The future of phishing attacks is getting closer and closer. Deepfake technology has been around in some form or another for a while, but we expect it to become a bigger phishing problem soon. But what is a deepfake?

 

In a nutshell, a deepfake is a piece of video or audio content that has been manipulated with AI, this could be a video of someone with your face over that person or an artificial voice that sounds like you. As you can imagine, the possibilities for attackers are near endless.

 

Impersonation attacks via email can be convincing already. Attackers scour social media and gather publicly available information to make these emails highly believable, picking up on signoffs, signatures, chains of command, communication style, and even quirks of phrase. Adding a deepfake of voice messages or even a video meeting would take these attacks to the next level.

 

Examples of these kinds of attacks are already around. In 2019 AI was used to mimic the voice of a German company CEO and trick an employee at another business into transferring funds to the wrong bank account. Cybercriminals managed to steal almost £250,000 from a UK-based energy company with the scam. The victim said it sounded just like the CEO, even some of the quirks he spoke with like his slight German accent.

 

Deepfakes sound complicated and hard to make, but they’re surprisingly easy for non-experts to make. The tech is legal to buy, available now, and is only getting better with time and resources. It’s likely the only way to stop deepfakes will be to use AI recognition to detect if AI has been used.

 

Until AI detection software is widely available to the public, and the public awareness of Deepfake threats is made, criminals will likely get more and more success using Deepfake scams as the technology evolves and improves.

 

When requested to send large amounts of money to accounts, it is best practice to be extra cautious and run through some security checks first. Cyber Wise recommends a second communication to confirm any form of money transfer. E.g., if you receive an email or call requesting the transfer of money, you should call the requestee back using a number you have for the contact.

 

If you would like to discuss further the best practices for confirming money transfers or wish to learn more about how Cyber Wise can help, please contact us.