The Internet age united the world with a universal language of twitters and pings. The benefits of our new interconnected society are too plentiful to count, but there is also a decrepit underworld of cybercriminals and cybervandals who use that interconnectedness to spread misinformation. Cyber criminals thrive in anonymity and often take their greatest pride when robbing people of their own. As the Internet becomes more intertwined with our way of life, it is becoming clear that digital attacks on a person’s character can be just as damaging as those done in the real world. Deepfakes are near-perfect digital recreations of faces, often manipulated into compromising positions or saying words the speaker never actually said. This type of mimicking technology has become increasingly convincing since its relatively recent inception. As a result, it is imperative that people and businesses targeted by deepfakes immediately act. Misinformation at the expense of your business can be costly and reputation-shattering if not properly quelled.
Types of Deepfakes and Preventions
The most popular deepfakes often put words in the mouth of celebrities or politicians, but those aren’t nearly as malicious or dangerous as fakes that target businesses. While celebrities have massive platforms to dismantle the slings and arrows of outrageous cyber ruffians, small businesses have to fight much harder to recover.
Advanced deepfakes can mimic voices well enough that there are several documented cases of employees, or even executives, being fooled into sharing private information with cybercriminals. These types of fakes tend to happen over phone calls and don’t need the sophisticated face-replicating tech. These attacks are called social engineering which is an umbrella term for any kind of manipulation done to gain personal or sensitive information. Social engineering deepfakes take advantage of peoples’ inherent willingness to trust caller ID and the voices of people they know.
Preventions: Social engineering deepfake attacks are so successful because most people don’t expect them. Since social engineering attacks target employees or anyone who may hold sensitive information like passwords or routing numbers, the most effective way to snuff out these attacks is training. Teach your employees the telltale signs of social engineering: brief calls asking very specifically for those passwords or routing numbers.
Another tactic is to develop a failsafe or codeword system for private company information. Make a system where at least two employees must approve the sharing of private passwords or sensitive information. Social engineering attacks thrive on off-the-cuff conversation. If the target of a social engineering attack brings another employee into the conversation, it’s likely someone will realize something about the caller is off.
Being that deepfakes are near-perfect imitations, those who may want to do your business harm or have a bit of fun at your expense may use your image or the image of someone close to your business to spread misinformation. This misinformation can come in the form of doctored video or audio clips posted to social media with the intent to harm your business’s reputation.
Preventions: While it is impossible to prevent cyber hooligans from creating deepfakes, it should be every business’s prerogative to create a quick-acting crisis response plan. Every second is precious when countering misinformation; it’s very common for the initial misinformation to overshadow delayed corrections from businesses. The objective of these deepfakes, beyond general chaos, is to sway public opinion. Sway favor back into your court by aggressively and poignantly dismantling the authenticity of the deepfake video or audio.
If the deepfake is a video impersonating one of your employees, make sure that employee is involved with these efforts. Tail the doctored video or audio relentlessly and post in its comments or adjacent pages proof of its falsehood, whether that be your own video debunking their claims or a written response. While deepfakes are near-perfect, the uncanny valley is still present: look for breaks in lighting or odd pixilation on or around the face. These little signs are common on cheaper deepfakes and can be their easy undoing in your business’s response.
The most devious cyber hooligans may turn criminal and use their deepfake tools for criminal extortion of your business. Deepfake extortion generally entails cyber criminals creating a doctored video of a public figure, in this case, someone important to your business. Then, the cyber criminal will often send the video to you, the business, asking for ransom. If you don’t give in to their demands, they will post the video, often pornographic or displaying absurd violence, to the Internet.
Preventions and Containment: Giving into the criminal’s demands is not an option. Collapsing before extortion is especially dangerous, as it will likely mark your business as an easy target for future cyber criminals. First, notify the police. Extortion is a crime, and in several states, malicious deepfakes are too. As for protecting your business’s brand and image, be as transparent as possible about the nature of the extortion. Act quickly and develop a public statement about the deepfake extortion before the cyber criminal posts it if possible. Beating the post will do a major hit to its credibility.
If the salacious video ever goes live, address it directly. Ignoring the deepfake, however heinous, will only go to damage your business, as consumers who see the deepfake but don’t hear an adequate rebuttal from your business may believe that either you aren’t aware of it, or even worse: that it’s real.
Technology’s Climb and Integrity’s Tumble
The AI technology that manufactures deepfakes is strengthening every day. There is absolutely nothing we, or anyone, can do to slow their development, so it ought to be the prerogative of every business to learn the warning signs and develop a clear plan of response. Safeguards like multiple employee sign offs for money transfers or password releases is a good measure to implement already, but it can be equally critical to your company’s deepfake defense.
Beyond these steps, there is unfortunately little businesses can do to meaningfully prevent deepfake attacks. As time moves on, however, and deepfakes become even more common, we may see a silver lining. People will hopefully learn to ask themselves when watching something wildly out of character or too good to be true “is this a deepfake?” And at that point, businesses may be fighting less of an uphill battle when responding to defamatory deepfakes.