Deepfakes — digitally altered video footage that can impersonate someone else — have been around for years. With the right technology, a scammer could pretend to be a company's CEO and ask an employee for the passkey to all their assets.
So why haven't we seen a wave of hackers doing just that? According to one security expert, it's because phishing scams work just fine without adding the hassle of a deepfake. Scammers just can't be bothered.
It's another reminder that cyberattacks are all about ease of access. Studies show the rise of remote work has led to a surge in phishing and ransomware attacks, but a few safety measures can do a lot to deter many attackers.
Deepfakes: “We Aren't Seeing a Lot”
John Shier, a senior security adviser at UK-based infosec company Sophos, has weighed in on the potential threat of deepfakes when it comes to business security. And it's relatively good news: We don't really need to worry about them.
“The thing with deepfakes is that we aren't seeing a lot of it. People will give up info if you just ask nicely” –Shier
Phishing emails or other social engineering attacks don't rely on new technology, and it makes sense. Convicing deep fakes require knowledge of the mannerisms and the voice that must be mimicked as well as the visuals.
Ultimately, all most successful phishing attacks really need is an official-looking email template and a one of the oldest technologies out there: Lying really well.
Bad Actors Might Use Deepfakes in Romance Scams
Despite the fanfare about the dangers of fake AI-generated realities, deepfakes haven't yet left much of an impact on the world beyond cyber-harassment and a few curios like Billie Eilish replacing Judy Garland in a 1940s movie or a fake version of Tom Cruise getting on TikTok.
Here’s the crazy thing about this Tom Cruise deepfake….
This isn’t even a super high quality deepfake and I’m willing to bet that it could fool most people.
Now imagine the quality of deepfake a government agency could produce.https://t.co/wMFMarEtAi pic.twitter.com/CjTxnNv2XI
— Yashar Ali 🐘 یاشار (@yashar) February 26, 2021
But while hackers aren't jumping at the chance to start deepfaking Fortune 500 execs, they might be able to find an easier way to use deepfakes: Romance scams.
According to Shier, romance scammers might be interested in crafting an all-new persona that suits their purposes. If the AI behind deepfakes can be replicated at scale, romance scammers could pose a whole new threat.
Staying Safe Online
Notice the use of “if” in that last sentence, though. The bottom line is that deepfakes have yet to reveal their full potential, assuming they have any.
“AI experts make it sound like it is still a few years away from massive impact,” as Shier puts it. “In between, we will see well-resourced crime groups executing the next level of compromise to trick people into writing funds into accounts.”
While you're waiting to find out, however, we recommend getting your employees a training session on phishing and a high-quality password manager. Deepfakes aren't a big threat, but phishing attacks are.