Media Verification

The State of Deepfakes 2024

The State of Deepfakes 2024

Summary

Data breaches, identity theft and other online frauds have become pervasive on the web, causing significant economic damages and jeopardizing not only the privacy of internet users, but also the credibility of numerous businesses and institutions operating online. The evolution of AI and deepfakes has exponentially increased both the quantity and sophistication of these threats, rendering traditional cybercrimes much more effective. Among these threats, the most prevalent is phishing, a tactic that has become even more effective through heightened emotional manipulation facilitated by deepfakes and generative AI, targeting corporate and personal communications. In this article, we will explore the primary mechanisms of deepfake phishing, its impact on cybersecurity, and the most effective strategies to counteract deepfake attacks.

What is Phishing?

The generic term phishing encompasses every attempt to obtain money, data and sensitive information, including usernames, passwords, and financial accounts details, through deceptive mechanisms embedded in electronic communications. Phishing has evolved alongside the widespread adoption of the internet since the 1990s, as online connectivity has become an essential part of our daily lives. The most prevalent phishing methods involved scammers sending emails containing links or attachments, with the intention of obtaining targeted information from unsuspecting recipients. While emails are a common instrument in phishing attempts, these scams may also manifest in other forms such as SMS or, increasingly, through social media platforms like Facebook, Instagram, and LinkedIn. Moreover, phishing extends beyond written communication, and may involve so called “voice phishing”, using voice synthesizers or pre-recorded calls to convincingly compel victims to disclose sensitive information.

Different levels of Sophistication

Phishing attacks come in various forms, employing numerous tactics. Among the simplest are bulk attacks, wherein emails are indiscriminately sent to a large audience via spam without a specific recipient. These attacks are often easily recognizable due to certain characteristics: poorly written content, obscure sender information, and highly suspicious messages. Additionally, most email providers have effective antispam mechanisms in place, capable of blocking such attacks and preventing them to reach your inbox. Moving up the sophistication scale is “spear phishing”, a technique involving targeted communications aimed at specific individuals. In this case, scammers often try to impersonate legitimate sources to gain access to sensitive data. The crafting of such emails can be deceptively challenging to detect at first glance, as they often employ logos and features identical to those of genuine organizations. Consider, for instance, a fraudulent bill supposedly from your electric provider or an urgent communication appearing to be from your bank – both meticulously personalized to target you directly.

Deepfake phishing and social engineering tactics

The emergence of deepfake and generative AI has significantly elevated the sophistication and prevalence of phishing attacks, in a multitude of new forms. While the fundamental tactics of phishing remain largely unchanged, deepfakes make it more complicated to detect these scams, increasing the probability to fall victims to such schemes. Take, for instance, a traditional phishing attempt via telephone or video call, performed with an AI generated cloned voice or a deepfake video featuring someone familiar to you. Picture receiving a call from a coworker or even your superior, urging you to authorize a large payment or engage in an otherwise routine office task, such as sharing confidential data. The heightened emotional engagement in these types of scams raises the likelihood of individuals falling into the trap. Notably, some of these deepfakes are exceptionally difficult to discern without detection software, highlighting the crucial role of deepfake intelligence in enhancing cybersecurity defenses.