Please fill in the form below to subscribe to our blog

Is That Email Really from the CEO, or is It Deepfake Phishing?

May 21, 2024

Imagine getting an email from your bank or a trusted contact that requests sensitive details or urgent action. This email looks authentic, featuring familiar branding and language, and even includes a video to seem more credible. There are no obvious signs that it’s a phishing attempt. You might naturally assume it’s legitimate. Deepfake emails capitalize on the trust people have in recognizable senders and exploit their vulnerability to social engineering. Advances in technology have made it a snap for bad actors to create convincing deepfakes with ease, and they’re coming soon to an email inbox near you.

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Get Vonahi’s exclusive report on the top findings of thousands of penetration tests. GET THE REPORT>>

Deepfake phishing involves using sophisticated AI technology to create realistic but fraudulent audiovisual content to deceive individuals. Each of these examples shows how deepfakes can be tailored to fit different phishing schemes, making them increasingly dangerous as the technology becomes more accessible and convincing. 

  1. Voice spoofing of executives: Cybercriminals use AI to mimic the voice of a company executive, such as the CEO, and make phone calls or leave voicemails asking employees to transfer funds or provide confidential information.
  2. Video manipulation for fraudulent requests: Fake videos are created using deepfake technology showing a senior executive instructing staff to execute urgent financial transactions, disclose sensitive data or take other actions that could harm the company.
  3. Email spoofing with deepfake content: Phishers send emails that appear to be from trusted sources, embedding deepfake videos or audio files that purport to be from colleagues or superiors, requesting urgent actions like password resets or access to restricted areas.
  4. Fake news broadcasts: Deepfakes of public figures or government officials are used to create fake news videos that appear to make official announcements or declarations, which can be used to manipulate stock prices or political events.
  5. Impersonation in video calls: During what appears to be routine video calls, deepfake technology is used to impersonate a colleague or a key contact from a partner organization to extract sensitive information or influence company decisions.
  6. Social media impersonation: Creating deepfake videos of celebrities or public figures to post misleading information on social media, which could be used to scam fans or manipulate public opinion.
  7. Customer support scams: Scammers impersonate customer support agents using deepfake audio to sound like legitimate representatives, aiming to trick customers into handing over account details or making payments to fraudulent accounts.

Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>

A recent example of this is the disaster that recently befell a company in Hong Kong. The company recently lost $25 million to deepfake phishing after a worker in the finance department was taken in by a deepfake phishing scam. The attack started with email phishing, then evolved into an astonishing tale of deepfake phishing using a video call.

Here’s how the incident breaks down:

  • An employee received an email purporting to be from the company’s UK-based chief financial officer (CFO). 
  • The employee was initially suspicious of this email, which showed indications of phishing. 
  • Specifically, the message directed the employee to transfer $25 million to an offshore account, raising the employee’s suspicions that this might be a scam. 
  • After expressing his concerns, the employee was invited to a video call with the CFO to prove the transfer request was genuine.  
  • On the video call, the participants’ voices and faces seemed genuine, allaying the employee’s suspicions.
  • The employee then transfers the $25 million as directed. 
  • But the whole thing was a sophisticated scam, and the supposed video call was actually a deepfake. 

AI phishing represented by a robotic face behind several conversation bubbles

See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>

Deepfakes are relatively new in cybercrime contexts like Business Email Compromise (BEC), but they have quickly become a significant threat. In 2023, there was a tenfold increase in cybercrimes such as identity theft driven by deepfakes. The most significant growth in deepfake-driven attacks occurred in North America and the Asia-Pacific region in 2023, though substantial increases were noted globally.

Regions with the largest percentage of increase in deepfakes between 2022 and 2023

Region% increase in deepfake phishing
North America1740%
The Middle East and Africa450%
Latin America410%

Source: Infosecurity Magazine

Datto EDR’s Ransomware Rollback rolls data and systems back to their pre-attack state in minutes SEE HOW IT WORKS>>

To counter deepfake email phishing, a comprehensive strategy combining technological innovations and heightened user awareness is essential.

Advanced detection techniques: Deploying sophisticated email security systems that use artificial intelligence and machine learning can identify and halt deepfake emails before they reach recipients.

Employee training and awareness: Teaching employees about the risks associated with email phishing, particularly those involving deepfakes and training them to spot suspicious emails, can equip them to detect and report threats.

Email authentication protocols: Utilizing protocols like DMARC (Domain-based Message Authentication, Reporting, and Conformance) helps confirm the legitimacy of email senders and prevents domain spoofing.

Vigilance and verification: Encouraging recipients to confirm the authenticity of email communications through other means, such as phone calls or face-to-face discussions, can reduce the likelihood of succumbing to deepfake phishing scams.

As deepfake technology advances and becomes more widespread, the threat from deepfake-enabled phishing is expected to grow. By adopting robust technological defenses and fostering employee awareness, organizations can better protect themselves from the risks posed by deepfakes, ensuring safer email practices and defending against cyberthreats.

Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>

Kaseya’s Security Suite has the powerful tools that IT professionals need to mitigate cyber risk without breaking the bank. 

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.   

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.  

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.    

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.    

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).    

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.

See how our Security Suite can be put to work for you with a personalized demo.

  • Book a demo of BullPhish ID, Dark Web ID, RocketCyber Managed SOC andGraphus. BOOK IT>>
  • Book a demo of vPenTest BOOK IT>>
  • Book a demo pf Datto AV and Datto EDR BOOK IT>>