Deepfake is the use of photos, videos or audio to mimic/alter people’s faces, movements and voices using artificial intelligence techniques.
It is a combination of the words deep learning and fake.
It is also used to create fake emails, video calls or voice messages for phishing attacks.
It has been determined that deepfake phishing attacks, which have become a significant threat to individuals and organizations today, increased by 3000% in 2023.
To protect against deepfake phishing attacks;
- You should be skeptical about the authenticity of photo/video content and check the compatibility with the previous images, behaviors and reactions of the person you know.
- Care should be taken when sharing personal data (photos, videos, voice recordings), the people to be shared should be selected correctly and should not be shared on public internet environments.
- Video and audio interviews should be monitored for visual anomalies such as image/voice synchronization disorders, visual anomalies such as variable head and body movements, and unusual voice situations.
What is Deepfake? | Mustafa Çelen (mustafacelen.net)
2 Likes
Mustafa,
I think this is great to keep in mind - I have a related question on this – do you know what kind of software sits behind these capabilities? I’m wondering if as a related concern for a SAM program might be looking out for unauthorized software components that help do this on a company computer. The idea being that if an employee is misusing the company software for this sort of effort, how could SAM managers start to evaluate their environments to look for and certainly control, but also possibly blacklist some of this to reduce risk for their org.
James
2 Likes
Thanks for the comment and the brainstorming question, James. From a security point of view, blocking or allowing the installation of software that does this would be the subject of blacklist/whitelist management. From a SAM point of view, the software will need to be added to the master catalog so that it can be tracked in the SAM tool. I think that security teams will be the ones who can catch the misuse of software that is allowed to be installed for a legal use. Employee activity tracking-like applications can provide this. Perhaps the most definitive solution would be to completely block access to both the software and the site of the cloud-based solution on the company computer.
3 Likes