Safer Web

What is deepfake, and how do cybercriminals use it?

Dawna Roberts

Oct 13, 20235 min read

What is deepfake and how do cybercriminals use it? Header image

Most people have heard the term “deepfake” by now, but many don’t know what it means or how deepfakes are used. Unfortunately, cybercriminals have added deepfake videos, images, and audio to their rapidly growing arsenal with the goal of tricking unsuspecting users. In this guide, we’ll examine what a deepfake is, how it works, the signs of a deepfake, and how cybercriminals use deepfakes. 

What is deepfake? The meaning and how it works

A deepfake is a piece of faked content (photo/video/audio clip) someone creates using sophisticated AI. The goal is to make the media in question look and sound completely legitimate.

Deepfaked audio can use AI to create a convincing fabrication of an individual’s voice, making it sound like they said something they never said. A deepfake video may feature a famous person like a politician, movie star, or celebrity doing something they never did.

Creators of deepfake audio and video use existing pieces of content to help AI learn, allowing it to piece together something unique. These videos are incredibly realistic, and often, the public mistakes them for the real thing.

Many deepfakes are harmless and used as hoaxes, but some can be very damaging and unavoidably spread fake news. For example, in 2022, hackers released a fake video of Ukrainian President Volodymyr Zelenskyy urging his troops to surrender. 

Deepfake creators use two AI algorithms when creating content: a generator and a discriminator. The first creates the content, and the second refines it to make it almost indistinguishable from the original. The generator creates data that the AI learns from as it refines the image. This process is continued until the image, audio, or video is perfected.

Recently, companies have been using deepfake technology for relatively harmless reasons, such as customer support, video games, and entertainment. But criminals have begun to use them for other, more nefarious purposes.

How can you tell a deepfake video or photo from a real one?

Some deepfakes are so convincing that it’s almost impossible to distinguish them from the real thing. That said, you can sometimes tell a deepfake photo or video from a real one if you know where to look. 

The following are some of the signs to watch out to help you spot a deepfake.

1. Unnatural lighting or other elements

When AI generates photos and videos, it tends to get lighting effects wrong, resulting in an unnatural look. AI is also notorious for mangling fingers and hands. You may also notice blurred features, unnatural skin tones, and parts that appear “melted” into the image. 

2. Unrealistic setting

Consider the image as a whole. Does the setting fit the person featured? Often, AI replaces many of the faces but not the environment and other details, so things don’t quite match up. For example, a normally busy city street with very few pedestrians might be a clue that the photo or video is faked.

3. Background details

This one goes hand in hand with the setting. AI uses a compilation of features to sew together something fabricated, and that doesn’t always result in a convincing background. If the background doesn’t fit the theme, be wary. Look closely at the background of the image and scan for anything that looks “off.”

4. An unverified source

Before you jump to any conclusions, ask yourself where the video you’re watching came from. Check the news and see if it matches up with the latest story. Typically, deepfakes are found online and are less likely to be featured on popular news outlets and publications that stake their reputation on the quality of their content. 

5. Eye contact and out-of-sync audio

Other signs of a deepfake video are unnatural eye movements and sometimes out-of-sync audio. The result is a clip that looks strangely unnatural, or like it has been dubbed, a bit like a foreign film. 

As an added tip, you can also use AI sniffing software to detect deepfakes. For example, while AI can make a person’s front-facing image look convincing, it has difficulty with varying angles. If you submit someone’s profile picture to an AI sniffing software and compare it to a deepfake, it can pick out the illegitimate one. 

How deepfakes are used in cyberattacks and scams

Deepfake scams and attacks.
Image by Pixabay

Cybercriminals mainly use deepfakes to deceive individuals and companies for personal or financial gain. They can use deepfakes as propaganda to sway public opinion on certain subjects, and some experts are worried that dangerous groups may be using deepfakes to affect political outcomes.

Overall, cybercriminals manipulate digital media for many reasons, but some of the most popular attacks and scams include the following.

1. Identity theft

Threat actors can use deepfake videos and audio clips to impersonate company or financial institution executives to steal large sums of money. In 2020, cybercriminals stole $35 million from a Hong Kong bank using deepfake technology. In another instance, scammers used a deepfake hologram of a cryptocurrency CCO on a Zoom call, tricking executives into providing confidential information. 

One hacker even used a deepfake to gain employment as a tech support team member at a large company. The hacker then used their position to steal confidential information and gain unrestricted access to the company’s network. 

2. Stealing charitable donations

Even charitable giving has been leveraged by cybercriminals using deepfake technology. One recent attack utilized fake voicemails from a CEO urging employees, vendors, and suppliers to donate to a cause that turned out to be fake. 

3. Fooling authentication

Now that multi-factor authentication has become more common, cybercriminals have stepped up their game. Hackers are now using deepfake audio and video clips to gain access to locked apps, accounts, and resources. Bad actors will target facial and voice recognition with very realistic fakes that allow them to breach secure accounts. 

4. Phishing attacks

Scammers also use deepfake content in voicemail, email, and SMS phishing attacks to trick employees, clients, and others into making unauthorized payments or disclosing personal information. This data may then be used to access accounts and steal information or money. 

5. Shallowfakes

Some criminals don’t have access to the kind of AI tools required to create high-quality deepfakes. But lower-quality derivatives, also known as “shallowfakes,” sometimes work just as well. A scammer may simply slow down an audio recording to make it seem like the speaker is intoxicated. Or if the objective is to insinuate an erratic or violent nature, scammers may speed up a real video to distort the content. 

Cybercriminals are advancing their knowledge and technical expertise in creating deepfakes, but cybersecurity experts are also stepping up their game. As the two go toe-to-toe, average users must educate themselves on the dangers of deepfakes, verify content before taking any action, and rely on common sense, safety, and security first. 

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.