Phishing works so well that cybercriminals don't need deepfakes

(Image credit: Shutterstock / meamorworks)

Scammers may never need to use deepfakes at scale because there are other, more efficient methods to trick people into giving away personal information and payment data, according to John Shier, senior security adviser for cybersecurity firm Sophos. 

Speaking to The Register, Shier said deepfakes aren’t that popular among scammers, largely because they aren’t necessary.

"The thing with deepfakes is that we aren't seeing a lot of it," he said. "People will give up info if you just ask nicely."

Deepfakes in the future

In simple terms, deepfakes are videos that use artificial intelligence to generate authentic-looking videos of people saying things that they’ve in fact been coded to do by a programmer.

Common uses for the technology amongst scammers include identity theft. In 2018, researchers highlighting the dangers of deepfakes used the technology to steal the identity of former US President Barack Obama and spread a hoax across the internet.

Deepfakes might be overkill for some types of fraud, but Shier thinks romance scams (wherein a scammer becomes close with their victim online to encourage them to send money their way) could leverage the tech well, as videos will lend inherent credibility to an online persona.

However, Shier believes that we’re not seeing the maximum impact that deepfakes may have on socially-engineered fraud in the future, and that we should still be wary of deepfakes being used in organized crime.

"AI experts make it sound like it is still a few years away from massive impact," he said. "In between, we will see well-resourced crime groups executing the next level of compromise to trick people into writing funds into accounts."

Shier’s not the only security researcher worried about deepfakes. Eric Horvitz, Microsoft’s Chief Science Officer, discussed the idea of advanced deepfake use within fraud instances in an academic research paper published last month, titled “On the horizon: Interactive and Compositional Deepfakes”.  

In the paper, Horvitz discusses his belief believes in the near future, we won’t be certain if the person we’re speaking to on a video call is real or an impostor, because deepfake technology has become easier to obtain and operate.


(Image credit: Pexels)

“Today, open source toolkits are available for producing deepfakes, lowering the bar on required expertise to generate and then distribute them at lightning speed across social media. We can expect deepfakes to become difficult to discriminate from reality.”

While deepfakes may not be quite so common at the moment, it’s clear that scammers are still committed to exploiting the technology to ensnare their victims over the internet.

The ubiquitous nature of the internet means that a victim could be anyone, and that’s the concern.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.