Don’t Become a Victim – Here’s How to Spot a Deepfake
With the rise of artificial intelligence (AI), cybercriminals have more tools at their disposal than ever. Hackers are abusing AI to create all new ways to attack, and as a result, deepfake scams are becoming increasingly common. This type of scam can be incredibly convincing, so it’s important to know how to spot a deepfake.
Deepfakes and Cybercrime
Deepfake scams are scarily realistic. Earlier this year in a first-of-its-kind attack, a finance clerk in Hong Kong willingly made over £20 million worth of payments at the request of the firm’s CFO.
Sadly for the employee, the CFO and other members of staff on the video call were actually deepfakes – digital replicas of the real deal. The clerk had been successfully duped, resulting in a huge financial loss for the multinational company.
So how do you avoid becoming a victim of this kind of attack? Well, there are a number of red flags to look out for, and awareness of these is key. But before we look at how to spot a deepfake, let’s define what a deepfake is.
What are Deepfakes? And What is a Deepfake Scam?
Deepfakes are essentially synthetic images, video or audio generated via AI and deep learning. Hackers use existing digital content to create convincing replicas that look and feel real to the recipient.
By creating deepfakes, threat actors can mimic the look, voice, and mannerisms of individuals with scary accuracy. In a deepfake scam, attackers will aim to manipulate victims using typical social engineering techniques, but bolster credibility with realistic replicas of people that are known to the recipient.
Anyone can unwittingly be used in a deepfake scam, as long as the hacker can access sufficient audio or imagery. So how do you know you’re talking to the real person? Here are our tips on how to spot a deepfake scam.
How to Spot a Deepfake
- Odd facial movements: Look for odd or unnatural facial expressions and movements, especially around the eyes and mouth.
- Inconsistent lighting: If lighting on the face doesn’t match the rest of the setting, you’re likely being targeted by a deepfake scam.
- Blurring and fuzziness: Any blurring, especially around the edges of the face or where the face meets the background, is a big red flag that it’s a deepfake. Real people don’t have fuzzy hands, smudging chins, or changing face shapes.
- Look into their eyes: Deepfakes often blink in an irregular pattern (or not at all). If it looks unnatural when they blink, or they are avoiding blinking altogether, you can be fairly confident that they aren’t the real deal.
- Out of sync: When lip movements and voice are mismatched or don’t align, you could be being targeted by a deepfake scam.
- Humans don’t sound like robots: Listen out for robotic-sounding voices – deepfake audio often lacks the nuances of natural speech.
- Gestures and expressions: Check if gestures and facial expressions match the context and content of the speech.
- Warping: Pixelation or warping around the face may indicate a deepfake scam.
- Texture and detail: Look closely at skin texture and hair detail for any unnatural smoothness or distortion.
Always Stay Suspicious
Now you know how to spot a deepfake scam, it’s good to know what you can do if you’re in doubt. Chances are, if you sense something is up, something is probably up. Below are a few ways you can validate your suspicions, but ultimately, don’t take any action if you don’t feel 100% confident that the source is legitimate. An awkward conversation is better than being duped, and being overcautious is better than being caught out!
- Use reverse image and video search: If you suspect your experiencing a deepfake scam, you can use reverse search tools to find the original source of the video or image and compare for discrepancies.
- Check context and source: Consider the reliability and trustworthiness of the source or platform where the content was found.
- Context and character: Check for any content that seems out of character or context for the person being depicted.
- Cross-verify: Compare the suspicious content with known authentic videos and images of the person.
- Contact sources through different mediums: like you should with any social engineering, you should always reach out to the individual via different methods of contact to verify their identity.
- Use deepfake detection tools: With the rise of deepfake scams, online tools are now more readily available to help you identify and detect deepfakes.
- Consult a professional: If unsure, ask the advice of a cybersecurity expert who will be able to help you identify whether or not the content you’re looking at is legitimate.
Cyber Awareness is Key
Phishing continues to be biggest cyber threat, and with the use of AI and deepfakes, attacks are becoming all the more convincing. The best way to stop your business from being a victim of a deepfake scam, is to ensure your employees know how to spot a deepfake, as well as all other kinds of social engineering tactics.
At 848, we specialise in cybersecurity and the modern workplace. We can help you implement robust security controls to minimise cyber threats and help improve cyber awareness across your organisation. Get in touch with a member of our team today to learn more.