We all know about phishing by now, right? It’s been around for decades, and is still the most common way to hack an organization. But in recent years, phishing has shapeshifted into a more nefarious type of cybercrime using AI-fueled technology: deepfakes.
What is a deepfake?
How does deepfake phishing work?
Email or messages: Deepfakes can make phishing emails even trickier to spot because cybercriminals can personalize messages to make identities seem plausible, such as by including fake LinkedIn profiles of CEOs.
Video calls: An attacker can use a video deepfake over a Zoom call to convince victims to share confidential information, or carry out unauthorized financial transactions.
Voice Messages: With current AI capabilities, a person’s voice can be cloned with a 3-second clip. These deepfakes can be used to leave voicemail messages or to have a live conversation, further blurring the lines between reality and deception.
So, what is your best defense against falling for a deepfake?
While there are a number of startups working on technology that can detect AI-generated content, at this point, the best defense against a deepfake hoax is critical thinking and good old human intuition.
According to Forbes, “the success and effectiveness of deepfake phishing lies in its ability to exploit human trust and gullibility.” To protect yourself, get into the habit of questioning what you see and hear online, and develop a sixth sense hunch that kicks in when you spot something out of the ordinary.
This video Deepfakes: How to Spot Them also suggests that, similar to identifying phishing attempts, it’s helpful to ask yourself these questions when you see something dubious online, especially before you act on it or share it:
Who is presenting this information? Is it a TikTok video whose source you can’t verify, or a trusted news organization?
What is being said or shown? Is the information shocking? Does it seem too good to be true?
Where is the information coming from? Can you track down where it was first posted?
When was this information recorded? Can you verify it?
Why is this information being shown? Could there be an ulterior motive?
How do I know this is real?
October is National Cybersecurity Awareness Month, an annual collaborative effort between government and industry to ensure we have the resources you need to maintain your security online. Throughout October, we’ll be sending you tips on protecting your information and avoiding malicious attempts to extract your personal data. Visit its.weill.cornell.edu/cybersecuritymonth for more info.
Sources: