How Deepfakes Impact Cybersecurity

There’s a pretty good chance that the shocking rate at which AI is advancing is out-pacing your cyber security training, policies and maybe even technologies. Have you addressed the use of AI and deep fakes in your cyber security policies? In a recent and alarming development that seems to have leapt straight from the pages of a science fiction novel, a Hong Kong based finance worker at a multinational firm was defrauded of $25 million, falling victim to an elaborate scam that employed deepfake technology to impersonate the company's CFO. This incident, which unfolded during a video conference call, marks a disturbing milestone in the intersection of cybercrime and AI, underscoring the urgent imperative for companies to bolster their cybersecurity frameworks, particularly against the backdrop of deepfake technology. The mechanics of the scam were deceptively simple yet devastatingly effective. The finance employee was lured into a video call with several participants, believed to be colleagues and the CFO, only to discover later that each participant was a digital fabrication. The deepfake avatars, mirroring the appearance and voice of real company personnel, instructed the employee to initiate a "secret transaction", leading to the unauthorised transfer of $25.6 million. This incident is not an isolated event but rather a harbinger of the potential threats posed by AI-driven disinformation and fraud. The use of deepfake technology to bypass facial recognition software, impersonate individuals for fraudulent purposes, and undermine the integrity of personal and corporate identities presents a clear and present danger. The case in Hong Kong, where fraudsters successfully manipulated digital identities to orchestrate financial theft, exemplifies the sophistication of contemporary cybercrime. The implications of this event extend far beyond the immediate financial loss. It serves as a stark reminder of the vulnerabilities inherent in digital communication platforms and the necessity for robust verification processes. The reliance on video conferencing and digital communication, accelerated by the global pandemic, has exposed systemic weaknesses ripe for exploitation. In response to this escalating threat, it is incumbent upon companies to adopt comprehensive cybersecurity strategies that address the unique challenges posed by deepfake technology. This includes implementing advanced authentication protocols, raising awareness and training employees on the potential risks of deepfakes, and deploying AI-driven security measures capable of detecting and neutralising synthetic media. As AI output become increasingly indistinguishable from reality, the line between authentic and artificial communication will blur, challenging individuals and organisations to navigate a new frontier of digital authenticity. It compels a reevaluation of the assumptions underpinning digital trust and identity verification, urging a proactive approach to cyber defence.

AI PR Nightmares Part 2: When AI Clones Voices, Faces, and Authority. What Happened: Last week, a sophisticated AI-driven impersonation targeted White House Chief of Staff Susie Wiles. An unknown actor, using advanced AI-generated voice cloning, began contacting high-profile Republicans and business leaders, posing as Wiles. The impersonator requested sensitive information, including lists of potential presidential pardon candidates and even cash transfers. The messages were convincing enough that some recipients engaged before realizing the deception. Wiles’ personal cellphone contacts were reportedly compromised, giving the impersonator access to a network of influential individuals. This incident underscores a huge growing threat: AI-generated deepfakes are becoming increasingly realistic and accessible, enabling malicious actors to impersonate individuals with frightening accuracy. From cloned voices to authentic looking fabricated videos, the potential for misuse spans politics, finance, and way beyond. And it needs your attention now. 🔍 The Implications for PR and Issues Management: As AI-generated impersonations become more prevalent, organizations must proactively address the associated risks as part of their ongoing crisis planning. Here are key considerations: 1. Implement New Verification Protocols: Establish multi-factor authentication for communications, especially those involving sensitive requests. Encourage stakeholders to verify unusual requests through secondary channels. 2. Educate Constituents: Conduct training sessions to raise awareness about deepfake technologies and the signs of AI-generated impersonations. An informed network is a critical defense. 3. Develop a Deepfakes Crisis Plan: Prepare for potential deepfake incidents with a clear action plan, including communication strategies to address stakeholders and the public promptly. 4. Monitor Digital Channels: Utilize your monitoring tools to detect unauthorized use of your organization’s or executives’ likenesses online. Early detection and action can mitigate damage. 5. Collaborate with Authorities: In the event of an impersonation, work closely with law enforcement and cybersecurity experts to investigate and respond effectively. ———————————————————— The rise of AI-driven impersonations is not a distant threat, it’s a current reality and only going to get worse as the tech becomes more sophisticated. If you want to think and talk more about how to prepare for this and other AI related PR and issues management topics, follow along here with my series or DM if I can help your organization prepare or respond.

