Deepfakes on the Rise: How to Protect Yourself

Senator Benjamin Cardin, chairman of the U.S. Foreign Relations Committee, is the most recent public figure to have experienced a targeted social engineering attack. The attack began with the Senator’s office receiving an email that purported to be from former Ukrainian minister Dmytro Kuleba, who Cardin had already known.

A virtual meeting was set up where Kuleba appeared on video. His voice and appearance seemed consistent with the Senator’s previous meetings. The conversation became suspicious when Kuleba asked Cardin politically charged questions regarding U.S. attitudes towards long-range missiles into Russian territory. The Senator and his staff immediately ended the call when they realized they were either speaking to an imposter or some sort of synthetic deepfake.

This isn’t the first instance of social engineering where synthetic media was weaponized. Earlier this year, a deepfake CFO conned a well-known design firm out of $25 million. A few months ago, advertising giant WPP reported an incident where audio and video of their CEO were cloned from YouTube, in an attempt to solicit money and sensitive information. Last year, a senior executive of a leading cryptocurrency firm disclosed how scammers created a deepfake hologram to dupe victims on a Zoom call.

Why Is Synthetic Media Becoming a Weapon of Choice For Scammers?
Tools and techniques used to create synthetic media (or alter authentic media) have been around for decades. Previously these tools were only accessible to people that had specialized skills and software. At the time, it would require days or weeks to create a sophisticated fake. With access to free online applications, advances in computational power and AI technologies, synthetic media can be whipped up today with little technical expertise.

Another reason why synthetic media is gaining popularity in scams and phishing schemes is because humans are far more likely to believe and trust something or someone they see or hear in comparison to something they read. Moreover, audiovisual content has a much higher resemblance to reality and perceived as more credible than text or email.

The remote work phenomenon is also partially to blame. As more organizations and employees get accustomed to meeting virtually, the need for physical verification doesn’t really exist. Until now. This empowers cybercriminals and state-sponsored attackers to carry out advanced persistent threats (APTs) as undetectable social engineering attacks and online fraud.

How Can Synthetic Media Affect Organizations?
Threat actors can operationalize synthetic media in a variety of ways. The most common and major threats to organizations include:

  • Financial Scams: Threat actors have been using phishing emails and messages to impersonate executives (a.k.a. Business Email Compromise), causing billions of dollars in losses every year. With the mass availability of synthetic media, bad actors can make C-level impersonations even more realistic and believable, enabling them to design targeted and damaging social engineering attacks.
  • Access and Infiltration: Malicious actors can employ deepfakes to deceive employees and gain access to company data, systems, and information. They can use deepfakes to manipulate employees into revealing their credentials; they can secure jobs by faking their identities to access insiders, data and systems.
  • Reputational Damage: Threat actors can fabricate synthetic media, portraying senior leaders in objectionable and questionable circumstances with the goal of spreading disinformation, assassinating someone’s character, or damaging the reputation and brand of an organization. Deepfakes can be quickly disseminated across social media platforms before it can be blocked or disputed. This can have massive implications on stock prices. Threat actors can leverage deepfakes to blackmail and extort organizations and executives.

How Can Organizations Protect Themselves From Synthetic Media Risks?
While the media and governments are doing what they can to regulate platforms and report deepfakes, organizations also have a shared responsibility to protect themselves, their stakeholders and society as a whole. Here are some best practices that can help get started:

  • Educate Employees How To Identify Synthetic Media: Teach employees to conduct a visual examination when they join online meetings – look for signs of manipulation such as lip-syncing issues, weird head, torso or eye movements, lack of neck muscle flexing or jitters; other physical properties such as feet not touching the ground or unusual speech patterns.
  • Protect Identities of High Priority Individuals:To protect senior executives from being repurposed by synthetic media, organizations can consider adopting authentication techniques such as digital watermarking or using open-source tools developed by the Content Authenticity Initiative.
  • Practice Continuous Cybersecurity Training: Regular phishing simulation exercises, ‘spot the deepfake’ contests, security fire drills and rehearsals can help motivate and engage users while also strengthening security alertness, skepticism, and intuition.
  • Report Synthetic Media: If security teams or employees encounter deepfakes, they can be reported to U.S. Government entities including the NSA Cybersecurity Collaboration Center and the FBI at CyWatch@fbi.gov.
  • Implement Robust Verification / Authentication Processes: Verify sudden or unexpected communications, especially those involving senior executives, sensitive information or financial transactions. Use tools like phishing-resistant multi-factor authentication and zero trust to reduce the possibility of identity fraud.

Synthetic media technology is evolving so rapidly that the boundaries between what is real and what is not are dissolving. It’s important that governments, NGOs, businesses and individuals become aware of these insidious threats, practice critical thinking and be prepared to take appropriate actions and cybersecurity measures.

Featured

  • The Business Case for Video Analytics: Understanding the Real ROI

    For security professionals who may be hesitant to invest in video analytics, now's the time to reconsider. In a newly released Omdia report commissioned by BriefCam (now Milestone Systems), the research firm uncovered a compelling story: more than 85% of North American and European organizations that use video analytics achieve a return on investment within just one year. The study, which surveyed 140 end users across multiple industries, demonstrates that security technology is no longer just for security — it's a cross-organizational tool that delivers measurable business value far beyond traditional safety applications. Read Now

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3