Deepfakes: Can You Trust What You See?

With hackers having easy access to AI, we can never be sure whether what we are seeing is true or not. We live in an age where information can be easily manipulated so it is critical to learn how to identify and counter these fakes. 

“So what are Deepfakes?”

Deepfakes are a type of AI-generated media that can take the form of videos, images, text, sounds, and more where the aim is to create an original form of media. Deepfake content is typically generated using a form of machine learning called “deep learning” which teaches computers to process data in a way that is inspired by the human brain. Recent headlines have included deepfakes of musical artists’ likeness and the music itself. Musical artist Jay-Z sued YouTube for allowing AI-generated music matching his voice to be uploaded to the site. While AI and machine learning technology have advanced in capabilities, its sudden growth may be more due to its affordability and accessibility. Most people with internet access can create deepfakes with little effort.

“Can deepfakes be used to launch  a cyber attack?”

Hackers are always on the prowl and ready for any opportunity to launch a  cyber attack on unsuspecting victims. With the rise and ease of use of deepfake AI technology, it is likely that hackers will add deepfakes to their arsenal. There have been examples all over social media of things such as smearing campaigns, where hackers use a deepfake video or audio to discredit someone by making them look like they said something that they in fact never did. Attacks like these damage the victim's reputation and sow distrust. If the victim is an elected official or someone of influence, a deepfake could mean losing their supporters. 

Another way that hackers could use deepfakes to their advantage is if they falsify documents by impersonating a victim. Historically, impersonation required more effort and even physical theft of someone's identification or documents, but deepfakes make this unnecessary. One example of this is making fake passports with deepfake photos, which can then be used for criminal activity. 

Two other common  cyber attacks that can be enhanced with the use of deepfakes include phishing and social engineering. Scammers could use deepfakes to create more authentic-looking emails or messages, avoiding many of the “tells'' of normal phishing emails. Deepfakes could also add authenticity to social engineering campaigns, allowing scammers to impersonate an employee or supervisor of their target more easily. This could be used to trick a victim into giving personal or company information to the scammer via email, over the phone, or even a video call. This type of attack was possible before, but using deepfakes will most likely result in a higher success rate. 

“Wow. So how can I spot a deepfake? 

Distinguishing genuine digital media from what was AI-generated takes vigilance. There are many methods to determine the legitimacy of a piece of media, many of which focus on spotting inconsistencies or anything unnatural. Focusing on an AI-generated face is a great first step - the eyes, lips, and nose may shift unusually while talking. AI-generated people may also lack depth or definition, shadows, and more. When it comes to identifying the legitimacy of a phone call or email, the same prevention and detection techniques for phishing and social engineering can help prevent a successful  cyber-attack.

Not sure if your employees are prepared to identify and prevent attacks using deepfakes? Hive Systems offers simulations through our managed phishing simulation platform, ePHISHiency, as well as cybersecurity awareness training to help make your environment more secure. Click the button below to learn more.

Follow us - stay ahead.

Read more of the ACT