Deepfake phishing: A new wave of cybercrime & how to protect yourself

Online phishing scams are getting scarier by the minute. Thanks to the rapid evolution of artificial intelligence, phishing attacks now have a new weapon: deepfake technology.
Can you imagine receiving a video call from the chief financial officer of your company asking you to transfer 25 million dollars? That’s what happened to a Hong Kong financial worker earlier this year. The video call was so realistic that the worker did not doubt anything and transferred the money without hesitation. But it wasn’t the CFO on the call. It was a deepfake, and the result was a multimillion-dollar loss for the company. Cybersecurity experts are now warning that cases like this are only the beginning, and more and more workers are at risk of falling victim to similar attacks.

But what exactly is deepfake phishing, and how can you protect yourself from these cutting-edge threats? By the end of this blog post, you’ll have all the answers—and the tools to stay one step ahead.

By Manar Sadkou
A person's hands typing on a keyboard with overlaid elements like programming code, binary numbers, hexagonal shapes, and a cityscape at night.
Don’t believe everything you see—deepfake scams are on the rise!

What is deepfake technology?

When AI is used to fabricate videos, audio, or images that mimic real people, this is known as deepfake technology. Machine learning techniques are used to collect data from the target person, and then create fake content. This content features a deepfake that closely resembles the person in appearance, voice, and even mannerisms.

In its early stages, this technology mainly targeted celebrities and public figures like Barack Obama. Back in 2018, a viral video produced by Buzzfeed used a deepfake of the former U.S. president to demonstrate how convincing the technology can be and warn the public about its potential dangers. If you’ve seen that video, you understand how alarmingly realistic deepfake footage can look. And with significant advancements in AI since then, deepfakes have become even more convincing. As this technology evolves, so does the need for vigilance and skepticism, especially when navigating content online.

What are deepfake scams?

Phishing scams are nothing new and you’ve likely come across one yourself in the past, whether it be through an email claiming you’ve won a prize, a text message warning of a suspicious login attempt, or even a fake phone call pretending to be your bank. Deepfake scams, however, have introduced an alarming twist on the classic scam, using videos, voices, or images that look and sound like real people to deceive people online. Because of the hyper-realistic nature of deepfakes, the victims find it difficult to distinguish between genuine and fake communications.

Once reserved for high-profile individuals, the technology has become more and more accessible in recent years, leading to a significant rise in the prevalence of deepfake scams. Whether it’s a CEO asking for a wire transfer, a loved one requesting money for an emergency, or a colleague requesting sensitive information, these convincing scams are blurring the line between what’s real and what’s fabricated. More people and businesses are therefore vulnerable to assaults that may result in monetary loss, data breaches, or even harm to their reputation.
 
 

3 real-world deepfake attacks examples:

  • The Fake Zelensky (2022): A deepfake video of Ukrainian president Volodymyr Zelensky urging Ukrainian soldiers to surrender to Russian forces circulated the web. The video was quickly debunked but not before being widely shared and leading to mass confusion. It was part of a broader disinformation campaign aimed at lowering morale and spreading chaos during the ongoing conflict with Russia.
  • The Voice Phishing Heist (2019): A German company lost around $243,000 and exposed sensitive data after an employee fell victim to a voice phishing scam. The fraudsters used sophisticated technology to convince the lower-level employee that the request for a large amount of money was urgent and came from the company CEO himself. Unaware that the voice he was hearing was in fact a deepfake, the employee then proceeded to transfer the funds to a criminal account set up by the scammers.
  • The Crypto Celebrity Endorsement (2022): Deepfakes of celebrity voices and faces promoting cryptocurrency schemes emerged tricking numerous victims into investing large sums of money. The digital currencies that the celebrities appeared to endorse were fraudulent, capitalizing on the trust fans place in public figures and widespread public interest in cryptocurrency. The deepfake videos featured well-known celebrities, like Elon Musk and Gordon Ramsay, whose reputations were also damaged as a result.


How to spot a deepfake scam

While deepfakes are designed to be as convincing as possible, there are still a few red flags you could look out for. Although they might not always be obvious, being aware of these signs can help you spot a deepfake phishing attack before it’s too late.
  1. Check the source: The first thing to do when you receive any unexpected communication should be to verify the source. This simple step alone can save you from making a dire mistake. If you don’t usually receive emails from the CEO or anyone in a similar position of authority, take a moment to confirm the legitimacy of the request. For more tips on this, check out our explainer on how to identify phishing links and fake sender addresses. As a general rule, when in doubt, always reach out directly to the person via official means, rather than responding to the suspicious message itself.
  2. Take a closer look at the video or audio: Although deepfakes have gotten quite sophisticated, there might still be slight imperfections. In videos, look for unnatural movements or expressions like odd blinking patterns, jerky movements, lip sync that doesn’t match the speech, unnatural shadows or lighting on the face, and distorted or unrealistic backgrounds. As for audio, look for voice inconsistencies like changes in tone that don’t match the speaker’s usual style, slight mispronunciations, unnatural intonations, a robotic or overly smooth delivery, and overall demeanor that doesn’t match the context (e.g., a person speaking calmly in a tense situation).
  3. Pay attention to inconsistencies: Deepfake scams often contain subtle mistakes. If you receive a video or audio message, pay close attention to what the person is saying and analyze the content for anything that feels off. They might reference false information, mispronounce the name of a colleague, or describe a situation that doesn’t quite add up. These signs can indicate that the message may not be authentic even if it appears to come from a familiar source.
  4. Be skeptical of urgency: Most scams try to create a false sense of urgency to get the victim to act quickly and without fully thinking things through. If someone is pressuring you to take immediate action, it’s always advised to take a moment to reassess the situation before proceeding. A slight pause to verify the authenticity of the request can save you from falling victim to a deepfake attack.
  5. Use tools to detect deepfakes: As deepfake technology advances, tools to detect it are advancing at the same time. There are now platforms available like Microsoft’s Video Authenticator, Deepware Scanner, and others which are capable of identifying manipulated content. So, if you see something suspicious and have access to any of these detectors, running it through one of them can provide insights into its authenticity. While these tools are not foolproof, combining them with vigilance and skepticism can significantly reduce your risk.
The risk of monetary loss, harm to one's reputation, and the spread of false information increases as deepfake scams get more sophisticated. That’s why our best defenses in this ever-changing digital environment are awareness and preparedness. Remember that a moment of critical thought and examination can make all the difference, regardless of how realistic anything seems. Stay informed, stay cautious, and stay ahead of the scammers!

If you found this article helpful, leave us some feedback below. And if you’re still looking for a secure email account, why not sign up for free today?

Images: 1&1/Shutterstock

126 people found this article helpful.

Related articles

I know where you live: Creepy scam emails with personal details

What does a phishing link look like? How to check links safely

Unsubscribe email scam: How to protect yourself