What Are Deepfakes?

Deepfakes have become one of the biggest threats on the internet. But what exactly is a deepfake? The term describes a deceptively realistic audio or video manipulation. Such sophisticated forgeries can only be produced with artificial intelligence. What makes matters worse is that deepfake software is freely available online. These applications can automatically mimic faces and voices, enormously increasing the demands on internal security management for organizations.

The Risks of Deepfakes

Deepfakes are an immense problem for organizations online, since they are notoriously difficult to detect. Increased security awareness is therefore critical for protecting your company. The most significant risks include:

• Identity fraud: When sufficient audio and video material is available, cybercriminals can forge voices or videos. This enables them to sign contracts via video identity verification or initiate wire transfers.
• Internal manipulation: A deepfake video could persuade employees to take actions that harm the company -- for example, if an audio manipulation of a supervisor issues damaging instructions.
• Reputational damage: In the public domain, the image of individuals or companies of public interest can suffer significant harm. If a deepfake generator creates videos or audio recordings with false content, precarious situations can result.
• Risks for private individuals: Deepfakes are by no means limited to companies and public figures. Private individuals who are regularly active online also face a real risk. Such manipulations can sow discord, damage relationships, or jeopardize personal reputations.

By the way: The more audio and video material the deepfake software has to work with, the more convincing the results. People who are frequently active online are therefore particularly susceptible to this form of manipulation.

Deepfakes: Concrete Threat Scenarios

While creating deepfakes was once limited to professionals, today even amateurs can succeed. All it takes to manipulate media identities is the right deepfake software and sufficient audio or video material. This gives rise to numerous threat scenarios:

• Bypassing biometrics: Deepfake generators now create manipulations in real time, posing a significant risk to biometric systems. Remote identification methods are also vulnerable, enabling attackers to conclude contracts or initiate bank transfers.
• Disinformation: Information campaigns are usually led by key people within an organization. With deepfakes focused on disinformation, false information is crafted so convincingly that the target audience considers it credible.
• Social engineering: When cybercriminals seek to obtain data, they can use deepfake videos for targeted phishing. For example, a supervisor's voice can be replicated to issue false work instructions and harm the company.
• Defamation: A deepfake app can be used to manipulate or purposefully generate media content. This makes it possible to portray people in any situation and undermine their reputation.

Faking Faces

For several years, various AI-based techniques have made it possible to manipulate faces in videos. These techniques follow three main approaches:

• Face Reenactment: Through reenactment, it is possible to control the facial expressions and head movement of the target person. This approach is ideal for creating deceptively realistic videos, generating the impression that someone made statements that actually originated from another person.
• Face Swapping: Here, faces are exchanged in an existing video. The goal is for the new person to exhibit the same facial expressions, gaze direction, and facial lighting. This makes deepfakes look even more realistic than earlier methods. Additionally, this technique works in near real time with minimal delay.
• Identity synthesis: The goal of this approach is to create pseudo-identities from scratch. When someone posts such a deepfake online, they aim to fabricate a person who exists exclusively on the internet, not in the real world. So far, this technique can produce high-resolution close-ups with an excellent level of detail.

Faking Voices

Fake voices are equally difficult to detect. Manipulated voices pose a significant risk in both voice conversion and text-to-speech scenarios. In these cases, the result is not a deepfake video but a pure audio recording.
With text-to-speech, a written text is converted into an audio signal whose semantic content matches the original text. Voice conversion, on the other hand, transforms an existing audio signal into a target voice.
Since both methods ideally account for the specific characteristics of the target person, the resulting voices sound deceptively real. This means they can fool both humans and automated systems.

Forging Texts

AI models have long been capable of handling complex tasks -- for example, generating large and coherent bodies of text. Because these texts are based on deep neural networks, they are rich in content and appear deceptively real. Whether a machine or a human wrote them cannot be determined at first glance. A deepfake app can also generate text continuations, produce chat replies, or compose longer messages.

Deepfakes and Effective Countermeasures

Once a deepfake is online, it is nearly impossible to distinguish from reality. This makes deepfakes a serious risk in many scenarios. Nevertheless, it is possible to counter these threats -- and AI forms the foundation for doing so.
Effective countermeasures are best implemented using the same technology that deepfakes rely on. The reason is straightforward: humans cannot evaluate the immense volume of data within a realistic timeframe. To address this, the AI must first be trained on forged material. The combination of genuine content and deepfakes helps the artificial intelligence detect discrepancies.

What Are the Benefits of Automated Countermeasures?

Since humans usually cannot detect a deepfake, a different approach is necessary. Automated countermeasures are built on the same AI that cybercriminals use for their deepfakes. The advantage of automated solutions is that algorithms respond autonomously as soon as they identify a forged file. These mechanisms advance the use of AI in cybersecurity and help organizations protect themselves from these risks.

How to Build Awareness and Detection of Deepfakes

To reliably detect deepfakes in the future, both expertise and automated measures are essential. The use of AI, regular assessments, and recurring training programs help organizations identify manipulations in time.
Training the AI is fundamentally easier than conveying knowledge to employees. This is partly because deepfakes are constantly improving. While artificial intelligence only needs reference material for comparison, employees require a different kind of awareness: they must learn to scrutinize instructions and statements more critically. At the same time, raising security awareness helps identify discrepancies more quickly and take prompt action.

Conclusion: Detecting Deepfakes Is Getting Harder -- Countermeasures Must Evolve Accordingly

By definition, a deepfake refers to manipulated video and audio material. While such recordings were easy to spot in the past, that is no longer the case. Instead, organizations need AI and security experts specializing in digital forensics to uncover these forgeries.
Deepfakes are constantly evolving and will foreseeably become even more convincing. It is therefore essential to critically examine media material and information alike. At the same time, countermeasures must be continuously refined -- because even as employees grow more aware of cyber threats, cybercriminals are also advancing their techniques.