"Why Deepfake Phishing Is a Disaster Waiting to Happen"

People have used Artificial Intelligence (AI) technology to distort reality as it has advanced. They have made fake images and videos of Tom Cruise, Mark Zuckerberg, and other high-profile individuals. While many of these applications are harmless, others, such as deepfake phishing, are far more sinister. A new wave of threat actors is using AI to create synthetic audio, image, and video content designed to impersonate trusted individuals such as CEOs and other executives in order to trick employees into handing over sensitive information. However, most organizations are unprepared to deal with these types of threats. Gartner analyst Darin Stewart warned in 2021 that while businesses scramble to defend against ransomware attacks, they are doing nothing to prepare for an onslaught of synthetic media. Organizations cannot afford to ignore the social engineering threat posed by deepfakes, especially with providers such as OpenAI offering access to AI and Machine Learning (ML) through new tools like ChatGPT. While deepfake technology is still in its early stages, it is gaining popularity. Cybercriminals are already experimenting with it in order to launch attacks on unsuspecting users and organizations. According to the World Economic Forum (WEF), the number of deepfake videos on the Internet is increasing at a rate of 900 percent per year. At the same time, VMware discovered that two out of every three defenders have seen malicious deepfakes used as part of an attack, a 13 percent increase from the previous year. These attacks have the potential to be devastatingly effective. For example, in 2021, cybercriminals impersonated the CEO of a large corporation using AI voice cloning. They tricked the organization's bank manager into transferring $35 million to another account to complete an "acquisition." In 2019, a similar incident occurred when a fraudster called the CEO of a UK energy firm and impersonated the CEO of the firm's German parent company using AI. The malicious actor requested a $243,000 urgent transfer to a Hungarian supplier. Many analysts believe that the rise in deepfake phishing will continue, and that threat actors' false content will become more sophisticated and convincing. This article continues to discuss the state of deepfake phishing in 2022, how deepfakes mimic individuals and bypass biometric authentication, the role of security awareness training in addressing deepfake phishing, and fighting adversarial AI with defensive AI. 

VB reports "Why Deepfake Phishing Is a Disaster Waiting to Happen"