Impact of Deepfakes on Online Trust

The New Corporate Threat: Deepfakes That Even Experts Can't Detect Welcome to the new reality where AI doesn’t just generate content, it manufactures convincing lies. You’ve probably seen it: - A CEO announces a fake acquisition. - A politician "says" something they never did. - A voice note "from your boss" requests a fund transfer. It all looks real. But it’s not. It’s a deepfake AI-generated audio, video, or images designed to deceive. Why it matters: Deepfakes are no longer just internet tricks or entertainment. They’re now: - Financial fraud enablers (voice clones used to scam employees) - Corporate risk vectors (fake news impacting stock prices) - Political weapons (manipulated clips used to sway public opinion) - Personal threats (identity misuse, blackmail, defamation) How to spot a deepfake  Look for: - Unnatural blinking or awkward lip sync - Plastic skin or weird lighting - Robotic tone or emotionless speech - Out-of-character statements - No credible source backing the video If it feels off, it probably is. What you can do: - Pause before sharing - Use tools like Deep ware, Microsoft Video Authenticator, or Adobe Verify - Train your teams especially PR, legal, and finance - Push for content provenance in your organization In the GenAI era, trust is currency. Don’t spend it on content you didn’t verify. #artificialintelligence

Deepfakes have crossed the line from curiosity to weapon. In a recent talk, Alexandru Catalin Cosoi, Chief Security Strategist at Bitdefender, outlined how they’re now driving three major types of fraud: ⚠️ Romance & investment scams - synthetic faces and voices used to build emotional trust. ⚠️ Business email compromise - like the Hong Kong case where employees wired $25 million during a fake video call with “executives.” ⚠️ Family distress scams - cloned voices pretending to be loved ones in trouble. Even astrophysicist Neil deGrasse Tyson proved how dangerous this can be. He shared a deepfake of himself “admitting” the Earth is flat, and thousands believed it before realizing it was fake. That’s the problem. We’re entering an era where trust itself is under attack. The real fight is psychological. That’s why I created Heart OSINT, to help people spot emotional manipulation, digital deception, and the subtle tactics that hijack trust. Because in the age of synthetic media, truth needs defenders. Human ones. #Cybersecurity #Deepfakes #AI #Disinformation #DigitalTrust #HeartOSINT

We used to talk about “identity verification” like it was a solved problem. Not anymore. The recent Reality Defender 2025 threat overview shows how synthetic personas are slipping into the very systems we trust to confirm who someone is… from video interviews to onboarding to financial KYC checks. One demonstration in the report is especially telling: a fictional job candidate created in under ten minutes, polished enough to fool a recruiter on a live video call. The voice, the face, and the mannerisms were all engineered. All convincing. All false. We’re also seeing: - AI-generated résumés and work samples appearing across applicant pools; - Deepfake face-swapping during interviews; - Synthetic identities passing automated KYC checks; - Criminal and foreign actors infiltrating remote hiring pipelines to gain systems access. This goes beyond spotting a suspicious résumé. Today, identity itself has become a contested space. Most verification tools were built to answer the question, “Does this person match the documentation?” But now we need to ask a different question: “Is the person on my screen real?” That shift changes everything. It impacts insider threat programs, compliance workflows, fraud detection, and the expectations we place on teams who were never trained to evaluate synthetic humans. For leaders, part of the solution involves better technical tools. But it’s also understanding the new gaps between trust, identity, and authenticity. In this new synthetic era, we must design systems that assume attackers can mimic the visual indicators we used to rely on. And for each of us individually, it reinforces a principle that sits at the heart of Mind Sovereignty™: Critical thinking is now part of identity verification. Not instead of technology. Alongside it. How prepared is your organization for synthetic identity risk in hiring, onboarding, and other core functions? I’d love to hear what changes you’re already making to meet this challenge. #SyntheticIdentity #DeepFakes #DigitalTrust #MindSovereignty

