<— Back

The Generation of Misinformation Revolutionizing the world of Phishing through DeepFakes

10:55 – 11:25(SGT) Thursday 3 December, 2020

In 2017, DeepFakes were primarily used by enthusiasts to generate fake porn videos. Today, DeepFake applications and services are readily available for every individual to use. This makes a sudden growth in the number of manipulated media being released on the Internet every day. In fact, a study from Sensity, a threat intelligence focusing on visual threats, revealed that more than 49,000 DeepFake videos have been uploaded online as of June 2020[1]. This raises a concern as DeepFake’s potential to be abused is apparent now in our society. With this, comes along a more pressing issue to the cyberworld: DeepFake as the innovation that will further propel the success rate of phishing attacks.

This research identifies facets of DeepFake that proves how phishing attacks are being modernized with the use of this new technology. These factors were determined after scrutinizing DeepFake-related incidents in the real-world and evaluating its implication in the cyber landscape. First factor identified was its bypassing security feature. Second, the intentional use of DeepFake to promote false information. Third, being the most evident is exploiting DeepFake to reform old ways of phishing such as voice phishing(vishing).

To begin with, we will tackle how Zao, a DeepFake face-swapping mobile application that requires its user to provide selfies, can be used to exploit and bypass certain security features of other installed applications that uses facial recognition. For example, biometrics technology that verifies the ‘digital identity’ of an individual by means of facial features, can be ‘spoofed’ by the advancement in DeepFake. In addition, Disinformation-as-a-Service (DaaS) is becoming a booming business for cybercriminals being offered in the black market. We will discuss what DaaS is and how it stemmed to social misinformation driven by DeepFake-crafted media. Finally, we will exhibit how the phishing landscape staged by cybercriminals is being scaled up by means of DeepFake to ensure a more successful phishing attack. Infact, the very first incident of a successful DeepFake- vishing attack extorted an amount of $243, 000 from a UK-based energy firm after the CEO listened to a phone call from his alleged “boss”.

With our new situation, less face-to-face encounter is the ‘new norm’ in living our daily lives. Business transactions, work meetings, and school discussions are some of the routines that adapted to this norm and shifted to the digital environment. This poses more risk to people in falling to be victims of misinformation and even more, phishing attacks through DeepFake. This new ‘crease’ in cybersecurity challenges us, analysts, and researchers to understand what DeepFake is and what can be done to prevent this from being exploited.