Deepfake scammers are coming for your customers. As artificial intelligence (AI) becomes increasingly sophisticated, cybercriminals are using AI technology to create deepfake audio, video, and materials to fool customers into giving out sensitive personal data. Deepfakes are becoming so sophisticated it is increasingly difficult to differentiate them from authentic customer communications.
While deepfake technology has been around for a while, cyber scammers are finding new and innovative ways to impersonate customer representatives to take advantage of consumers. Phony AI-powered chatbots can interact with customers, gathering credit card numbers and personal information. AI-generated voices, videos, and images convince customers they are talking to a company representative rather than a computer. Generative AI is even making phishing attacks more sophisticated and credible.
To fend off the rising tide of deepfake attacks, organizations must arm themselves with new technology that can detect AI attacks. Customers also must be better educated about this new breed of cyberscam and how to keep their personal information safe.
The Rise of Deepfake Fraud
Deepfake technology started as the manipulation of facial images, typically swapping one face for another. Deepfakes use machine learning and generative AI to generate bogus photos, usually of celebrities or famous people. Among the most notable deepfakes was the phony public service announcement depicting Barack Obama . These kinds of deepfakes are typically used for fake news, financial fraud, and revenge porn. As the technology has proliferated, deepfakes are no longer created by experts or targeted at just celebrities.
Cybercriminals have started using generative AI more prolifically. In a recent survey, 37% of global businesses report having experienced deepfake voice fraud, and 29% have been victims of deepfake videos.
Phishing Becomes More Sophisticated
Having the ability to impersonate anyone makes phishing attacks more convincing . Using deepfakes as part of phony emails or phone calls can trick consumers into disclosing financial information for a counterfeit renewal or deal. Deepfakes are also being used to spoof employees.
For example, cybercriminals used deepfake technology to impersonate the voice of the CEO at a UK-based energy company. The criminals convinced employees to transfer $243,000 to a Hungarian supplier by impersonating the company's German-based chief executive.
These fakes do not apply to just people. Generative AI can create realistic chatbots that convince customers to provide personal data, order information, and financials. The experience is so realistic that customers never suspect they are being scammed.
Deepfakes Underscore Customer Service Vulnerabilities
As cybercriminals find more diabolical applications for generative AI, companies are uncovering new areas of vulnerability.
Biometrics is another area being compromised by deepfakes, so more businesses are adopting biometrics for security. However, multi-factor authentication can be easily compromised when you can replicate a person’s face or voice. It’s ironic that many banks have started using voice authentication at a time when voices have become so easy to fake.
Tricking facial recognition algorithms is a bit more difficult, but as the technology improves, it can lead to mayhem, unlocking access to sensitive corporate data, bank accounts, and more, bypassing security measures. Even consumer apps can be spoofed using facial recognition or other biometrics.
How Deepfakes Can Impact Business
If they remain undetected, deepfakes can have an impact on any business, ranging from fraud, losses, and breaches to significant reputational damage.
Brand reputation can be dramatically affected by deepfake content that proliferates online. False news reports of faulty products or company misdeeds can impact stock price, valuation, and brand value. Deepfake reports also erode consumer confidence, reducing sales.
Cybercriminals can also use deepfakes to impersonate customers. By posing as legitimate customers, scammers can place orders for goods or request refunds using falsified receipts.
How can companies detect deepfakes before they can do any damage? It isn’t easy. Identifying deepfakes requires sophisticated software capable of analyzing and identifying anomalies in images, audio, and video and validating the content, including a tamper score. Usually, this requires a real-time decision to avoid impacting the customer experience.
Protecting Customer Service from Deepfakes
Companies must educate customers about the risks. Most consumers know about phishing attacks and how to deal with telephone scammers, but deepfake attacks are still relatively new.
Organizations should take steps to inform customers about deepfakes and potential attacks and empower them to protect themselves, including offering different authentication options. Companies also can put safeguards in place to detect deepfakes as soon as possible.
Cyberthreats will continue to become more sophisticated, and AI and deepfakes will play a larger role in cyberattacks. Organizations must recognize the threat from deepfakes and stake ahead of the curve, educating employees, partners, and customers about the risks associated with deepfake technology. They should also consider adopting counter-AI technology to detect and prevent these attacks.
The best response to prevent deepfake attacks starts with awareness and creating a resilient digital environment that can defend itself from this new breed of AI cyberattacks.
About the author: Nicos Vekiarides is CEO and co-founder of Attestiv where he manages all day to day company functions. Nicos has spent 20+ years in the IT technology fields, as a business manager, entrepreneur, founder and adviser in startup companies. Prior to Attestiv, Nicos was co-founder and CEO of TwinStrata, a cloud storage company that pioneered delivering cloud storage to the enterprise and was sold to EMC in 2014. Before TwinStrata, Nicos served as General Manager of the storage virtualization business at Hewlett-Packard. Nicos came to HP with the acquisition of StorageApps where he was the founding VP of Engineering and built a team that brought to market the industry's first storage virtualization appliance. Nicos was instrumental in the sale of StorageApps to Hewlett-Packard for $350M in 2001. He also spent a number of years in the data storage industry working at Sun Microsystems and Encore Computer and architected and delivered Encore Computer's SP data replication products that were a key factor in the $185M sale of Encore's storage division to Sun Microsystems. Nicos holds an MS in Computer Engineering from Carnegie-Mellon University and a BS in Electrical Engineering from MIT. Nicos is active in the startup community as an investor, adviser and Mentor through Founder Institute.
Edited by
Erik Linask