Deepfakes have crossed the line from curiosity to weapon. In a recent talk, Alexandru Catalin Cosoi, Chief Security Strategist at Bitdefender, outlined how they’re now driving three major types of fraud: ⚠️ Romance & investment scams - synthetic faces and voices used to build emotional trust. ⚠️ Business email compromise - like the Hong Kong case where employees wired $25 million during a fake video call with “executives.” ⚠️ Family distress scams - cloned voices pretending to be loved ones in trouble. Even astrophysicist Neil deGrasse Tyson proved how dangerous this can be. He shared a deepfake of himself “admitting” the Earth is flat, and thousands believed it before realizing it was fake. That’s the problem. We’re entering an era where trust itself is under attack. The real fight is psychological. That’s why I created Heart OSINT, to help people spot emotional manipulation, digital deception, and the subtle tactics that hijack trust. Because in the age of synthetic media, truth needs defenders. Human ones. #Cybersecurity #Deepfakes #AI #Disinformation #DigitalTrust #HeartOSINT

Deepfake Dominance in Cybercrime. We’ve crossed a tipping point: 40% of phishing campaigns are now AI-powered. Threat actors are extracting as much as $81,000 from a single victim using deepfake-enhanced tactics. Emails, calls, and even video conferences can now be convincingly AI-generated. This means traditional “spot the red flag” awareness training is no longer enough. Trusting your eyes or ears alone is no longer safe in a world where fraudsters can impersonate anyone. Zero Trust must extend to human identity verification. Confirm unexpected requests for money, credentials, or sensitive data through an out-of-band channel. Layer your controls. MFA, identity verification callbacks, and vendor authentication into daily workflows. Reinforce to employees that hesitation and validation are strengths, not weaknesses. At AdvisorDefense, we’re preparing RIAs for a reality where cybercrime isn’t just about malware, it’s about manipulation. If 40% of phishing is already AI-driven, the question is: how will your firm adapt before the other 60% gets there too? #AdvisorDefense #RIA #Cybersecurity #ZeroTrust

In 2025, we watched synthetic media transition from an emerging threat to an everyday operational reality. My prediction and contribution to #BigIdeas2026 is that we will witness the complete erosion of implicit trust in digital communications. All of them. The old cybersecurity maxim "trust but verify" will not only flip entirely, but sow complete distrust between even trusted colleagues, peers, and organizations. Because of the prevalence, advancement, and democratization of deepfake creation and dissemination, if you cannot verify something instantly, you cannot trust it at all. This isn't particularly farfetched, especially as we're already seeing the signals of this shift with persistent, widespread, and damaging attacks on the highest level in enterprise and government settings. What was once limited to viral clips, mangled speech, and highly latent responses is now happening realistically, convincingly, and in real time where it hurts most. Real-time voice cloning was used in 2025 to impersonate people at the highest level of business and government, bypassing traditional verification methods in the process, forcing said agencies to actually take security seriously. Job candidates interviewed and hired under false pretenses using deepfake overlays, forcing some companies to fly out every new candidate for onboarding to prove they exist. Even the KYC systems that global finance relies on are being fooled by synthetic identities after billions of dollars in losses this year alone. Thus, by 2026, the question won't be "Is this content fake?" It will be "Can this interaction be proven real?" And it won't just be businesses or officials asking this, but your loved ones at every step of the way. The prevalence of deepfakes will cause this fundamental change in how we operate — as businesses and as people. The organizations and individuals that thrive and return to some semblance of normalcy next year will be the ones that build resilience against these deceptions. Everyone else will undoubtedly and unfortunately face the grim reality of the situation. I don't think this is a forever problem. In fact, I know it's not. There are solutions — not just Reality Defender, mind you — that exist and will grow in size, scope, and reach to turn back the clock and make people believe in what they hear or see again. I just feel, based on the state of the world and of AI use and abuse, that 2026 is a "growing pains" year, of sorts, and one where hopefully we as a world learn that it's time to turn back the clock and get to where truth and trust used to be. You can read more of my predictions for 2026 and beyond below. https://lnkd.in/dj4gNwMb

The FBI recently issued a stark warning: AI-generated voice deepfakes are now being used in highly targeted vishing attacks against senior officials and executives. Cybercriminals are combining deepfake audio with smishing (SMS phishing) to convincingly impersonate trusted contacts, tricking victims into sharing sensitive information or transferring funds. This isn’t science fiction. It is happening today. Recent high-profile breaches, such as the Marks & Spencer ransomware attack via a third-party contractor, show how AI-powered social engineering is outpacing traditional defenses. Attackers no longer need to rely on generic phishing emails; they can craft personalized, real-time audio messages that sound just like your colleagues or leaders. How can you protect yourself and your organization? - Pause Before You Act: If you receive an urgent call or message (even if the voice sounds familiar) take a moment to verify the request through a separate communication channel. - Don’t Trust Caller ID Alone: Attackers can spoof phone numbers and voices. Always confirm sensitive requests, especially those involving money or credentials. - Educate and Train: Regularly update your team on the latest social engineering tactics. If your organization is highly targeted, simulated phishing and vishing exercises can help build a culture of skepticism and vigilance. - Use Multi-Factor Authentication (MFA): Even if attackers gain some information, MFA adds an extra layer of protection. - Report Suspicious Activity: Encourage a “see something, say something” culture. Quick reporting can prevent a single incident from escalating into a major breach. AI is transforming the cyber threat landscape. Staying informed, alert, and proactive is our best defense. #Cybersecurity #AI #Deepfakes #SocialEngineering #Vishing #Infosec #Leadership #SecurityAwareness

