Wait! Before Your Staff Approve That Payment, Do They Know How to Spot a Deepfake?

With cyber threats coming from any angle and AI making sophisticated attacks accessible to even the novice, customers and partners are putting more faith in your ability to keep them safe than ever before. One single incident could decimate their trust, curtailing your success as well as your budget—which is why you need to be honest with yourself. Are you completely, entirely, 110% confident that the next time your team is asked to authorise a payment, they’ll be able to spot a phoney?

The Growing Threat of Deepfakes

As we move further into 2024, the risks posed by AI-driven technologies like deepfakes are becoming more apparent. 63% of cyber security leaders have expressed concerns about deepfakes being used in cyber attacks, and it’s a concern that’s well-founded; the role of Zoom and mobile calls in multi-channel attacks surged in the first quarter of 2024.

The scary truth is that AI-powered imposters can now join a company meeting or a CEO call, posing as you or someone else in your organisation, asking for payment approval, using sensitive credentials, or even making decisions and statements that could tarnish your reputation and impact production. The implications for business cyber security are profound, so it’s crucial to know what you’re dealing with.

Understanding Deepfake Voice Calls

Deepfake voice calls are a threat to individuals and enterprises alike. With just a short sample—less than 60 seconds—of someone’s voice, AI can create a convincing voice clone. This cloned voice can then be used to make fraudulent calls, often impersonating executives or other high-ranking officials to request or authorise payments or access sensitive information.

Where do cyber criminals gather these voice samples? You probably won’t be surprised to learn that social media is usually to blame. Even explainer videos on your website or social media could be harvested to create these clones. While this doesn’t mean you should stop using such content, it underscores the need for spotting deepfakes through careful verification processes.

Deepfake voice calls are especially prevalent in financial institutions, where the high volume of daily transactions makes it easier for one to slip through unnoticed. The sheer volume of calls increases the likelihood of a deepfake call being successful, making it imperative for businesses in these sectors to be extra vigilant.

How to Spot a Deepfake Voice Call

Recognising the signs of a deepfake voice call can be challenging as technology evolves, but it’s not impossible. Here are some key indicators your staff should look out for:

1. Unexpected Calls: Be wary of calls from individuals who would typically schedule an appointment. A sudden, urgent request from someone like a CEO should raise red flags.
2. Flat Tone: A deepfake voice often has a monotone or flat quality, which may not match the emotional content of the message being delivered. For instance, a deepfake might sound calm when conveying something urgent or emotional—and their requests will usually be urgent or emotional.
3. Slurred Speech: AI-generated voices sometimes struggle with pronunciation, leading to slurred or unnatural-sounding speech.
4. Long Pauses: Pay attention to awkward or unusually long pauses between words or sentences. This can be a sign that the AI is processing information, making the speech feel stilted.

Training your team to spot these signs is a crucial step in mitigating AI risks for small businesses, and it’s wise to make this part of your wider cyber awareness education strategy.

Understanding Deepfake Video Calls

Deepfake video calls present another layer of complexity. These AI-generated videos can convincingly impersonate executives, potentially bypassing biometric security measures or fooling employees into authorising fraudulent activities. The consequences for business cyber security are severe, making it essential to know how to spot a deepfake video.

How to Spot a Deepfake Video Call

Just like with voice calls, there are some telltale signs that the ‘person’ on the other end of the screen might be a deepfake:

1. Unnatural Eye Movements: One common flaw in deepfake videos is unnatural eye movement, such as a lack of blinking or awkward blinking patterns.
2. Inconsistent Audio: If the audio doesn’t perfectly match the video—like lips not syncing with speech—it could be a sign of a deepfake.
3. Jerky Movements: Deepfake videos often struggle with smooth body movements. If the person appears to move in a jerky or unnatural manner, it’s worth investigating further. Asking them to turn their head to the side is a simple way to confirm whether it’s them or the connection that’s dodgy.
4. Blurring Around Facial Features: Look for blurring or inconsistencies around the edges of facial features, particularly during fast movements. This can indicate that the video has been manipulated.
5. Unusual Colouration: Pay attention to skin tones that appear unnatural or inconsistent, as this is another red flag.

Steps to Strengthen Your Team’s Defences

Educating your staff about spotting deepfakes is just the beginning. To effectively protect your business, you need to implement a comprehensive strategy that includes:

1. Education and Awareness: Regular training sessions on the latest deepfake threats and how to handle them are essential. Make sure your team understands the risks and knows what to look for.
2. Establish Proper Protocols: Implement strict protocols for payment approvals and sensitive communications. This could include calling the requester directly to confirm the details, using a pre-agreed safe code that isn’t stored digitally, and ensuring that all transactions are verified through multiple channels.
3. Simulation Exercises: Conduct regular deepfake simulation exercises to test your team’s ability to recognise and respond to these threats. These exercises can help identify weaknesses in your current procedures and provide valuable learning experiences for your staff.
4. Deepfake Detection Tools: Consider investing in deepfake detection tools that can help identify AI-generated content. Training your team to use these tools effectively, with the help of experienced IT support in London, Essex, or Hertfordshire, can provide an additional layer of security.

What to Do When It All Goes Wrong

Despite your best efforts, there’s always a chance that one of your team members could fall for a deepfake. So, what should you do if that happens?

1. Act Quickly: Time is of the essence. As soon as you suspect a deepfake’s been used, take immediate steps to contain the damage. This might include freezing accounts, reversing transactions, or alerting partners and clients.
2. Conduct a Thorough Investigation: Understand how the deepfake was successful. Was it due to a lapse in protocol? A failure in technology? Use this information to strengthen your defences and prevent future attacks.
3. Revise Your Protocols: Based on your findings, revise your protocols to address any vulnerabilities. This might involve tightening security measures, improving verification processes, or revisiting team training.
4. Update Your Deepfake Response Plan: A business cyber security plan should include a specific response protocol for deepfakes. This plan should outline the steps to take if a deepfake is suspected and provide clear guidelines for how to communicate with stakeholders, including clients and partners. If you spot any flaws when this is deployed, amend them.
5. Learn and Adapt: Underscoring every aspect of cyber security for small businesses is evolution and proactivity. Don’t become complacent; regularly update your training, tools, and protocols to stay ahead of the latest deepfake technologies.

Don’t Fall for Deepfakes

The rise of deepfake technology presents a serious challenge for businesses today. But, like with any cyber threat, by educating your staff, implementing strong protocols, and leveraging the right tools, you can significantly reduce the risks you face. Spotting deepfakes is an essential skill for today’s workforce, and ensuring your team is prepared is a critical component of effective business cyber security.

Virtual IT: IT Services and Digital Transformation Partners with A Cyber Security-First Approach

We’re partners with hundreds of businesses and schools across London, Essex, and Hertfordshire. We help them to profitably and sustainably grow with exceptional, secure-by-design IT services and solutions, delivered by a team of dedicated experts that you can count on.

Have a tech challenge on your mind? We’ll help you solve it! Get in touch with our team today to book a complimentary consultation, guaranteed to give you actionable insights for your business.