Phishing Is So Easy That Deepfakes Aren’t Really a Security Threat

No need to fake video footage: It turns out "people will give up info if you just ask nicely."

Deepfakes — digitally altered video footage that can impersonate someone else — have been around for years. With the right technology, a scammer could pretend to be a company's CEO and ask an employee for the passkey to all their assets.

So why haven't we seen a wave of hackers doing just that? According to one security expert, it's because phishing scams work just fine without adding the hassle of a deepfake. Scammers just can't be bothered.

It's another reminder that cyberattacks are all about ease of access. Studies show the rise of remote work has led to a surge in phishing and ransomware attacks, but a few safety measures can do a lot to deter many attackers.

Deepfakes: “We Aren't Seeing a Lot”

John Shier, a senior security adviser at UK-based infosec company Sophos, has weighed in on the potential threat of deepfakes when it comes to business security. And it's relatively good news: We don't really need to worry about them.

“The thing with deepfakes is that we aren't seeing a lot of it. People will give up info if you just ask nicely” –Shier

Phishing emails or other social engineering attacks don't rely on new technology, and it makes sense. Convicing deep fakes require knowledge of the mannerisms and the voice that must be mimicked as well as the visuals.

Ultimately, all most successful phishing attacks really need is an official-looking email template and a one of the oldest technologies out there: Lying really well.

Bad Actors Might Use Deepfakes in Romance Scams

Despite the fanfare about the dangers of fake AI-generated realities, deepfakes haven't yet left much of an impact on the world beyond cyber-harassment and a few curios like Billie Eilish replacing Judy Garland in a 1940s movie or a fake version of Tom Cruise getting on TikTok.

But while hackers aren't jumping at the chance to start deepfaking Fortune 500 execs, they might be able to find an easier way to use deepfakes: Romance scams.

According to Shier, romance scammers might be interested in crafting an all-new persona that suits their purposes. If the AI behind deepfakes can be replicated at scale, romance scammers could pose a whole new threat.

Staying Safe Online

Notice the use of “if” in that last sentence, though. The bottom line is that deepfakes have yet to reveal their full potential, assuming they have any.

“AI experts make it sound like it is still a few years away from massive impact,” as Shier puts it. “In between, we will see well-resourced crime groups executing the next level of compromise to trick people into writing funds into accounts.”

While you're waiting to find out, however, we recommend getting your employees a training session on phishing and a high-quality password manager. Deepfakes aren't a big threat, but phishing attacks are.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Adam is a writer at and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Building a Website? We've tested and rated Wix as the best website builder you can choose – try it yourself for free Try Wix today