What is a deepfake?

Deepfakes are fictional depictions of people or events, usually (but not always) in the form of video’s or images.

What types of deepfakes are there?

Textual: fake but convincing written word.

Video and Image: Replacing a person in an existing video or image with someone else’s likeness.

Audio: Cloning and imitating a voice using machine learning.

Social Media: Fake internet profiles creating a non-existent character.

Real-time: Live video calls using software manipulation and AI.

The danger of deepfakes

Some of the dangers are obvious. The risk of fraud - you think you are speaking to a trusted individual on the phone or in a video call and give them some sensitive information or take an action such as making a payment, thinking you are obeying your superior. One instance of this working successfully for the cyber criminals was when a UK-based energy firm was targeted. The CEO transferred approximately $243,000 to the criminals. They recognised the tone of voice and slight German accent of their boss not realising they were becoming victim of a deepfake attack.

Criminals are now using deepfakes to create “employees” for remote-working positions. It is thought that the criminals are impersonating real people, harvesting their details and using a photo to create a video likeness. By doing this they can gain access to company files and information.

There’s also the risk of reputational damage to businesses.

Other dangers are that deepfakes are used to create fake news or information causing people to act on disinformation.

With the advancement of technology deepfakes are becoming increasingly difficult to tell from reality. Along with the technological advancement, there are new forms of deepfakes arising such as aerial image manipulation which presents commercial risks as they are often used for digital mapping, and guiding investments.

How to defend against deepfakes

As the deepfakes become more sophisticated, so will efforts to identify and protect against them. Perhaps multifactor identification to allow admittance to video meetings, watermarking and fingerprint methods to prove the origin of content.

Until these extra layers of security come into play what can be done? Training for your employees is essential. Make them aware of technics used and keep the training up-to-date. It’s not a one time thing. There are training tools and resources out there, or your IT support provider may give training sessions and updates.

However, training alone is not enough. Your organisation must have certain controls in place such as multiple layers of approval necessary for transactions.

If you want cyber security training for your team, give us a call on 01732 243100 or drop us a message.

October 19, 2022 — Paul Stanyer