When a Hong Kong finance employee heard from his boss in London about helping to arrange a secret financial transaction, the worker was suspicious at first. But the instructions came directly from his boss, who followed up by appearing in a video conference attended by other employees.
Because it all checked out, the finance employee arranged to transfer $25 million to five different bank accounts. Big mistake.
It was an elaborate scam using AI deepfake technology.
In the “multi-person video conference, it turns out that everyone (he saw) was fake,” a Hong Kong police official said, according to a CNN report last year. The CFO and others from the firm, later determined to be UK-based engineering firm Arup, had been digitally cloned.
Cyber criminals have upped their game from email phishing scams to using artificial intelligence (AI) to create voice and video reproductions. These deepfake attacks are becoming more common, and effective, as AI technology grows more sophisticated. Companies and individuals are being tricked into divulging confidential information and handing over money.
“The quality of modern deepfake technology is disturbingly high,” said Michael Tanji, director of cybersecurity for MxD, the National Center for Cybersecurity in Manufacturing as designated by the U.S. Department of Defense. “The best fakes are nearly indistinguishable from reality, which is why they pose such a threat.”
Tanji said deepfake technology can be especially effective in real-time communication like Zoom or telephone calls. “The immediate, interactive nature of a live call makes it much harder for a human to spot the subtle inconsistencies, putting people under immediate pressure to comply,” he said.
The technique isn’t perfect yet. When criminals targeted carmaker Ferrari, an executive who received a WhatsApp call allegedly from the CEO thought something was amiss, even though the CEO’s accent seemed perfect. As with the Hong Kong episode, the Ferrari deepfake request involved sending money for a supposedly secret transaction. The employee hesitated, asking a question only the CEO could answer: “What was the name of that book you recently recommended?” The scam artist couldn’t answer and hung up.
Tanji said deepfakes are head spinning because they manipulate reality so effectively. “Deepfakes make it possible for a bad actor to make someone look or sound like they’ve said or done something they never did,” he explained. “This capability is being used for a wide range of malicious activities, from simple scams to corporate fraud and large-scale disinformation campaigns.”
We asked Tanji how companies — and individuals — can defend themselves against the deepfake threat. (Answers have been edited for space.)
How are voices and images being manipulated to create deepfakes?
MT: Audio deepfakes are made using voice cloning or speech synthesis. The AI takes a recording of a person’s voice and learns the speaker’s unique vocal characteristics: pitch, tone, accent, and cadence. Once it learns the voice, the AI can generate new audio, making it sound like the person is saying whatever the criminals want. Video or photo deepfakes use a collection of images or videos of the target to learn their facial structure, expressions, and how they move. The AI then maps that learned face onto an existing video of another person, frame by frame, or places it onto a static image.
Are video deepfakes now as common as audio deepfakes?
MT: Right now, audio deepfake attacks are significantly more common. Voice cloning is faster, easier to produce, and requires less computing power and less original source material. Video deepfakes are rising in sophistication, but audio remains the most frequently weaponized form of the technology.
How do you defend against them? Is it about training and recognition, or are there technical defenses to employ?
MT: Effective defense against deepfakes requires a multi-layered approach that uses human training and technical solutions. You generally need a technical solution to consistently and reliably tell if something is a deepfake. AI-powered detection tools can analyze files for digital fingerprints or patterns that the human eye cannot see.
The human defense involves training and recognition. That includes:
Behavioral Verification: Train yourself and your employees to be suspicious of urgent, unusual requests, especially those involving money transfers or sensitive data. A simple training rule is: Verify everything through a second channel. If you get a suspicious video call from “the CEO,” hang up and call them back on their known, official phone number or send a separate email.
Code Words: For personal use, establish a secret family “safe word” that is never shared online. If a loved one calls with an emergency, they must use the code word to prove it’s really them.
Media Literacy: Understand that this technology exists and that anyone can be a target. Knowing what deepfakes are and the common scams are the first lines of defense.
The technical defense is also multi-layered. It includes:
Authentication: Implement multi-factor authentication (MFA) for all sensitive systems. MFA makes it much harder for a deepfake voice or face alone to gain access.
Detection Tools: Use AI-powered detection software that analyzes media (audio and video) for the minute digital artifacts that reveal a deepfake.
Strong Protocols: Establish clear, non-negotiable protocols for high-risk actions. For example, create a rule that no financial transfer over a certain amount can ever be approved solely by a video or phone call. It must require a signed paper document or in-person verification.
What are other specific steps companies should take to defend themselves against deepfake threats?
MT: Conduct Deepfake Awareness Training. Regularly educate all employees on deepfake risks. Training should include real-world examples of deepfake scams and what specific red flags to look for.
Harden High-Risk Processes. Review and modify all procedures for high-risk activities like employee onboarding (to prevent fraudulent hiring), large fund transfers, and password resets. Remove voice or face biometrics as the sole means of verification for these critical processes.
Monitor Executive Public Presence. Advise senior executives to be mindful of their public online footprint, as easily accessible, high-quality audio or video clips provide the necessary training data for deepfake creation. Companies may need to monitor social media or public sources to detect the unauthorized use of their executives’ likeness.
Mandate MFA everywhere. Again, for all accounts, especially those with access to financial systems, customer data, or internal networks, MFA should be mandatory. A face or voice alone should never be enough to log in or authorize a transaction.
Should people behave differently in everyday lives to protect themselves from deepfake threats?
MT: It would be wise for people to adopt a mindset of digital skepticism and verification.
Assume Nothing is Real. Adopt the view that anything you see or hear that is unusual, urgent, or high-pressure might be a deepfake. Pause and think before reacting to a call, video, or message that seems out of the ordinary.
Limit Your Voice and Video Exposure. Be more mindful of the amount of your voice and clear facial images you post publicly online, especially on social media or other sites that are easy for criminals to scrape. The less training data available, the harder it is for a convincing deepfake to be created.Verify Independently. If you receive a frantic call or message from someone you know asking for money, never send it right away. Hang up and call the person back on a phone number you know to be theirs or contact another family member to confirm the story. Criminals rely on panic and urgency, so taking a moment to verify is your most powerful tool.
Visit the MxD Virtual Training Center for information on cybersecurity workforce training resources.