Emerging threat of deepfakes: viability, risks, impacts and mitigations through a practical use case

Abstract: Early 2024 an employee was tricked to transfer 25 million dollars in a cyber-attack where live deepfakes were used to convince the employee of the legitimacy of the request (Chen and Magramo, 2024). Deepfakes are media (image, audio, and video) edited by an algorithm. In the case of the malicious deepfake e.g. video input, it enabled real time interaction between a target and the deepfake. The availability of software and hardware enabling anyone to create their own high quality deepfakes has become such a threat that Europol in 2022 stated: “Many organisations have now begun to see deepfakes as an even bigger potential risk than identity theft (for which deepfakes can also be used), especially now that most interactions have moved online since the COVID-19 pandemic” (Europol, 2022). This paper presents experiences from creating live deepfakes based on typical online, openly accessible media, using free software and a gaming computer, following a free online guide. Without previous experience with deepfakes, we were able to select settings that yielded high quality deepfakes with less than one hour of exploring. The activity of labelling faces requires very little skill. Based on the use case, we provide examples of the achieved quality and discuss cyber and information security implications for organisations. Interviews were performed with a set of small and medium sized organisations regarding their awareness and preparedness for dealing with deepfakes. Industry start to become aware of potential threats of deepfakes, but lack procedures, processes and awareness to be able to sufficiently mitigate deepfake risks. Finally, we suggest a set of best practices and procedures for identifying, and mitigating such threats, focusing on technology, organisation, and the human element.Chen, H. and Magramo, K. (2024) Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ | CNN. Available at: https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html (Accessed: 11 June 2024).Europol (2022) ‘Facing reality? Law enforcement and the challenge of deepfakes, an observatory report from the Europol Innovation Lab’. Publications Office of the European Union, Luxembourg. Available at: https://www.europol.europa.eu/publications-events/publications/facing-reality-law-enforcement-and-challenge-of-deepfakes#downloads (Accessed: 11 June 2024).

Keywords: Cybersecurity, Artificial Intelligence, Deepfake, Manipulation, Human influence, Misinformation, Social Engineering

DOI: 10.54941/ahfe1005592

Cite this paper:

​