If you’ve heard the word “deepfake” rolling around recently and haven’t been able to decipher exactly what it means, here’s an example.
In the following video, David Letterman interviews SNL star and comedian Bill Hader, who tells a story about a run-in with actor Tom Cruise. But you’ll notice as the video progresses and Hader begins to impersonate Cruise, Hader’s face seamlessly transforms into Cruise’s, and then later into actor Seth Rogan’s face, starting around 55 seconds.
While this particular deepfake video is intended to amuse, others have less benign goals.
A deepfake is an image or a video manipulated online with machine-learning software to make them seem realistic. Deepfakes have become more and more advanced within the last few years, making them more difficult to pick out with the naked eye.
According to CNBC in September 2019, deepfake pioneer Hao Li asserted that deepfake images and videos that appear “perfectly real” will be accessible to everyday people in “half-a-year to a year.”
Deepfakes are particularly troubling in 2020, considering it’s an election year in the United States. Alvin Rodrigues, senior director and security strategist for Asia Pacific at Forcepoint, told CNBC that, “we can expect deepfakes to be leveraged as a tool to discredit electoral candidates and push inaccurate falsehoods to voters via social media.”
But while deepfakes are concerning on a larger, socio-political level, they should also be a concern for business owners whose financial assets and personal information could be at risk.
How Deepfakes Attack Businesses
Deepfake technology has been used in a variety of ways to target people from all walks of life. Not only have they been used to create fake images and videos of celebrities and politicians, they’ve also been used to defraud business and steal their money. For example, in late 2019 a German energy company was scammed out of $220,000 after a deepfake was able to mimic audio to create the voice of a high-level executive demanding immediate payment.
“The software was able to imitate the voice, and not only the voice: the tonality, the punctuation, the German accent,” a spokesperson for the company’s insurance provider told The Washington Post. Not only was the audio recreated perfectly, but the phone call was matched along with a deepfake email that mimicked the targeted executive, adding another layer of legitimacy.
After such a successful deepfake fraud of this magnitude, other attacks will inevitably follow through other means, including:
- Phishing attacks, where fake images, audio or videos could encourage people to share sensitive data online. Deepfakes can easily lull a user into a false sense of security by imitating a colleague, family member or someone in a position of power.
- Social engineering, where deepfakes are used to create new personas or copy real ones.
- Market disruption due to fake and altered images of stock market numbers and statistics.
- Blackmail and extortion through manipulated images and videos of employees or employers in compromising situations, forcing victims to pay a certain ransom to ensure such content won’t be released.
It’s important to have systems in place to reduce the likelihood of you or one of your employees being scammed by a deepfake. Steps to creating this system include:
- Making sure all users on your accounts, social media platforms and website are verified, and have two-factor identification to increase security.
- Limiting access to these accounts to only necessary employees can also decrease the chances of lesser-informed employees getting duped by deepfakes.
- Ensure that your employees have been trained (or have access to training on) cybersecurity. This type of training can cover scenarios that deepfakes prey on, such as fielding fake phone calls or emails from people posing as higher-up executives or leaders.
- Using artificial learning and machine learning tools to your advantage to discover if a device or application has been compromised. In many cases, the same deep learning algorithms that are used to create deepfakes can also be trained to find signs that an image or a video has been altered.
By understanding the capabilities that cybercriminals have when it comes to creating deepfakes, you can stay vigilant when it comes to avoiding potential threats.
Spotting a Deepfake
Now, knowing what kind of deepfake scams could come into your inbox or messages is half the battle. The next obstacle is being able to detect a deepfake when you see (or hear) it.
In studies done to examine the telltale signs of a deepfake, here are a few patterns and flaws to keep in mind.
- A person in a potential deepfake video may have unnaturally smooth skin or a slightly off skin tone, and also may not be blinking at a normal rate.
- A person’s head position is unnatural, and the borders of their face may seem blurry or like they’re blending into the background.
- A person’s voice may be off. Listen closely to how someone speaks if you believe you’re dealing with a deepfake – while they can copy a voice comprehensively, it’s still likely there may be imperfections speech speed and intonation. If all else fails, do the “Person or Bot?” test suggested by the World Economic Forum. Think back to the last automated voice you heard while calling a company’s customer service line. Does the voice you’re hearing or watching in a video now share similarities? As the WEF says, “We instinctively know what sounds right, and how real people speak and write.”
- A feeling of something not being quite right. If all else fails, trust your gut if you believe something to be off – better you double-check before releasing sensitive information that could hurt your company!
If you receive a phone call, video, image or email that seems off, it’s important to pause before opening, sharing or responding to the message. Think twice about the sender and look for the potential flaws we mentioned above. Taking these extra steps can help save your company a whole lot of money, time and heartache in the future.
If you have questions about improving security measures for your small business, we’d be happy to help. Contact Ascend Technologies today to learn about our cybersecurity and protection services.