Skip links

Deepfakes and Phishing scams: How AI Is changing cyber security

deepfake phishing illustration of a CEO

Artificial intelligence (AI) is revolutionising cyber security, offering advanced tools for threat detection and defence automation. However, it’s also empowering cybercriminals to execute more sophisticated attacks, notably through deepfake technology. Deepfakes—AI-generated synthetic media—are being exploited to create convincing impersonations, leading to significant financial and reputational damage.

Real-world examples of Deepfake Phishing scams:

  1. Arup’s $25 Million Loss: In early 2024, engineering firm Arup’s Hong Kong office fell victim to a deepfake scam. An employee received a video call featuring AI-generated likenesses of senior executives, instructing them to transfer funds for a confidential transaction. Trusting the authenticity of the call, the employee authorised multiple transactions totalling approximately $25 million. Source: Cybersecurity Dive

  2. WPP CEO Impersonation Attempt: In May 2024, advertising giant WPP was targeted in an elaborate deepfake scam. Fraudsters created a fake WhatsApp account using a publicly available image of CEO Mark Read and set up a Microsoft Teams meeting. They employed AI-generated voice cloning and manipulated video to impersonate Read, attempting to solicit money and sensitive information from a senior executive. The vigilant response of WPP’s staff prevented any loss. Source: New York Post

Implications for Cyber security:

These incidents highlight the escalating threat of deepfake phishing scams, where attackers use AI to fabricate realistic audio and video, deceiving teams into unauthorised actions. The increasing accessibility of AI tools lowers the barrier for cybercriminals to execute such attacks, making it imperative for organisations to enhance their security measures.

Protective measures for Businesses:

  1. Implement multi-factor authentication (MFA): Require multiple forms of verification for financial transactions and access to sensitive information to add an extra layer of security.

  2. Invest in AI-Powered defence systems: Utilise AI-driven security solutions capable of detecting anomalies and potential deepfake content, strengthening defences against sophisticated attacks.

  3. Conduct regular team training: Educate staff about the latest phishing tactics and deepfake threats, emphasising the importance of verifying unexpected requests, especially those involving financial transactions or sensitive data.

  4. Establish verification protocols: Encourage teams to confirm unusual requests through independent channels, such as direct phone calls or in-person confirmations, to ensure authenticity.

  5. Stay Informed about emerging threats: Keep abreast of advancements in AI and cyber threat landscapes to proactively adjust security strategies and mitigate risks.

By adopting these measures, businesses can bolster their defences against the dual-edged nature of AI in cyber security, leveraging its benefits while mitigating its potential risks.

Frequently Asked Questions (FAQs):

  1. What are deepfakes?

    Deepfakes are hyper-realistic media, often videos, in which a person’s likeness is realistically depicted doing or saying something they did not actually do or say. These AI-generated forgeries have become increasingly sophisticated, making it challenging to distinguish them from genuine content.

  2. How can businesses protect themselves from deepfake phishing scams?

    Businesses can implement multi-factor authentication, invest in AI-powered defence systems, conduct regular team training, establish verification protocols, and stay informed about emerging threats to protect against deepfake phishing scams.

  3. What should a team member do if they suspect a deepfake phishing attempt?

    If a team member suspects a deepfake phishing attempt, they should refrain from taking immediate action on the request, verify the request through independent channels, report the incident to their IT or security department, and follow established protocols for handling suspicious communications.

Protect your business today

Stay ahead of cyber threats by fortifying your defences against deepfake phishing scams. Implement robust security measures and educate your team to recognise and respond to these sophisticated attacks. For expert guidance and support, contact Cloud & More today.

cyber security
Share the Post: