From the course: The Cybersecurity Threat Landscape
Protect against deepfakes
- [Instructor] Deep fakes are designed to be hard to detect and detecting them will only get harder as AI technology improves. But there are ways to determine if you're talking to an actual person or a deep fake. In this video, I'll teach you how to spot deep fakes and steps you can take to protect you and your organization against them. First, users should be trained about deep fake technology, how it works, and how it can be used to conduct payment fraud and other attacks. They should also be trained how to spot deep fake audios and videos, including unnatural speech cadence, low quality audio and/or video, digital artifacts or noise in audio and video, unnatural movement in videos, unnatural blinking, unexpected shifts in lighting and skin tone, and poor lip syncing. Next, users should be trained that deep fakes can sometimes have common social engineering red flags. The most likely red flag is a sense of urgency. Social engineering attacks often want you to act quickly without thinking. If someone you know contacts you and they want you to do something like transfer a lot of money in a hurry, you should immediately be on guard. Another social engineering red flag is unusual behavior. Deep fake technology may be good, but attackers don't always use it perfectly. The attacker may have the cloned voice use wording that you know the actual person wouldn't say. And if the request itself is unusual, that's another clue that this may be a deep fake attack. Users should also be trained to verify any phone calls requesting financial transactions or payment changes through other methods. Of course, the very best way to verify a request is to ask the person who made the request face to face, but that's not always possible, so users should be trained about other ways to verify. For instance, if the CEO calls requesting a financial transaction, then the person receiving the call should call the CEO back at their official listed phone number to confirm the request. If the call is especially suspicious, users should be trained to ask a test question that the CEO would know the answer to, but attackers probably wouldn't. For instance, what's their favorite sports team or what painting they have near their desk? Finally, ensure that the Finance Department has authorization processes in place to confirm transactions and payment changes, so these can't be done with just a simple phone call. As they get harder and harder to spot, it's important to take the steps that I describe in this video to protect you and your organization from deep fake attacks.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.