleted as soon as the chat is closed. As a result, all traces are removed and the other party is – as in the present case – without evidence.

First, the alleged Vin Diesel and Katja L. exchanged messages on the platform, later video calls followed. During these, Katja L. was actually able to see, talk to and interact with Hollywood star Vin Diesel. How can that be?

Julian Krautwald, Head of Incident Management at Perseus, explains the incident as follows: “With faceswap technology, it is relatively easy to digitally replace your face with that of any other person – including or especially through that of a celebrity. Afterwards, you can credibly appear as this person. The facial expressions are also adopted, so that a deception is relatively uncomplicated and at the same time very believable.”

At first glance, this technology seems complex and actually like something out of a Hollywood movie. Nevertheless, everyday examples can be found in which this so-called face-masking or face-swapping technology is used. For example, this type of technology is already used by online opticians when choosing glasses. The filter settings of social networks such as Instagram or Snapchat are also based on this principle.

Katja L. fell for the perpetrator so much through the manipulated video calls that she paid for first-class flight tickets, driving services and digital gift cards. The damage amounts to about 5,000 euros.

“Digital gift cards or gift cards are popular means that online fraudsters use to fraudulently obtain money from their victims. Crypto currencies such as Bitcoins would cause too much mistrust. These cards appear comparatively inconspicuous, especially because dealing with online orders and vouchers is commonplace. For the perpetrators, the digital gift cards are perfect. You can use them worldwide and exchange them or resell them and thus turn them into money. At the same time, no traces are left behind, because even if the card numbers are tracked, investigators end up with the buyer – and thus with the victim of the fraud,” says Julian Krautwald.

Even though this case seems very unusual, this type of cyberattack can affect anyone. To protect yourself from this, the cyber experts at Perseus advise you to be generally vigilant. If a situation seems strange to you, trust your gut feeling. Question what is said or written. Get a second opinion. It often helps to talk to a friend, colleague or family member in order to be able to correctly assess an incident or event. Do not transfer money under any circumstances and do not pay in advance for people you do not know personally or have never met.