Can you tell which image is AI-generated? Plot twist… They both are. It’s now becoming normal to scroll past images that look authentic and not think twice about it. If an image can look this real, imagine how convincing social engineering attempts can become when visual cues are no longer reliable. And the impact is already here: ➤ 60% of consumers have encountered a deepfake video within the last year(Jumio) ➤ For organizations with significant fraud exposure ($1M+ losses), deepfakes hit 4 out of 10 companies (Regula) ➤ Human detection of deepfake images averages 62% accuracy, and human subjects identify high-quality deepfake videos only 24.5% of the time (IEEE) ➤ 32% of leaders have no confidence their employees would be able to recognize deepfake fraud attempts on their businesses (Business.com)  ➤ More than half of leaders say their employees haven't had any training on identifying or addressing deepfake attacks (Business.com) Attackers can now fabricate “evidence”, impersonate executives with near-perfect accuracy, and manipulate emotions at scale so we need to be working towards a security culture that builds spider-senses, critical thinking and threat awareness.

$25.6 million lost in 30 minutes. The CFO was fake. The Zoom call was real. That’s not a movie script. It’s 2025 reality. At Arup, a finance professional wired $25.6M after a video call with what he thought was his CFO and colleagues. They were all deepfakes. And Arup isn’t alone. Ferrari recently faced a real-time voice clone of its CEO, Benedetto Vigna, used in an attempted acquisition scam. The impersonation was so convincing it almost worked—until an executive challenged the fake CEO with a question only the real one could answer. I’ve spent over 25 years in computer forensics and cybersecurity, and I can tell you this: AI-powered deepfake scams are now on the list of the most dangerous, trust-shattering threats enterprises face. The Escalating Reality of Executive Deepfakes: • WSJ (Aug 2025): Fraudsters are spoofing CEOs’ voices and faces in real time. • In Q1 2025, businesses lost $200M+ to executive deepfakes. By mid-year, losses hit $410M. • U.S. projections: $40B in AI fraud losses by 2027. • 51% of cybersecurity professionals report their companies have already been targeted. Has your company’s board ever discussed this threat? (Most haven’t.) *Why Deepfakes Are Different* Traditional phishing relies on red flags: misspellings, bad links, odd domains. Deepfakes weaponize trust itself: • A “CEO” answering you live on Zoom. • A “CFO” giving urgent instructions. • Realistic tone, cadence, and facial expressions. DeepStrike reports a 900% increase in attack volume YoY. ID fraud using deepfakes surged 3,000% in 2023. The Cost of Inaction: • Avg loss per incident: $500K • Major enterprise events: $25M+ • Cumulative losses since 2019: nearly $900M (+400% in just 18 months) But the biggest loss isn’t money—it’s trust in leadership communication. If employees can’t trust a CEO’s face or voice, every critical decision slows—or worse, gets manipulated. What Boards Must Do Now: 1. Verification First – Multi-channel confirmation for sensitive actions, no matter how urgent. 2. Deploy Detection – AI tools that flag anomalies in audio and video. 3. Board & Finance Training – Equip teams to challenge requests that feel even slightly off. 4. Zero-Trust Communication – Treat executive voice and video as potentially compromised. *Closing Perspective* At Mandiant Labs, I learned one lesson: attackers don’t wait for regulation. They exploit gaps long before governments catch up. That’s what’s happening now. The EU AI Act and U.S. AI bills are slow. Deepfake attackers are moving at AI speed. The question is no longer “Could this happen to us?” It’s “When—and will we be ready?” Greg Jones Founder & Principal, PRIMSEC Advisor to enterprise leaders on organizational and cybersecurity strategy, insider threats, and AI-driven security architecture Your Turn: Is your board prepared for deepfake CEO fraud? Comment with your company’s first line of defense and share this post so your CFO and leadership team see it before it’s too late.

70% of new financial enrollments at some firms are deepfake attempts, according to Fortune's new reporting on Ant International. The fintech giant has identified over 150 distinct types of deepfake attacks targeting their platforms. This represents a fundamental shift in the threat landscape, as synthetic identity fraud is now outpacing legitimate customer acquisition at major financial institutions. As industries accelerate AI adoption for KYC and onboarding processes, we're seeing attackers leverage the same generative models to create convincing fake identities at scale. Synthetic voices bypass phone verification, AI-generated documents pass authentication checks, and deepfake video calls fool human reviewers. At Reality Defender, we're tracking similar patterns across enterprise clients. The challenge isn't slowing AI adoption, as many see the efficiency gains as too valuable. Instead, financial institutions need detection systems that match the sophistication of modern attacks. Real-time inference, adaptive models, and seamless integration are becoming core business requirements, not optional security add-ons. When synthetic customers outnumber real ones 7 to 3, deepfake detection moves from cybersecurity nice-to-have to fundamental business infrastructure. https://lnkd.in/daSD7v-r