Can you tell which image is AI-generated? Plot twist… They both are. It’s now becoming normal to scroll past images that look authentic and not think twice about it. If an image can look this real, imagine how convincing social engineering attempts can become when visual cues are no longer reliable. And the impact is already here: ➤ 60% of consumers have encountered a deepfake video within the last year(Jumio) ➤ For organizations with significant fraud exposure ($1M+ losses), deepfakes hit 4 out of 10 companies (Regula) ➤ Human detection of deepfake images averages 62% accuracy, and human subjects identify high-quality deepfake videos only 24.5% of the time (IEEE) ➤ 32% of leaders have no confidence their employees would be able to recognize deepfake fraud attempts on their businesses (Business.com)  ➤ More than half of leaders say their employees haven't had any training on identifying or addressing deepfake attacks (Business.com) Attackers can now fabricate “evidence”, impersonate executives with near-perfect accuracy, and manipulate emotions at scale so we need to be working towards a security culture that builds spider-senses, critical thinking and threat awareness.

A real face can be fake trust. You think seeing a real photo makes it safe. It actually makes you more vulnerable. I’ve seen attacks where nothing looked “fake”… Because nothing was. → Real employee photos copied from LinkedIn → Executive headshots reused in fake profiles → Event pictures turned into scam identities → Deepfake images used to build instant trust The image is real. The identity is not. Here’s where it gets dangerous: → A “recruiter” reaches out → steals credentials → A “CEO” asks for urgent payment → money gone → A “vendor” updates bank details → funds redirected → A “colleague” asks for MFA code → access lost No malware. No hacking tools. Just trust… weaponized. Why does this work so well? → People trust familiar faces → Visuals reduce suspicion → Profiles look polished and legitimate → Social proof lowers defenses Humans verify faces faster than facts. That’s the gap attackers exploit. Red flags most people miss: → New profile, senior title → Low connections but high authority claims → Reverse image shows different names → Strange job history gaps → Urgent financial requests Small signals. Big impact. What actually reduces risk: →Verify identity, not appearance → Always confirm payments via voice → Use DMARC, SPF, DKIM for email security → Train teams on impersonation tactics → Limit public exposure of key employees → Monitor brand and identity misuse Smart companies don’t trust what looks real. They verify what is real. If money or access is involved → slow down and double-check. Because one trusted image… can open the door to a very real breach. What’s one check your team always does before trusting a request? Most scams don’t break systems. They break assumptions. Agree? ➕Follow Inga S. for more cyber content.

$25.6 million lost in 30 minutes. The CFO was fake. The Zoom call was real. That’s not a movie script. It’s 2025 reality. At Arup, a finance professional wired $25.6M after a video call with what he thought was his CFO and colleagues. They were all deepfakes. And Arup isn’t alone. Ferrari recently faced a real-time voice clone of its CEO, Benedetto Vigna, used in an attempted acquisition scam. The impersonation was so convincing it almost worked—until an executive challenged the fake CEO with a question only the real one could answer. I’ve spent over 25 years in computer forensics and cybersecurity, and I can tell you this: AI-powered deepfake scams are now on the list of the most dangerous, trust-shattering threats enterprises face. The Escalating Reality of Executive Deepfakes: • WSJ (Aug 2025): Fraudsters are spoofing CEOs’ voices and faces in real time. • In Q1 2025, businesses lost $200M+ to executive deepfakes. By mid-year, losses hit $410M. • U.S. projections: $40B in AI fraud losses by 2027. • 51% of cybersecurity professionals report their companies have already been targeted. Has your company’s board ever discussed this threat? (Most haven’t.) *Why Deepfakes Are Different* Traditional phishing relies on red flags: misspellings, bad links, odd domains. Deepfakes weaponize trust itself: • A “CEO” answering you live on Zoom. • A “CFO” giving urgent instructions. • Realistic tone, cadence, and facial expressions. DeepStrike reports a 900% increase in attack volume YoY. ID fraud using deepfakes surged 3,000% in 2023. The Cost of Inaction: • Avg loss per incident: $500K • Major enterprise events: $25M+ • Cumulative losses since 2019: nearly $900M (+400% in just 18 months) But the biggest loss isn’t money—it’s trust in leadership communication. If employees can’t trust a CEO’s face or voice, every critical decision slows—or worse, gets manipulated. What Boards Must Do Now: 1. Verification First – Multi-channel confirmation for sensitive actions, no matter how urgent. 2. Deploy Detection – AI tools that flag anomalies in audio and video. 3. Board & Finance Training – Equip teams to challenge requests that feel even slightly off. 4. Zero-Trust Communication – Treat executive voice and video as potentially compromised. *Closing Perspective* At Mandiant Labs, I learned one lesson: attackers don’t wait for regulation. They exploit gaps long before governments catch up. That’s what’s happening now. The EU AI Act and U.S. AI bills are slow. Deepfake attackers are moving at AI speed. The question is no longer “Could this happen to us?” It’s “When—and will we be ready?” Greg Jones Founder & Principal, PRIMSEC Advisor to enterprise leaders on organizational and cybersecurity strategy, insider threats, and AI-driven security architecture Your Turn: Is your board prepared for deepfake CEO fraud? Comment with your company’s first line of defense and share this post so your CFO and leadership team see it before it’s too late.

