Are you able to imagine your ears? More and more, the reply is not any. Right here’s what’s at stake for your corporation, and beat the deepfakers.
23 Feb 2026
•
,
4 min. learn
There was a time once we may imagine every thing we noticed and heard. Sadly, these days are most likely lengthy gone. Generative AI (GenAI) has democratized the creation of deepfake audio and video, to the purpose the place producing a fabricated clip is as straightforward as pushing a button or two. That is dangerous information for everybody, together with companies.
Deepfakes are serving to scammers bypass Know Your Buyer and account authentication checks. They’ll even allow malicious state actors to masquerade as job candidates. However arguably the largest menace they pose is monetary/wire switch fraud and the hijacking of govt accounts.
Organizations underestimate the deepfake menace at their peril. The British authorities claims that as many as eight million artificial clips have been shared final yr, up from simply 500,000 in 2023. The actual determine could also be far increased.
How assaults work
As an experiment by ESET World Safety Advisor Jake Moore has additionally proven, it’s by no means been simpler to launch a deepfake audio assault on your corporation. All it requires is a brief clip of the sufferer to be impersonated. GenAI will do the remaining. Right here’s how an assault may proceed:
- An attacker selects the particular person they’re going to impersonate. It is likely to be a CEO, a CFO or perhaps a provider.
- They discover an audio pattern on-line – which is sort of straightforward for high-profile executives who frequently communicate in public. It’d come from a social media account, an earnings name, a video/TV interview or any variety of different sources. A couple of seconds of footage must be sufficient.
- They choose the particular person to name. This may require some desk analysis – often scouring LinkedIn for IT helpdesk workers, or finance group members.
- They could name the person direct, or ship an e mail prematurely – for instance, a CEO requesting an pressing cash switch, a password/multi-factor authentication (MFA) reset request, or a provider demanding cost for an overdue bill.
- They name the pre-selected goal, utilizing GenAI-generated deepfake audio to impersonate the CEO/provider. Relying on the instrument, they might follow pre-scripted speech, or use a extra subtle “speech-to-speech” technique the place the attacker’s voice is translated in close to actual time to that of their sufferer.
Listening to is believing
One of these assault is getting cheaper, simpler and extra convincing. Some instruments are even in a position to insert background noise, pauses and stammers to make the impersonated voice sound extra plausible. They’re getting a lot better at mimicking the rhythms, inflection and verbal ticks distinctive to each speaker. And when an assault is launched over the telephone, AI-related glitches could also be tougher for the listener to select up.
Attackers may use social engineering ways, similar to creating strain on the listener to reply urgently to their request, so as to obtain their objectives. One other traditional is to induce the listener to maintain the request confidential. Add to that the truth that they’re typically impersonating a senior govt, and it’s straightforward to see why some victims are duped. Who would need to get into the CEO’s dangerous books?
That mentioned, there are methods so that you can spot a faker. Relying on how subtle the GenAI they’re utilizing is, it could be attainable to discern:
- An unnatural rhythm to the speech of the speaker
- An unnaturally flat emotional tone to the voice of the speaker
- Unnatural respiratory and even breath-free sentences
- An unusually robotic sound (once they use much less superior tooling)
- Background noise which is both surprisingly absent or too uniform
Time to battle again
The rationale menace actors are placing extra of their time into scams like these is easy: the potential rewards on provide. Cautionary tales are steadily accumulating. One of many largest blunders got here method again in 2020, when an worker at a agency within the UAE was tricked into believing that their director had phoned to request a $35m fund switch for an M&A deal.
Provided that deepfake know-how has improved considerably within the six years since, it’s price revisiting some key steps you may take to attenuate the possibilities of a worst-case state of affairs.
It ought to begin with worker coaching and consciousness. These applications must be up to date to incorporate deepfake audio simulations to make sure workers identified what to anticipate, what’s at stake and act. They need to be taught to identify the tell-tale indicators of social engineering and typical deepfake eventualities similar to those described above. Purple teaming workouts must be run to check how nicely staff are absorbing this data.
Subsequent comes course of. Contemplate the next:
- Out-of-band verification of any phone-based requests – i.e., utilizing company messaging accounts to examine with the sender independently
- Two people to log off any giant monetary transfers or modifications to provider financial institution particulars
- Pre-agreed passphrases or questions which executives should reply to show they’re who they are saying they’re over the telephone
Expertise may also assist. Detection instruments exist to examine numerous parameters for the presence of an artificial voice. More durable to implement however one other plan of action could be to restrict the alternatives for menace actors to pay money for audio, by limiting executives’ public appearances.
Folks, course of and know-how
Nonetheless, the underside line is that deepfakes are easy and price little to supply. Given the possibly big sums up for grabs for the fraudsters, it’s unlikely that we’ll see the top of voice cloning scams any time quickly. A 3-pronged strategy based mostly round folks, course of and know-how is due to this fact the best choice your group has to mitigate the danger.
As soon as a plan has been permitted, bear in mind to frequently assessment it in order that it stays match for objective, at the same time as AI innovation advances. The brand new cyber-fraud panorama calls for fixed consideration.
