It’s time to get to know deepfakes before they get to know you 

Whatever your knowledge level, deepfakes are here and are changing the world as we know it. Unfortunately, we are now increasingly seeing them weaponized and used to target private individuals, employees, and organizations. Advances in real-time cloning of voice and video have led to a new breed of AI scam that is making it increasingly challenging to know if what people are seeing and hearing is real or not. 

In fact, a recent international survey of nearly 25,000 people found 33% had already experienced deepfake attacks or scams for personal information and/or money. 

And although the report found the general public seems to be adjusting to the threat, with 49% claiming they are questioning authenticity of the news and 60% the authenticity of online content more than before, the same cannot be said about business. Separate research shows only 30% of executives consider cybersecurity the most important priority in their organization – with deepfakes ranked the lowest of threats in terms of overall concern. 

Combine this with the fact that there was a 223% increase in the purchase and selling of deepfake tools on the dark web between the first quarters of 2023 and 2024, and only a quarter of organizations have comprehensive strategies to ensure positive employee experiences and outcomes with generative AI, the question now becomes “What should businesses do?” The answer is that it is imperative for them to get educated about deepfake technology now.  

In its simplest terms, this means major shifts in organizational mindsets regarding all things online. Success will come from a combination of enhanced cybersecurity policies, leadership alignment, and above all, thorough education and training for staff at both speed and scale.  

This last part is vital as the pace of technological advancement around deepfakes, coupled with the more general dynamism of the IT landscape, means both employers and employees must adapt quickly to minimize disruption and maintain business continuity. In addition, upskilling at scale ensures organizations have the necessary internal infrastructure and talent to thrive in this new environment, leading to increased productivity, reduced errors, and better overall performance.  

Both employees and employers need to:   

• Be skeptical of content that seems too good to be true. Deepfakes are often used to create fake news stories or to spread misinformation. If something seems too outrageous or unbelievable, it’s best to be cautious and verify it before sharing it. Check the company’s official page (this might be shown by having a blue tick on some platforms). 
• Question out-of-character requests. Just like other forms of social engineering, deepfakes are being used in attacks against businesses. Requests to employees to change payment accounts or wire money outside of normal protocols are two common attacks, often seeming to come from a CEO or other senior leader. Be wary of these types of abnormal requests, and always confirm them with the right leaders at your company before acting. 
• Pay attention to the source of the content. Deepfakes often manipulate emotions to encourage the downloading of dangerous software or sharing of personal information spread through social media or other online platforms; telling you to “act now” as your computer has been hacked or you’ve won something. Be wary when receiving emails, unsolicited direct messages, texts, phone calls, or other digital communications if the source is unknown and always verify the sender’s identity. 
• Look for signs of manipulation. Deepfakes are often created by manipulating existing videos or images and if looked at properly, most people can detect things like irregular vocals and shadowing around the eyes of an AI-generated person. Look for things like unnatural movements, strange facial expressions, or inconsistent lighting, as well as choppy sentences, odd language, and unnatural word emphasis. Other telltale signs include unrealistic mouth movements, blinking patterns, and unnatural looking body parts. As deepfake technology improves, the subtle inconsistencies that might give away a fake video become harder to spot, making security testing, monitoring, and dedicated detection tools essential for identifying manipulated content. 
• Educate yourself about deepfakes. The more you know about deepfakes, the better equipped you’ll be to spot them and protect yourself from them. As a fast-changing phenomenon, keeping up to date with the latest developments can help you stay vigilant. You don’t need to become an expert, but you should be following the news about deepfakes as it will help you recognize suspicious content as this technology continues to evolve. 
• Invest in deepfake protection. This includes security testing, monitoring, and detection of deepfakes powered by key technologies to stay ahead of evolving deepfake threats that could impact customer contact centers, business video conferences, and other critical points of communication.  

The increasing use of deepfake technology by cybercriminals to orchestrate highly targeted attacks demonstrates the sophisticated measures they are willing to take to deceive their victims. To mitigate these risks, organizations need to adopt robust solutions to detect and protect against deepfakes. The financial burden associated with rebuilding an organization’s reputation and regaining customer trust after a successful deepfake attack significantly surpasses the costs of implementing robust cybersecurity protocols ahead of time. 

Ultimately, deepfake technology is a rapidly growing threat that needs to be taken seriously and prepared for by businesses and the public alike. This requires a mindset shift when it comes to how we think about the content we consume online and how we communicate digitally.