Welcome to the age of Artificial Intelligence (AI) and deepfakes, an age that challenges what we see and hear, and takes advantage of how we tend to make quick decisions.
AI is rapidly revolutionising cyberattacks, getting machines to emulate human neural networks. It learns from interactions with users, generating knowledge networks capable of distorting reality, even supplanting human identity, one of the biggest risks we face.
According to Adrian Flecha, cybersecurity technician at INCIBE-CERT, ‘’identity theft is any deliberate attempt to impersonate another person or entity, using personal, professional or corporate information, with the aim of deceiving, manipulating or carrying out fraudulent actions that result in economic or social benefit or improper access to sensitive data‘’.
But what are deepfakes? Deepfakes are extremely convincing fake images, videos and audios generated by AI using deep learning algorithms and collections of images, audio and video recordings of the person they seek to impersonate. They can make us feel unable to distinguish between real and fake content, even if it appears entirely realistic.
As with other social engineering attacks, in deepfakes with fraudulent intent, cybercriminals use every possible principle of persuasion to lure you into their trap, most notably the principle of urgency and authority. They pressure us to act quickly, without giving us time to think calmly.
According to a study by Signicat, deepfakes account for 6.5% of all fraud attempts, an increase of 2137% in the last three years.
Cybercriminals can impersonate us through two types of identity fraud: traditional identity fraud, where they steal the entire identity by extracting biometric data and using AI to fraudulently take over accounts, sign up for services, deceive family and friends, etc.; or synthetic identity fraud, where they steal real personal information and combine it with fictitious, AI-generated information, creating a fake identity that allows them to gradually build a history and establish credibility, making it difficult to be easily detected.
When fraudsters try to trick you with deepfake phishing you should:
Be wary of unusual requests. If the request is unusual, the person making the request has never contacted us before, or if something seems suspicious, we should make sure that the source is trustworthy. We should get into the habit of pausing and thinking twice, rather than automatically trusting what we see or read.
Carefully examine the content. Actively look for details that don’t fit or seem suspicious – don’t just take what seems real at first glance. Always analyse the context and look for specific details depending on the type of content.
In images, carefully analyse details, lighting and shadows.
In audio, pay attention to the language used, tone, rhythm and background noises.
In videos, in addition to analysing the audio, observe the non-verbal language, the shape of the body and face, especially facial movements; the mouth and eyes will be key to determine if the audio matches the movement and if there is a natural blinking.
Relying on technology. AI creates an interesting duality; it has revolutionised both cybercrime and cybersecurity. Indeed, in the field of cybersecurity, AI can help identify threats that would otherwise escape the human eye.
But, how can we protect ourselves against identity theft?
Make it easy and secure: Enabling two-step authentication is a simple way to add a very strong barrier of protection, where possible.
Authenticate the identity of the person, website or company to whom we provide our information.
Control your information: Think carefully about what personal data you share online. The less information you give out, the less material they will have to try to impersonate you.
Avoid overconfidence (‘it won’t happen to me’): Keeping up to date with threats helps you to be aware of the real risks, even if nothing has happened to you yet.
These practices will make us be prepared and know how to act in order to face this new era in which AI is constantly evolving. Getting into the habit of hesitating a bit and checking things out before acting is our best defence in this ever-changing environment.
Cookie settings
