Imagine receiving an email from your CEO with a video of them asking for confidential information urgently. As an employee, you immediately recognize the face and voice of your company’s CEO and, therefore, proceed to share the information without any hesitation. And, boom, you became the victim of a deepfake phishing attack.
A report by IBM and Forbes Insights found that 46% of organizations that experienced a cybersecurity breach suffered a major hit to their reputation and their brand’s value as a result.
Unfortunately, with advanced technology, phishers tend to search for new ways, like deepfake phishing, to perform identity and data theft, leading to reputational and financial damage to organizations across many domains.
What Are Deepfakes? What is Deepfake Phishing?
Deepfakes are artificial content like photos or videos created with deep learning technology(thus the name- deepfake). These artificially created videos and images are used to make statements, actions, and activities that have not occurred in real life. It indeed makes the employees in an organization think, “Can we really believe what we see?”
Deepfake phishing is utilizing deepfake technology to create and circulate realistic but completely fake content to mislead individuals into sharing confidential information. Attackers can affect the working of a sound organization with deep fake phishing in the mentioned ways:
- Cybercriminals can mimic the voice of high-level company executives and trick the employees into performing certain tasks. With 3 seconds of voice, these criminals can easily clone anyone’s voice.
Read more: AI Voice Cloning – A New Threat To Businesses.
- Email spoofing with phishers sending fraudulent emails with deepfake voice notes or videos asking for passwords.
- Creating fake videos or impersonating the CEO over a Zoom or Google meeting, asking the employees to carry out certain financial transactions.
In 2023, 26% of smaller and 38% of large companies experienced deepfake fraud, resulting in losses of up to US$480,000 – AI. Magazine.
Real-Life Deepfake Scam – British Company Loses $25 Million with Fake Video From CFO.
A British multinational company, Arup, fell for a deepfake scam, losing a whopping 25 million dollars. The scammer was portrayed as the company’s CFO and ordered a fund transfer across 15 transactions during a conference call.
According to CNN Business, the employee received the email for the same, which he initially found suspicious. Later, on a conference call with the CFO and other colleagues, his doubts vanished. The AI avatars looked like CFOs and colleagues and sounded like them.
Unfortunately, the malicious activity was only identified after the transactions had been made. This, along with many similar incidents with prestigious organizations, raises concerns over cyber fraud, where remote conversations prove to be a threat.
How Can Organizations Mitigate the Risk of Deepfake Phishing Attacks?
The responsibility of protecting the company’s confidential information falls on the organization’s CISOs. However, the security depends upon detection. The ability of employees to differentiate between real and AI-generated content can help detect threats from a distance.
But, in the era of generative AI, it’s impossible to monitor employee’s actions. However, with TSAT – Threatcop’s security awareness training, organizations can evaluate how employees respond to such suspicious situations. The tool also introduces employees to newly modeled vulnerabilities via interactive content of cyber threats, such as phishing, smishing, WhatsApp, and more.
Book a Free Demo Call with Our People Security Expert
The next step would be to provide cybersecurity and awareness training campaigns to educate employees on the latest phishing attack types. Investing in the Threatcop Learning Management System has dynamic features like awareness campaigns, library access, employee monitoring and awareness, etc.
Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015 – Special Report: Cyberwarfare In The C-Suite.
Lastly, setting strict ground rules like no password sharing, unique passwords for every different purpose, and practicing password rotations adds to the company’s security.
Fighting Against Deepfake Phishing Attacks – Conclusion
Costing millions to prestigious organizations, deepfake attacks are an evolving threat in the world of cybercrimes. As and when AI technology develops, this threat will get more sophisticated. With the timely incorporation of detection techniques, organizations can mitigate the risk of deepfake attacks. Not only stakeholders but also CISOs and every other employee must question every online activity to remain on the safe side of technology.
Technical Content Writer at Threatcop
Ritu Yadav is a seasoned Technical Content Writer at Threatcop, leveraging her extensive experience as a former journalist with leading media organizations. Her expertise bridges the worlds of in-depth research on cybersecurity, delivering informative and engaging content.
Technical Content Writer at Threatcop Ritu Yadav is a seasoned Technical Content Writer at Threatcop, leveraging her extensive experience as a former journalist with leading media organizations. Her expertise bridges the worlds of in-depth research on cybersecurity, delivering informative and engaging content.