Get Ready: Deepfakes Are Showing Up in Cyberattacks


By now, everyone is familiar with fake news—the practice of deliberately placing legitimate-seeming false stories on digital media with the intent to sow confusion, cause fear, and manipulate public opinion. But get ready, because fake news is just the beginning. The next evolution of digital disinformation—deepfakes—is already here, even showing up in cyberattacks on businesses. Here’s a brief introduction to deepfakes, what they are, how they’re being used, and how to prepare for them.

What Are Deepfakes?

A deepfake is a video that shows people saying or doing things they never actually said or did. Although it’s a clever forgery, a deepfake looks realistic enough to confuse or mislead the people who watch it. Deepfakes have already become popular in the entertainment realm, and plenty of apps enable amateurs to create a deepfakes of their very own—hopefully just for some well-meaning satire everyone can enjoy. Though creating a sophisticated deepfake is beyond the reach of most people for the moment, it won’t be long before the technology to do so is widely available. When that day comes, bad actors will have access to the ideal tools they need to deceive their intended victims.

If you watch The Expanse, then you may already have seen a deepfake in action. On that show, we see a forged video of a key character saying something incredibly controversial and provocative. Once the video is broadcast, it provokes considerable backlash and distrust—even causing the character’s own friends and comrades to doubt him. Because video creates the impression of authenticity in a way that no other media can, it takes quite some time for the character to clear his name. This, of course, suits the agenda of the shadowy agents behind the deepfake quite well. Sadly, it’s not hard to imagine this scenario playing out in the real world.

Deepfakes Are Already Showing Up in Cyberattacks

Deepfakes would be all well and good if they were confined to the sci-fi shows we watch, but they’re already going viral on social media and becoming more sophisticated all the time. According to a recent report from CNBCOpens a new window , we may see perfectly realistic deepfakes arrive within six months to a year from now. While this development has troubling implications for the upcoming U.S. presidential election, technology professionals and business owners also have cause to be concerned. In fact, deepfakes are already being used in successful cyberattacks on companies.

As The VergeOpens a new window reports, a malicious attacker using deepfake software recently convinced an executive at a UK energy supply company to wire about $220,000 to a Hungarian supplier. The unwitting executive was persuaded to do so based on a fake phone call that brilliantly simulated his boss’s voice—right down to the German accent. According to Symantec, that’s not even the first time this kind of exploit has taken place. Another one has apparently already resulted in the theft of millions of dollars.

Prepare Your Business for Deepfakes Now

Given how quickly and dramatically attackers could enrich themselves with well-targeted deepfakes, particularly during this early period while most users are unaware that this technology exists or that it is being deployed in cyberattacks, businesses should begin educating their employees about this new threat now.

As with threats like chief executive officer fraud via email phishing attacks, verifying that a request involving a financial transaction of any kind is confirmed directly with the person from whom the message appears to have been sent is important. As CSO OnlineOpens a new window reports, people or software solutions can spot common signs of a deepfake, like a lack of eye blinking or shadows that look out of place. That said, authenticating videos to definitively prove their veracity might soon be difficult. Although the Defense Advanced Research Projects Agency researchers are working on the problem, they are not sure that they will ultimately be able to solve this challenge.

For now, you can protect your business from this emerging form of cyberattack by keeping yourself up to date on how deepfake exploits are evolving. Meanwhile, it’s a good idea to teach your users what a deepfake is and how to respond if they receive a video or audio communication that they think might have been forged. That way, when a deepfake arrives at your company, your colleagues will be better prepared to view the message it contains with a critical and educated eye.