Detect DeepFakes: How to counteract misinformation created by AI

Security Awareness
16 May 2024
Deepfake phishing - c'è chi sa riconoscerli

Don’t get fooled, some people can spot deepfakes!

Deepfake technology is becoming more realistic and easier to create. Our experts explain how to spot a deepfake and how to protect yourself online.

A great paradox of today is that while the Net has become our main source of information, the Net itself can become one of the main tools for manipulating and falsifying reality.

We all seek news and information online, and we all communicate with apps and technology tools, in both private and business settings.
At the same time we live perpetually with the feeling that all this information is not true or at any rate that there are scammers hiding somewhere who want to lead us to trust something or someone that is not real.

A phenomenon that has become very pronounced in very recent years, partly as a result of the proliferation of so-called “ deepfake “.

It is, as stated in a document of the Privacy Guarantor, by “photos, videos, and audio created through artificial intelligence software that, starting from real content (images and audio), can modify or recreate, in an extremely realistic way, the features and movements of a face or body and faithfully imitate a given voice.
The starting material is always the real faces, real bodies and real voices of people, but transformed into digital fakes.”

These deepfake technologies, were initially developed as support for the film industry in creating special effects. They were therefore accessible to few also because they were very expensive. In recent years, the user base has expanded more and more, and programs and applications have sprung up that make it possible to make “digital fakes,” using an ordinary smartphone.

I deepfake are often associated with political misinformation and disinformation campaigns, but the improved quality of this technology coupled with greater availability (there are now numerous openly available sites and apps that allow anyone to easily create a deepfake) has now also become a concern in the private sector because of the consequences that can fall on companies and organizations.

Unveiling this new threat was a UK-based company thatfell victim to a deepfake in 2019 audio in which an employee was persuaded to transfer money to a scammer who used voice-AI generation software to reproduce the voice of the company’s CEO.

Since this incident there have been many others, some sensational such as that of an employee of a Hong Kong-based multinational company who was tricked into transferring nearly 25 million of the company’s money during a virtual meeting in which one or more cyber criminals posed as colleagues and executives of the company itself.

One of the latest incidents last March victimized Jaime Ondarza, Ceo for Southern Europe at Fremantle, hit program production house, which made a 937,670 euro transfer effective immediately for the acquisition of a firm in Asia after receiving a WhatsApp message with the credentials of the CEO of the company’s headquarters. The message was fake but the transfer he made was real and irreversible, with the consequences we can imagine.

However, there are also positive examples, such as the one reported by the company LastPass which tells on its website how an employee, after receiving a series of calls, messages and at least A voice message on WhatsApp with an audio deepfake which reproduced the company’s CEO, became suspicious and managed not to fall into the criminals’ trap.

In fact, the employee found the volume, insistence and urgency of communications and especially the tool of WhatsApp somewhat “borderline” compared to official channels suspicious. He not only ignored the messages but promptly reported the incident to the internal security team, which immediately took appropriate action.

In the magnum sea of news of cyber-attacks reporting breaches of all kinds every day, we felt it was important to report this incident that underscores how crucial and saving all employees’ careful and conscious behavior is.

In order not to incur risks with serious consequences, one does not need to be an “expert” in cybersecurity, an area that still frightens many people, but it is sufficient to follow some basic rules, which, however, must be transmitted through a structured and lasting training course.
Training that must be continuous, quality training, always up-to-date, and include practical exercises.
Above all, it is about getting used to always being “on the ball,” developing the right awareness and sharpening the antennae in case of suspicious incidents.

Never, therefore, lose focus and awareness of what you are doing and never act in haste and distraction but always put in place all the necessary checks before proceeding with actions that may have irreversible consequences.
These are behaviors that also need to be known and trained according to the constant innovations that the IT and technological world holds.
Only in this way could we shelter our private and professional lives from frequent pitfalls that the cyber world increasingly holds for us.

How to spot a deepfake

When it comes to AI-manipulated media, there’s no single tell-tale sign of how to spot a fake. Nonetheless, there are several DeepFake artifacts that you can be on the look out for:

  1. Pay attention to the face. High-end DeepFake manipulations are almost always facial transformations. 
  2. Pay attention to the cheeks and forehead. Does the skin appear too smooth or too wrinkly? Is the agedness of the skin similar to the agedness of the hair and eyes? DeepFakes may be incongruent on some dimensions.
  3. Pay attention to the eyes and eyebrows. Do shadows appear in places that you would expect? DeepFakes may fail to fully represent the natural physics of a scene. 
  4. Pay attention to the glasses. Is there any glare? Is there too much glare? Does the angle of the glare change when the person moves? Once again, DeepFakes may fail to fully represent the natural physics of lighting.
  5. Pay attention to the facial hair or lack thereof. Does this facial hair look real? DeepFakes might add or remove a mustache, sideburns, or beard. But, DeepFakes may fail to make facial hair transformations fully natural.
  6. Pay attention to facial moles.  Does the mole look real? 
  7. Pay attention to blinking. Does the person blink enough or too much? 
  8. Pay attention to the lip movements. Some deepfakes are based on lip syncing. Do the lip movements look natural?


Articoli correlati

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

read more