The Rise of Deepfake Fraud

Imagine receiving a video call from your best friend, who is asking for your help. They claim to be in trouble and urgently need you to wire them some money. You're inclined to help, but something about their voice and mannerisms seems off. They're speaking slower than usual, and their face appears to be digitally distorted.

Unbeknownst to you, this is not actually your friend. It's a deepfake - an AI-generated video that convincingly mimics someone's appearance and voice. Scammers have hijacked your friend's social media accounts and used them to harvest enough personal information to create a realistic deepfake. By the time you realize the call is a fraud, it's too late.

This scenario may sound far-fetched, but it's becoming an increasingly common form of cybercrime. Deepfake fraud is on the rise, and it's posing a significant threat to individuals and businesses alike.

The scale of deepfake fraud is difficult to measure precisely, as many incidents go unreported or are not recognized as deepfakes. However, here are some examples of confirmed cases:

• In March 2019, the CEO of a UK-based energy firm received an urgent phone call from his boss, the CEO of the German parent company. The German CEO instructed him to transfer €220,000 to a Hungarian supplier immediately. The UK CEO obliged, but soon after realized that the call was a deepfake. The money had already been withdrawn from the Hungarian bank account, and the scammers were never caught.
• In December 2019, a social media influencer in Brazil had her Instagram account hacked and used to post deepfake videos promoting a fraudulent cryptocurrency scheme. The videos featured the influencer talking animatedly about the supposed benefits of the scheme, but in reality, her face and voice had been manipulated.
• In June 2020, a UK-based energy company fell victim to a deepfake voice scam that cost them £200,000. The scammers used AI-generated audio that imitated the CEO's voice to persuade the company's finance chief to transfer the funds to a Hungarian supplier. The company was able to recover a portion of the money, but not all of it.

Protect Yourself from Deepfake Fraud: How to Spot the Fakes and Stay Safe

Three Key Takeaways

1. Be skeptical of unsolicited requests for money or sensitive information, especially if they come via video or audio chat. Verify the identity of the person using another form of communication.
2. Pay attention to subtle clues that a video or audio recording may be a deepfake, such as discrepancies in facial expressions, voice tone, and eye movements.
3. Stay informed about the latest trends and technologies in cybersecurity, and take steps to protect your personal and business data against potential threats.

and Case Studies

One individual who fell victim to a deepfake scam is John, a small business owner in the US. He received a phone call from someone claiming to be the manager of his bank, who told him that his account had been compromised and he needed to transfer his funds to a new account for safekeeping. The caller even knew John's account number and other personal details, but John became suspicious when the caller insisted on doing the transfer via video chat.

"I could tell something wasn't right," John says. "The person's face wasn't quite right, and their voice seemed a bit robotic. I asked for more information about the transfer, and the caller hung up. I later found out that there had been similar scams targeting other small business owners in my area."

Another case involves a large multinational corporation that was hit by a deepfake phishing attack. The scammers created a realistic deepfake video of the CEO, who appeared to be giving a speech at a company event. The video urged all employees to click on a link to a supposedly important document, but the link actually led to a phishing site that harvested login credentials.

The incident was uncovered after an astute employee noticed some irregularities in the CEO's speech patterns. The company quickly launched an internal investigation and found that several employees had already fallen for the phishing scam. They promptly changed all passwords and implemented additional cybersecurity measures.