New Threat Alert: Deepfake Attacks and How to Protect Against Them
If I told you 10 years ago that artificial intelligence (AI) would be so advanced, it would allow someone on the internet to take on another person's face in real time – you wouldn't have believed me. It treads the realm of science fiction with a little bit of horror mixed in.
To give you a better picture, imagine video chatting with your employer or partner, except it's not really them. You are actually talking to a cybercriminal using a computer-generated face that looks just like your boss or colleague. Now, take an honest look at how dangerous that conversation could be for your business. The imposter might ask you to discuss sensitive matters, or ask you to send important files, and so on.
That is the cybersecurity threat presented by deepfakes, and malicious actors are already employing those methods today. Who would have thought that the future of cybercrime would be staring us right in the face? It's a frightening technology, especially when you think about the possibilities. Thankfully, you're reading this article right now, and raising awareness is the first step to combating this new threat.
At ITS, we are an IT support company that provides advanced cybersecurity services for small to midsize businesses. Our team is dedicated to raising awareness and sharing our insights on the latest cyber threats like deepfakes, so you can prepare for them.
In this article, we'll dive into the dangers of deepfakes by discussing the following topics:
- What are Deepfakes?
- What Dangers Do Deepfakes Pose for Your Business?
- How Can You Protect Against Deepfake Scams?
What are Deepfakes?
A deepfake is a portmanteau of "deep learning" and "fake." It refers to synthetic media in which a person depicted in existing audio, image, or video is replaced with someone else's likeness or voice. That is done with advanced machine learning technology that can learn a subject's face and voice, allowing another person to impersonate that subject in real-time.
If you've ever used a face filter on a mobile app, you already have a general inkling of how that works. The only difference is that instead of overlaying silly graphics and squeaky voices on your video, deepfakes virtually allow you to impersonate another person on camera.
What Dangers Do Deepfakes Pose for Your Business?
As we've mentioned earlier, deepfake attacks are already happening. Cyber actors are already employing the technology, and they're only getting better at it. Take a look below at some examples of how attackers can use deepfakes against you:
If you have ever had to do online identity checks, then you have your work cut out for you, thanks to deepfakes. From voice calls and video calls, all of it can be faked in real-time. What's worse is that the technology is advancing at break-neck speeds, making it harder to spot a digital forgery. It presents a massive hurdle for financial institutions and similar organizations that need to conduct background and identity checks for transactions.
Enhanced Social Engineering
Imagine getting on a Zoom call with a candidate applying for one of your remote positions. They seem like a good fit, so you give them the role along with the necessary access that comes with it. The problem is that the candidate is an imposter who took over someone else's identity. Now, that person has access to sensitive data and company assets, and you are none the wiser.
It may sound unreal. However, cases have been rising to the point that the Federal Bureau of Investigation (FBI) has felt it necessary to issue a warning against deepfakes.
Deepfake Phishing Scams
According to a Proofpoint study, 83% of organizations experienced a successful email-based phishing attack in 2021. It proves just how effective that type of scam already is, and deepfakes are taking it to the next level. Just imagine how much more convincing cybercriminals can be with the technology.
To give you a better idea of the threat, let's take a look at one high-profile example. In 2019, cybercriminals used deepfake phishing to trick the CEO of a UK-based energy firm into transferring them $243,000. The cyber actors utilized AI-based voice-spoofing software to impersonate the head of the firm's parent company and convinced the CEO that he was speaking with his boss.
Whether it's coercing members of your team to transfer sensitive data, login credentials, or funds, phishing scams are now even more effective thanks to deepfakes.
Misinformation has been making the rounds across social media in the past few years. Fake news and stories are thriving beyond everyone's expectations. The scary part is that the rise of deepfakes is only going to amplify that by making the lies more convincing.
Fabricated deepfake videos can be weaponized against your company's reputation, which could have very real repercussions. It can affect your share value in the stock market, sow distrust with your clients, and can be used to extort you for money. Overall, it's a new tool a cybercriminal can use to harass and blackmail business owners like you.
How Can You Protect Against Deepfake Scams?
Unfortunately, there is still no easy and sure-fire way of spotting deepfakes. But that doesn't mean there's nothing you can do to prepare for the threat. Take a look at some precautions you can take that might help:
Raise Awareness Within Your Organization
The first step to combat deepfakes is by raising awareness within your organization. Everyone needs to know that this type of threat exists and how it can be used against you. Just knowing that information can already drastically improve your team's chances of spotting deepfake scams. Try to add it to your regular cybersecurity awareness training curriculum.
AI vs. AI
As they always say, fight fire with fire. AI can serve as the first layer of defense, detecting irregularities faster than humans can. However, it's important to understand that deepfakes had a head start. That means AI with the ability to spot them is going to need a bit more time to catch up. In fact, according to an article published in Scientific American, spotting deepfakes might be a job best done with humans still in the loop.
Add Layers of Protection
Let's say, for example, your boss calls you and asks you to transfer funds to a specified bank account. If you have policies like making all payments go through an approval process, then that would safeguard you from willingly wiring money to fraudsters. Adding extra security processes may not always be convenient, but they will stop scams like that in their tracks.
Ready to Protect Against Deepfake Attacks?
Deepfakes are the next cybersecurity epidemic to come out of the woodwork. They are difficult to spot and can enhance other scamming methods like phishing, social engineering, identity theft, manipulation of information, and more. Unfortunately, there's no sure solution against deepfakes as of yet. But there are things you can do to protect yourself, such as:
- Raising Awareness Within Your Organization
- Adding Layers of Protection
- Using AI
At ITS, we are dedicated to helping businesses protect their networks from the latest threats, including deepfake attacks, by sharing our insights. Learn more about emerging cyber threats like the Fast Quantum Ransomware Attack, which can be executed in under four hours.