Deepfake Phishing: what to do when the fraudster assumes a trustworthy identity?

Deepfake Phishing: what to do when the fraudster assumes a trustworthy identity? 

Deepfakes, using advanced artificial intelligence techniques, are becoming a dangerous weapon in the hands of hackers.  

A recent study revealed that these ultra-realistic manipulations of videos, images and audio are increasingly being used to gain unauthorized access to banking applications.  

The situation is even more worrying when we discover that banks are already losing 20% of their online revenue due to fraud and Brazil leads the statistics in Latin America, with losses estimated at a staggering R$60 billion a year due to crimes related to identity theft. 

Faced with this frightening reality, the question remains: are you really prepared to face Deepfake Phishing and protect your digital assets? 

What is deepfake phishing?

Deepfake phishing is a phishing technique that uses deepfakes, which are fake content generated by AI, to trick victims.  

Scammers create fake videos, images or audios of famous people or authorities to ask for confidential information or payments.  

Many cybercriminals take advantage of the technology to create fake content that uses the voice or image of CEOs and high-ranking executives asking employees to make urgent financial transfers, for example. 

In this way, employees think they are only complying with a request from their boss, but in reality they are being manipulated by criminals to harm the company they work for. 

Another example is fake videos of famous people, such as politicians or celebrities, promoting fraudulent investment schemes, fake cryptocurrencies or other scams, used to manipulate victims into believing that the opportunity is legitimate. 

The demand for deepfakes is already greater than the supply available on the Darkweb. Currently, cybercriminals charge between R$300 and R$100,000 for this type of content, which is becoming increasingly realistic and easier to produce, making it a growing threat to citizens and companies. 

How does it work?

Deepfake phishing works as follows: initially, the scammers spread the fake content via email, SMS, social networks, messaging apps, etc. They often imitate the legitimate sender, with the victim's bank or company details, in order to appear authentic. 

In order to convince their targets to carry out the requested actions, cybercriminals use psychological and social engineering tactics. 

In other words, deepfake videos are designed to manipulate victims' emotions and behavior. Among the triggers used, the most common are: 

  • Authority: they use deepfakes of people in positions of authority, such as CEOs, police officers or rulers, to gain the victim's obedience; 
  • Scarcity: they say that the person needs to act quickly to avoid losing funds, closing the account or other negative consequences. This increases the sense of urgency; 
  • Threat: they threaten their targets with fines, charges or other punishments if they don't provide information or payments. This triggers fear and anxiety; 
  • Trust: deepfakes that imitate brands or people familiar to the victim, such as their bank or politicians, generate trust in the scam. She believes the video is legitimate. 
  • Reciprocity: they ask for a small favor, such as providing part of the information requested, which can lead the victim to reveal more out of reciprocity.  

If the psychological tactics work, the requested information will be provided, such as passwords, financial data and other confidential details.

Risks and impacts of deepfake phishing 

These cyber attacks present a number of risks and threats to companies and ordinary people. Among the main ones, we highlight the following: 

Threat to security and privacy 

Deepfake phishing can lead victims to provide confidential information such as passwords, financial data and personal information. 

This allows scammers to access accounts, steal identities and commit fraud. 

Financial damage

Victims can lose money by transferring funds to scammers or investing in fraudulent schemes promoted by deepfakes.  

Criminals can also use illegitimately obtained information to steal funds from their target's accounts. 

Damage to reputation

Deepfakes that impersonate people or brands can be used to spread disinformation and affect the reputation of companies and individuals.  

For example, a deepfake of a CEO falsely announcing mass layoffs or financial problems could damage the company's reputation.  

Legal responsibility

Organizations can face legal regulatory consequences for deepfakes that involve their brand or impersonate employees.  

This can include fines for data privacy violations or other security breaches.  

People who have been affected can also sue organizations whose systems or data have been compromised in a deepfake phishing attack. 

How to protect yourself?

To protect yourself against this type of attack, there are some tactics you can exploit. We've listed some tips for you. Check them out below: 

Check the source

Always check the source of any video or audio you receive. Be wary of material sent from unknown or unreliable sources.  

Also look for signs of editing or manipulation, such as inconsistencies in the image, audio or behavior of the people in the video. 

Another alternative is to access fact-checking bodies such as FactCheck.org. Created in 2003 by the University of Pennsylvania, this independent organization focuses on fact-checking, especially in political news. It also covers other relevant topics, such as health and science. 

Validate information through multiple channels 

If you receive suspicious information or requests, especially those involving financial transactions, check them through other communication channels.  

Contact the person or organization directly by phone or in person to confirm authenticity. 

Keep up to date with security measures 

Install and keep up-to-date reliable antivirus software on your devices. 

Also make sure that your operating system, applications and browsers are updated with the latest security updates. 

Be careful when clicking on links or opening attachments 

Avoid clicking on links or opening suspicious attachments in emails, messages or any other form of communication.  

Check e-mail addresses and URLs carefully before clicking on them, especially if they contain confidential information. 

Strengthen your passwords and authentication 

Use strong, unique passwords for each account and activate two-factor authentication whenever possible.  

This adds an extra layer of security, because even if your credentials are compromised, an additional code will be needed to access your account. 

Technological developments and the fight against deepfake phishing 

Technological development to combat deepfakes has become an area of intense research and innovation.  

Advances in machine learning, computer vision and image processing have led to the development of increasingly sophisticated algorithms and tools capable of detecting and authenticating manipulated content.  

These advanced algorithms and artificial intelligence are being used to detect deepfakes more accurately. In addition, digital signatures and invisible watermarks can be applied to verify the authenticity of content.  

Collaboration between sectors, such as technology companies and academic institutions, has been fundamental in this fight. Publiceducation and awareness are alsobeing prioritized so that people can identify and avoid these threats. 

However, it is important to note that criminals are adapting, making it necessary to maintain ongoing efforts in this area. 

Investing in security technologies for your company is always the best way to avoid falling victim to scams such as deepfake phishing. To find out more, contact ISH

Tags: , , , ,

Leave a Comment

Your e-mail address will not be published. Required fields are marked with *

Copyright © 2022 ISH Tecnologia, All Rights Reserved.