How Deepfake Technology Ups the Ante for Modern Cybersecurity Strategies
A finance worker at a multinational company thought he was on a video call with the organization’s CFO and other colleagues he recognized. As instructed, he wired $25 million to facilitate a secret transaction.
Turns out, everyone else on the call was fake.
Welcome to the world of deepfake technology, where cybercriminals can use AI to generate realistic images, audio and even video. Fraudsters are using the technology in elaborate schemes to dupe unsuspecting victims out of large sums of money.
It’s the latest twist in business email compromise (BEC) scams, which have cost organizations more than $55 billion since 2013. The FBI reports that there have been about 300,000 BEC incidents across the U.S. and in 177 countries. BEC attacks increased from just 1% of cyberattacks in 2022 to 18.6% in 2023, according to Perception Point. The company believes that generative AI is to blame for the 1,760% increase, and we agree.
What Is Business Email Compromise?
Also known as man-in-the-email attacks, a business email compromise typically “spoofs” the email of a company executive and sends a request for a wire transfer to someone in finance or accounting. Attackers may also send text messages or use collaboration platforms. Bad actors will conduct research into the company’s organizational hierarchy and identify employees who manage money and regularly initiate wire transfers. Victims of this type of business email compromise think they’re getting an email from the CEO or CFO, and their instinct is to do as they are asked.
In other cases, the bad actors will find out the names of legitimate vendors and business partners that the company wires money to regularly. The attackers will pose as the supplier and send an invoice, requesting that payment be transferred to an account controlled by the fraudsters. Companies that do business overseas are often targeted.
Business email compromises are among the most financially devastating forms of cyberattack, making fighting against them a core component of modern cybersecurity strategies. Consumers and businesses reported almost 21,500 incidents of this type to the FBI in 2023, with total losses of nearly $3 billion. A 2022 IBM report estimated that the average business loses about $5 million in a successful business email compromise attack.
If you’re not taking to ensure your email security is up to the task, your organization could be next to fall victim to these deepfakes.
What Are Deepfakes?
Deepfake technology has escalated the threat of business email compromise, making robust email security and employee training essential to protect your organization.
Deepfakes use deep learning algorithms to produce replicas of real images and videos. Recursive neural networks are adept at image recognition, making them good at generating fake images. Typically, one algorithm is trained to generate fake images and another is used to determine whether the image is real. They continue to perform these tasks recursively, with each algorithm getting better at its respective task until the images are so good that a human cannot tell that they’re fake.
This takes time and processing power, so deepfakes are typically only used for high-dollar scams. However, the number of deepfake business email compromise attacks increased by 3,000 percent in 2023, according to a study by Onfido.
Cheapfakes
“Cheapfakes” are relatively crude versions that simply swap out one face or another. Most humans can detect them if they are paying attention, but cheapfakes are used successfully to bypass facial verification systems, conduct fraudulent transactions or access sensitive information. According to the Onfido study, cheapfakes were involved in more than 80% of fraud attacks in 2023.
Avoid Falling Victim to a Business Email Compromise Attack by Making Business Email Security a Priority
What can organizations do to avoid falling victim to a business email compromise attack? The key is to educate employees and executives about the risk and how to identify a business email compromise attack before it compromises email security.
Detecting business email compromise is tougher than other types of phishing because the attacks are highly targeted and carefully crafted. Business email compromise attacks rarely have the bad grammar and spelling associated with other types of phishing, and AI has made it easier for fraudsters to craft legitimate-looking emails. If the hacker has gotten into the secure email server and hijacked the executive’s account, the email may appear to be internal.
Deepfakes further increase the danger. In the $25 million scam, the finance worker was initially suspicious of a business email compromise attempt but was convinced by the deepfake video call.
Enhance your business email security with GDS.
Contact Us >Even if the email is flawlessly constructed and deepfakes are used, employees should be suspicious of urgent requests to wire money and keep the request confidential. They should also question vendor requests for payment that don’t go through normal channels.
Most importantly, organizations should establish policies and procedures for verifying wire transfers as part of their cybersecurity strategies. Employees should always be suspicious of email requests and always confirm by calling the person making the request using a known number or, ideally, speaking to them in person. The account number for the wire transfer should be checked carefully.
How GDS Can Help With Business Email Security
GDS offers protection against business email compromise through our end-to-end email security service. This solution stops unwanted and potentially malicious content from reaching users’ inboxes through reputation-based filtering and deep analysis of the message. We also offer security awareness training programs to help employees learn how to spot business email compromise attacks. Let us help you reduce the risk of this dangerous form of cybercrime. Contact us to set up a call with our email security experts to take the first step in protecting your organization.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.
Contact Managed Services Provider, Global Data Systems >
