CIOs must make cybersecurity a priority. An increased reliance on technology makes cybersecurity more of an issue, and it seems criminals are getting smarter every day. Deepfakes are a growing concern.

Many people are familiar with Deepfakes, an AI technology that allows users to create events that never happened. Popular examples include a video of Mark Zuckerberg bragging about having “total control of billions of people’s stolen data” and Jon Snow’s apology for the ending of Game of Thrones. However, this technology goes beyond social media; it can be used for fraud and breaches, resulting in considerable losses.

Leaders who know what to look for can keep their organizations safe.

How are Deepfakes Made?

Deepfakes were first made by a Reddit user in 2017. The user swapped the faces of porn stars for various celebrities to make it seem as if they were engaging in inappropriate activities. Technology has since become a popular way to make celebrities and politicians seem to do and say things they never did or said.

Face swapping is a common deepfake technique. It requires running thousands of headshots of two people through an AI algorithm called a decoder. Then, you feed the images into the wrong decoder.

For example, you may feed the compressed image of person A’s face into the decoder trained on person B. It then reconstructs the face of person B with the facial expressions and orientations of person A. The process should happen frame by frame to look convincing.

Deepfakes can also be performed in a generative adversarial network (Gan). With this system, random noise is fed into a generator. Then, a stream of images you wish to impersonate is fed into a second algorithm called a discriminator.

The synthetic images will initially look nothing like the desired result, but with repeat processes and feedback, the system will improve and create realistic images.

How Can Deepfakes Be Used in Business?

At first, deepfakes were commonly used to spoof celebrities and politicians. They were distributed on social media to make people think famous individuals were engaging in unexpected activities for entertainment purposes. However, bad actors have since seen the potential to use them in business settings to impact businesses negatively.

Here are some examples to be aware of:

• Deepfakes can be used to impersonate customer service representatives from financial institutions in a video or audio clip. The deepfake rep could provide incorrect information to clients regarding account balances, interest rates, and loan terms, causing them to make poor financial decisions.
• Bad actors may also create a video of a CEO announcing a financial crisis or fraudulent activity within the organization, causing reputational damage and compliance scrutiny.
• You may receive an email asking you to contact a vendor about a transaction. You call the number provided and engage in what seems to be a very realistic conversation with someone who sounds like your vendor. You provide your payment information to clear the matter. Later, you discover you were speaking to a deepfake and just provided payment information to a criminal rather than your vendor.

How to Spot Deepfakes

• Video Issues: A poor-quality deepfake may have issues, including flickering around the edges, low definition in fine details, and inconsistent lighting.
• False Contact Information: Sometimes, you may be provided with contact information that tips you off. For example, if you receive an email asking you to call a phone number to provide financial information, double-check the email address and phone number. They may be close to your contact’s accurate information, but if you examine closely, you’ll find a number is off or an email address says .net instead of .com.
• Technology: There is technology designed to detect deepfakes. However, the tools are still in development. While they effectively detect celebrity deepfakes, due to so much available footage, they struggle to identify deepfakes in ‘everyday people.’ However, the technology is being updated and will, hopefully, become more effective.
• Go with Your Gut: If you encounter a situation where you are being asked for sensitive information, and something doesn’t seem right, do some investigating before responding.

Other Techniques for Minimizing Deepfakes

• Monitor Deepfakes: Have staff members look for deepfakes that might damage your company’s reputation. Address them before they become viral.
• Enhance Cybersecurity Measures: Update your software and conduct vulnerability assessments to prevent bad actors from accessing your system.
• Raise Awareness and Provide Training: Ensure your stakeholders and employees know how to identify deepfakes to keep your organization safe.

Want to learn how to protect your company from cybersecurity incidents? Sign up for our newsletter today.