A 15-second video of Tom Cruise and Brad Pitt fighting — generated from a 2-line prompt. Most people see innovation. I see the collapse of trust as a security control. We’ve officially entered a world where: • Video is no longer evidence • Voice is no longer identity • Seeing is no longer believing This is not a media problem. It’s a cybersecurity problem. And it changes the game in three ways: Social engineering becomes autonomous AI can now generate a CEO’s face, voice, and behavior in real time. Business Email Compromise is evolving into Business Video Compromise. Detection is losing When synthetic content is indistinguishable by default, detection becomes reactive and unreliable. You cannot “AI-detect” your way out of this. Identity becomes the primary attack surface Your executives, your brand, your employees — all can be cloned, scaled, and weaponized. The next billion-dollar fraud won’t use malware. It will use trust. The shift we need is fundamental: From “Do I believe this?” To “Can I verify this cryptographically?” CISOs who act now will redefine security architecture: • Zero Trust for human identity • Out-of-band verification for critical actions • Content provenance and signed communications • Synthetic attack simulations Because in the age of AI… Trust is no longer a given. It’s an engineered system. #CyberSecurity #AI #Deepfake #ZeroTrust #CISO #PrivateEquity #DigitalTrust #SecurityLeadership #RiskManagement

Great to feature in the Financial Times's new documentary on deepfakes with Melissa Heikkilä, who visited me in Cambridge for an in depth interview. We had a wide ranging conversation, but one key message I shared is that while the deepfake landscape has radically changed since 2017, some key dynamics have stayed the same. Yes, progress in realism, efficiency, and accessibility make today's deepfake landscape almost unrecognisable compared to eight years ago. Yet the dynamics of how harms are caused (deception, doubt, and degradation) and the commonly understood blueprint for how we should fight back remain largely unchanged. Particularly when it comes to detecting/spotting deepfakes, an adversarial/cat and mouse dynamic often unfolds as so: - New models and tools are released into the wild - Flaws in these models' outputs are identified and communicated/accounted for by detection companies, forensic experts, and society generally. - Knowledge of these flaws is made redundant and even harmful as they are trained out of new models/model iterations, often without us immediately noticing. The challenge is that as technical advances with deepfakes have accelerated, competing in this dynamic from the detection side has become increasingly fraught. As I said to Melissa, the everyday person cannot be expected to become (and shouldn't try to be!) a 'digital Sherlock', but our digital infrastructure is also not currently designed to do the heavy lifting of confident content authentication. If we're to avoid slipping even further behind, this digital infrastructure and how trust is securely mediated need fundamentally rethinking by businesses and governments. It certainly keeping me busy! Big thanks to Gillian Tett for kindly hosting us at King's College, Cambridge and to Thomas Hannen for putting together a great film (see comments for the full documentary).

