Deepfakes Are Attacking the Bottom Line: How Businesses Can Fight Back

A deepfake is AI-generated media (video, audio, or images) that convincingly represents someone’s face, voice, or actions to make them appear authentic, even though the subject was never actually involved. Below is an example of a deepfake scenario:

A finance associate receives a late-afternoon telephone call. On the other end is their CEO, the voice unmistakable, the tone urgent. A critical payment must be wired within the hour to secure a major deal. The associate does not hesitate; after all, it sounds exactly like the boss. Only later did they discover the truth: the voice was never legitimate. The voice of the CEO was a deepfake engineered to exploit trust and execute a fraudulent wire transfer.

An emerging cyber threat

Deepfakes are a growing threat for organizations large and small, with over 10% of companies facing deepfake threats in 2024[1]. This technology has the ability to wreak havoc on security and trust. Impersonation of leaders and executive officers to partners, clients, and affiliates can result in harm to relationships and to profits.

A recent study revealed that four out of five companies do not have technology or techniques to defend against deepfakes_[1]. How can an organization protect its brand, assets, and people from deepfakes and other manipulated multimedia? Focusing on detection, authentication, and employee awareness.

Deepfake detection tools are a rapidly developing market. Google, Microsoft, Intel, the Department of Defense, and many more organizations are investing in deepfake detection capabilities. The challenge is that as soon as a detection method is established and communicated, deepfake fraud communities work to overcome them. Until a universal set of authentication standards are developed and widely adopted, detection methods such as frame-by-frame analysis, blending, and speed analysis will remain a necessity for organizations to identify and flag manipulated media.

Reduce your risk

While no universal standards exist, an organization can reduce the risk of fraud due to deepfakes by implementing authentication methods such as digital watermarking and digital signatures, then communicating to key external partners and clients of these indicators of authenticity. Authentication can also be implemented as a prior step before virtual meetings to verify the authenticity of the members. Microsoft, Zoom, and Slack all have built in features to accomplish this.

Finally, the most important and critical step in protection against deepfakes is employee awareness. No amount of security technology can account for human error. There are many clues to determine if an image, video, or audio is faked. The following listing was pulled directly from the Department of Homeland Security and gives great coverage for most deepfake media.

Image or Video:

• Blurring evident in the face but not elsewhere in the image or video (or vice-versa)
• A change of skin tone near the edge of the face
• Double chins, double eyebrows, or double edges to the face
• The face gets blurry when it is partially obscured by a hand or another object
• Lower-quality sections throughout the same video
• Box-like shapes and cropped effects around the mouth, eyes, and neck
• Blinking (or lack thereof) or movements that are not natural
• Changes in the background and/or lighting
• Contextual clues – Is the background scene consistent with the foreground and subject?

Audio:

• Choppy sentences
• Varying tone inflection in speech
• Phrasing – would the speaker say it that way?
• Context of message – Is it relevant to a recent discussion or can they answer related questions
• Contextual clues – Are background sounds consistent with the speaker’s presumed location?

Deepfakes are no longer a science-fiction concern, they are here, and here to stay. As the threat landscape grows for this new security risk, you and your organization can mitigate the threat by investing in detection technologies, implementing authentication standards, and cultivating a culture of employee awareness. In a world where seeing and hearing is no longer believing, trust must be built not just on perception, but on verification.

Expertise from trusted professionals

UHY’s Technology, Risk, and Compliance team can assist your company with mitigating the risk of deepfake fraud. Below are a few areas of opportunity to consider:

• Evaluate and update policies and procedures to ensure independent validation of all requests for transfers, dispersions, or updates to financial institutions.
• Conduct specific training of personnel on how to detect deepfakes, phishing, vishing, and social engineering.
• Recommend solutions for detecting and validating deepfakes

Fill out the form on this page to connect with our Technology, Risk, and Compliance Practice.