The Dangers of Deepfake and How to Protect Against It [Updated]

Editor's note: This post was originally published on August 16, 2022 and has been revised for clarity and comprehensiveness.

If I told you ten years ago that artificial intelligence (AI) would be so advanced, it would allow someone on the internet to take on another person's face in real time – you wouldn't have believed me. It treads the realm of science fiction with a little bit of horror mixed in. 

 To give you a better picture, imagine video chatting with one of your business partners, except it's not really them. You are actually talking to a cybercriminal using a computer-generated face that looks just like your boss or colleague. Now, take an honest look at how dangerous that conversation could be for your business. The imposter might ask you to discuss sensitive matters, or ask you to send important files, and so on. 

That is the cybersecurity threat presented by deepfakes, and malicious actors are already employing those methods today. Who would have thought that the future of cybercrime would be staring us right in the face? It's a frightening technology, especially when you think about the possibilities. Thankfully, you're reading this article right now, and raising awareness is the first step to combating this new threat. 

Intelligent Technical Solutions (ITS) is a managed security service provider (MSSP) that provides advanced cybersecurity services for small to midsize businesses. Our team is dedicated to raising awareness and sharing our insights on the latest cyber threats like deepfakes, so you can prepare for them. In this article, we'll dive into the dangers of deepfakes by discussing the following topics: 

• What are Deepfakes? 
• What Dangers Do Deepfakes Pose for Your Business? 
• How can You Protect Against Deepfake Scams? 

What are Deepfakes? 

A deepfake is a portmanteau of "deep learning" and "fake." It refers to synthetic media in which a person depicted in existing audio, image, or video is replaced with someone else's likeness or voice. That is done with advanced machine learning technology that can learn a subject's face and voice, allowing another person to impersonate that subject in real-time. 

If you've ever used a face filter on a mobile app, you already have a general inkling of how that works. The only difference is that instead of overlaying silly graphics and squeaky voices on your video, deepfakes allow you to virtually impersonate another person on camera. 

What Dangers Do Deepfakes Pose for Your Business? 

As we've mentioned earlier, deepfake attacks are already happening. Cyber actors are already employing the technology, and they're only getting better at it. Take a look below at some examples of how attackers can use deepfakes against you: 

1. Identity Fraud 

If you have ever had to do online identity checks, then you have your work cut out for you, thanks to deepfakes. From voice calls and video calls, all of it can be faked in real-time. What's worse is that the technology is advancing at break-neck speeds, making it harder to spot a digital forgery. It presents a massive hurdle for financial institutions and similar organizations that need to conduct background and identity checks for transactions.

One of the scariest examples of deepfakes being used for identity fraud happened in 2024. An employee of a multinational finance company in Hong Kong received an email from their UK-based Chief Financial Officer (CFO) asking him to wire funds for a secret transaction. The employee was rightfully suspicious and asked the executive to make the request in person. The fraudster, however, sent him a reply stating he was out of the office but that he could make the request via a video conference call. 

When the victim joined the multi-person call, he saw people he knew from the office and the CFO requesting him to make the transfer. Everyone on the call looked and sounded like people the victim knew. Convinced the request was genuine, he transferred $25.6 million. Unfortunately, he would later find out that everyone in that call was generated using deepfake technology. He was duped into sending millions to a cybercriminal.  

2. Enhanced Social Engineering 

Imagine getting on a Zoom call with a candidate applying for one of your remote positions. They seem like a good fit, so you give them the role along with the necessary access that comes with it. The problem is that the candidate is an imposter who took over someone else's identity. Now, that person has access to sensitive data and company assets, and you are none the wiser. 

It may sound unreal. However, cases have been rising to the point that three federal agencies (NSA, CSI, and CISA) jointly released a Cybersecurity Information Sheet (CSI) titled Contextualizing Deepfake Threats to Organizations, warning organizations against said scams. 

3. Deepfake Phishing Scams 

A comprehensive analysis from IBM in 2023 revealed that 16% of company data breaches directly resulted from a phishing attack. It proves just how effective that type of scam already is, and deepfakes are taking it to the next level. Just imagine how much more convincing cybercriminals can be with the technology.  

To give you a better idea of the threat, let's take a look at one high-profile example of a deepfake attack. In 2019, cybercriminals used deepfake phishing to trick the CEO of a UK-based energy firm into transferring them $243,000. The cyber actors utilized AI-based voice-spoofing software to impersonate the head of the firm's parent company and convinced the CEO that he was speaking with his boss. 

Whether it's coercing members of your team to transfer sensitive data, login credentials, or funds, phishing scams are now even more effective thanks to deepfakes.  

4. Spreading Misinformation 

Misinformation has been making the rounds across social media in the past few years. Fake news and stories are thriving beyond everyone's expectations. The scary part is that the rise of deepfakes is only going to amplify that by making the lies more convincing. 

Fabricated deepfake videos can be weaponized against your company's reputation, which could have very real repercussions. It can affect your share value in the stock market, sow distrust with your clients, and can be used to extort you for money. Overall, it's a new tool a cybercriminal can use to harass and blackmail business owners like you. 

How Can You Protect Against Deepfake Scams? 

Unfortunately, there is still no easy and sure-fire way of spotting deepfakes. But that doesn't mean there's nothing you can do to prepare for the threat. Take a look at some precautions you can take that might help: 

1. Raise Awareness Within Your Organization 

The first step to combat deepfakes is by raising awareness within your organization. Everyone needs to know that this type of threat exists and how it can be used against you. Just knowing that information can already drastically improve your team's chances of spotting deepfake scams. Try to add it to your regular cybersecurity awareness training curriculum. 

2. Use AI vs. AI 

As they always say, fight fire with fire. AI can serve as the first layer of defense, detecting irregularities faster than humans can. However, it's important to understand that deepfakes had a head start. That means AI with the ability to spot them is going to need a bit more time to catch up. In fact, according to an article in Scientific American, spotting deepfakes might be a job best done with humans still in the loop. 

3. Add Layers of Protection 

Let's say, for example, your boss calls you and asks you to transfer funds to a specified bank account. If you have policies like making all payments go through an approval process, then that would safeguard you from willingly wiring money to fraudsters. Adding extra security processes may not always be convenient, but they will stop scams like that in their tracks. 

Ready to Protect Against Deepfake Attacks? 

Deepfakes are the next cybersecurity epidemic to come out of the woodwork. They are difficult to spot and can enhance other scamming methods like phishing, social engineering, identity theft, manipulation of information, and more. Unfortunately, there's no sure solution against deepfakes as of yet. But there are things you can do to protect yourself, such as: 

• Raising awareness within your organization 
• Adding layers of protection 
• Using AI 

At ITS, we are dedicated to helping businesses protect their networks from the latest threats, including deepfake attacks, by sharing our insights. Reach out to us to get a free network assessment; we’ll help you understand and improve your security posture. 

You can also learn more about emerging cyber threats like the Fast Quantum Ransomware Attack, which can be executed in under four hours, by visiting our Learning Center.