REQUEST A TRIAL
back to blog

Deepfake frauds are on the increase

Deepfake frauds are on the increase

What can organisations do to prevent employees being duped into parting with sensitive information, or cash?  Impersonation-based attacks, also known as deepfakes, are becoming ever more sophisticated, and industry commentators expect them to increase dramatically in the coming year. A recent BBC article cites an increase of 3000% in deepfakes during the past two years.

Who are the targets?  Everyone

The story of the unfortunate finance worker in a multinational company that was tricked into paying out $25 million after a video call with a deepfake chief financial officer is well documented. Not only was the CFO on the call a deepfake, so were all the other participants, all of whom were known to the finance worker. While initially the worker was suspicious, they put aside their doubts after the video call because it was so realistic, and human brains are very strongly wired to accept visual information.

A growing number of FTSE companies have been subjected to convincing impersonation-based attacks attempting fraud, with five attacks on FTSE 100 and one on a FTSE 250 companies reported: https://www.cityam.com/ai-deepfake-scams-hit-ftse-100-bosses/ reported, this is probably just the tip of the iceberg.

Deepfakes are not just a problem for finance, they are an issue for all sectors.  In showbusiness, for example, deepfake fraud has reportedly resulted losses of $200million. And there are plenty of reports of deepfakes being planted on social media to disrupt or influence political elections.

Hackers are already very experienced in social engineering, and when combined with the growth of Artificial Intelligence (AI), impersonation-based attacks using deepfakes will continue to become more prevalent and more believable. As AI continues to gather momentum so the barrier to entry is lowered meaning that relatively unskilled threat actors such as novice cyber criminals, hackers-for-hire and hacktivists are able to carry out more effective attacks.

So, what can organisations do to protect themselves and their employees?

Tackling Deepfakes and other Impersonation-based attacks

Increasingly, authenticating the source of news, content, and all manner of communications is critical. Being able to trust that you are communicating with the genuine person (and not an impostor) will be a key to safety online, and for any type of transaction, whether that is taking financial or legal instructions from colleagues or customers, sharing commercially sensitive information with third-parties in the supply chain, or discussing matters of state with trusted advisors and co-workers.

 

Identity-based Encryption will help to mitigate the risk

Technology is already available to protect sensitive business communications via voice, instant messaging and video conferencing. Secure communication solutions that use identity-based encryption help organisations to verify that only approved participants can join a group call or chat group, meaning that everyone on a video conference call (for example) has been authenticated. This type of security feature is NOT provided by mass-adoption communication platforms, where very often all that it needed to set up an account is a mobile phone number or email address, and those are very easily spoofed, hacked or compromised (e.g. by SIM-swapping).  A point demonstrated by the recent spate of warnings from the Dutch Government and Germany’s domestic intelligence agency about Signal and WhatsApp account hijacking incidents.

 

The benefits of Secure Communications

Built for purpose, secure by design and default communications platforms, such as those provided by Armour, offer several key differentiators that mass-adoption and free to use alternatives cannot.

  • By Invitation only – keep control of users because only authenticated, known people can register on the app and join a conversation. This also avoids mistaken
  • Identity-based encryption – ensures you can be sure who you are talking to.
  • Remote Wipe – messages and associated attachments can be deleted remotely if the device is lost, stolen or compromised.
  • Built-in protection against ‘jail-broken devices’ or devices compromised by malware to steal information, even when running on BYOD devices.
  • Accounts can be deleted immediately a person leaves the organisation so that they are unable to take valuable and sensitive information with them.
  • Protecting against other apps or AI accessing the microphone at the time of a call preventing eavesdropping (accidental or malicious).
  • All data is encrypted and stored within the Armour app, preventing malware from hoovering up sensitive data

 

Data Sovereignty

For those protecting the most sensitive of conversations, such as state secrets, military movements, or government negotiations, there are highly secure, on-premises communications solutions that ensure data sovereignty. By running an Armour on-premises solution organisations significantly reduce the potential attack vectors, as well as keeping total control of every aspect of their sensitive communications, ensuring that unprotected data never leaves sovereign shores. Importantly, don’t confuse Data Sovereignty with Data Residency, read our blog to understand the difference.

However, this isn’t just for government and military, every organisation has important information that they cannot allow to fall into the wrong hands, for example, price lists, customer details, product formulae, legal or financial instructions from clients, clinical or pharmaceutical research findings, patient records, amongst many other things. All organisations can benefit from using a secure communications platform to protect corporate assets and intellectual property.

Whether deployed on-premises (on in-house servers), or as a secure hosted solution, an enterprise-grade secure comms platform that covers voice calls, instant messaging and video conferencing ensures UK data sovereignty, i.e. organisational data stays on sovereign soil (something that Microsoft has admitted it can’t guarantee, even for UK Government users) and data separation (no mixing of data, be that of different classifications of data, or business and personal).

Secure Communications – What should you be looking for?

As the proliferation of deepfake/impersonation-based attacks demonstrates all too vividly, organisations of every shape and size in both public and commercial sectors need to start taking the cyber security of their communications seriously.  This means banning the use of unsanctioned shadow IT for business purposes.  When a built-for-purpose, Secure by Design secure comms platform can provide a slick user experience to rival any consumer app, plus the ability to manage and control organisational data, there is really no need to use consumer-grade apps.

To find out what you should be looking for, read our Buyer’s Guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/

 

 

 

 

 

  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
  • Deepfake frauds are on the increase
Armour Comms
GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.