Deepfake, Grok, and the global ethics crisis in AI When AI can fabricate bodies, mimic voices, ignore consents - the harm is engineered. 1️⃣ Consent ignored. Boundaries erased. Last week, Ashley St. Clair - public figure and mother of Elon Musk’s youngest son - says Grok, the AI built into X (formerly Twitter), generated sexually explicit deepfakes of her, including photos when she was a minor. She revoked consent. Grok acknowledged it. Then it kept going. After she spoke out, her ability to earn income on X was revoked. Musk’s response? A threat to seek full custody of their toddler. 2️⃣ A symbol of design failure Grok is one of many, since 2024 deepfakes are escalating globally: ▫️ Taylor Swift deepfakes flooded X ▫️ Teen girls targeted in AI-generated nudes across South Korea & Europe ▫️ President Biden's voice mimicked in robocalls before U.S. primaries ▫️ Crypto AI-generated audio scams of political leaders in Malta and India ➡️ When AI lacks ethics, the fallout is human. A forensic audit of 20k+ Grok-generated images revealed the scale of harm: 🔹 53% showed individuals in minimal clothing 🔹 81% of those were women 🔹 2% impact minors ➡️ A system without ethics now under legal scrutiny worldwide. 3️⃣ Governments are drawing red lines on AI deepfakes: 💠 EU: Non-consensual sexual deepfakes must be criminalised by Jun 27 💠 UK: Ofcom launches investigation into X under the Online Safety Act 💠 Spain: Draft law bans unauthorized use of AI-generated images & voices 💠 Malta: Criminal penalties for AI-enabled harassment and deepfake abuse 💠 Indonesia & Malaysia: Blocks/bans Grok, citing risks to women & children 💠 Canada: Declares deepfake abuse a form of “violence” & drafts legislation 💠 Australia: Uses removal powers under existing online safety laws 4️⃣ Ethical standards are emerging, slowly The Council of Europe  is drafting the world’s first binding AI treaty with safeguards against deception and abuse. OECD - OCDE, UNESCO, the G7 call for: 🔸 Accountability for harmful design 🔸 Consent and dignity online 🔸 Transparency in AI media ➡️ None are binding. No AI model must assess deepfake risks. 5️⃣ This is not just an AI crisis. It’s a moral one. Grok has demonstrated that an AI product can: ▪️ Undress a child in simulation ▪️ Confirm it lacks consent ▪️ Continue generating content anyway all within milliseconds, and without external intervention. ➡️ This a system working as designed and ethically abandoned. Final thoughts AI ethics means stopping systems that predictably harm and are built to evade responsibility. Grok exposed the truth: AI can generate abuse, even when told to stop. The global tide is shifting toward prohibition. The moral cost of delay is rising fast. #AI #GenerativeAI #AIGovernance #Deepfakes #AIEthics

A recent case involving an imposter posing as Secretary of State Marco Rubio using AI-generated voice and Signal messaging targeted high-level officials. The implications for corporate America are profound. If executive voices can be convincingly replicated, any urgent request—whether for wire transfers, credentials, or strategic information—can be faked. Messaging apps, even encrypted ones, offer no protection if authentication relies solely on voice or display name. Every organization must revisit its verification protocols. Sensitive requests should always be confirmed through known, trusted channels—not just voice or text. Employees need to be trained to spot signs of AI-driven deception, and leadership should establish a clear process for escalating suspected impersonation attempts. This isn’t just about security—it’s about protecting your people, your reputation, and your business continuity. In today’s threat landscape, trust must be earned through rigor—not assumed based on what we hear. #DeepfakeThreat #DataIntegrity #ExecutiveProtection https://lnkd.in/gKJHUfkv