If you are unaware of the term, a Deepfake, also referred to as synthetic content, is a fabricated audio/video file or photograph created and distributed for deception. To many, a deepfake is seen as a harmless prank or goof. Popular deepfakes are always floating around the internet and social media, poking fun at celebrities or politicians. But cybercriminals are jumping on the deepfake bandwagon in an effort to use the technology to increase the success rate of their scams.
This threat became realized when a victim wired away almost $250,000 after believing he was speaking with his boss. The audio file used was a computer-generated deepfake clip that was created to mimic the boss’s accent and speech pattern. Through consistent training, it should become easier to spot the potential phishing emails being crafted, but deepfakes pose a much greater risk.
Cybercriminals know to be successful in their attack, they must gain your trust. Deepfake audio and video files can elevate these scams by leveraging the voice or visual appearance of a person you trust. Government agencies have recognized the threat of deepfakes pose and have issued guidance on spotting these scams. One tip is to slow down and not feel rushed into action. Scammers use the sense of urgency frequently in their scams hoping that by not giving their victim time to properly vet the request or the requestor, their scam will be successful. Also, be sure to follow the “trust but verify” method before completing an action that is out of your typical routine.
Deepfakes can be very convincing, so we can’t solely rely on what we think was our boss telling use to do via a video or audio recording. If the action they are requesting seems out of the ordinary, follow up with your supervisor, IT or contact the initial requestor directly using a secure channel. Also try listening or looking for certain cues of a fake, such as unnatural movement or blinking, irregular speech cadence, or low-quality audio/visuals.