How do we spot deep fakes? Don’t bother!

How do we spot deep fakes? Don’t bother!

?

If you haven’t heard of deep fakes, it’s the use of technology to pretend to be someone. You can recreate someone’s voice and their face with computers, and this can be done in real time to create a realistic video chat impersonating someone you know. Artificial Intelligence (AI) will continue to make this process faster, cheaper, and better.

I highly expect cyber criminals will increasingly embrace deep fake and AI technology to trick people out of their information and money because it uses an incredibly powerful weapon against us – trust. Unfortunately, we’re well past the days of criminals just forging email addresses and phone numbers. Here’s a few scenarios for how it can be used against us in real life:

  1. ?You get a phone call from a family member, they’re panicked, asking for your credit card details because they’ve lost their card. It’s their phone number, it’s their voice, and they need help now so you quickly provide the details to help them.Here’s the potential reality though – a criminal rang that family member, recorded their voice, forged their phone number and voice and called you to trick you. They already have trust via impersonation, and they throw in a bit of fear and urgency to bypass logical thought processes and get you to act quickly.
  2. The CEO calls the Finance department, asking for an urgent transfer of money to an account to close a business deal. Again, it’s their phone number, their voice, and again we have trust via impersonation, urgency, and maybe a bit of fear because it’s the CEO.And as with the previous example, the potential reality is that a criminal is pretending to be the CEO, and someone in Finance has just made a hefty transfer of money to a very happy cyber-criminal.

?This is happening now, and it’s going to be happening more and more soon. As you can see with the above examples, it doesn’t matter who you are or what you do - if you have money or valuable information you will be a target.

?So, we have to spot deep fakes to stay safe, right? Wrong!

Maybe you’re talking to artificial intelligence and there are tell tale signs like pauses in the voice that don’t seem natural. Maybe the computer-generated voice doesn’t sound quite right. But as the technology gets better and better, tell tale signs of fakery will disappear until we can no longer tell. Maybe technology / AI will be able to spot deep fakes for us? But again, how accurate will it be? Technology could look for cues like absent pulses in veins of the neck with video, and yet AI will just create pulses in the veins of the neck! It’s likely a losing battle.

But there is hope, and it’s actually a very simple set of rules that you should always use, at home and at work. Note that these rules come into play when you are dealing with someone “not” in person. i.e., You can’t touch them, because this is when we are worried that deep fake technology might be used. Here are the rules in very simple terms (and of course these can be built on as required):

The Rules

  1. If someone is asking for confidential information (like the phone call asking for credit card information), they must prove they are who they say they are. Maybe they can tell you something only they would know. Maybe you have a secret password. In either case, if you’re not sure they are the real person, ring them back on a number you have, or that you look up. Now you know who you are speaking to and can get to the truth.
  2. If someone is giving you information that could cause harm (like the CEO asking you to transfer money to an account, so in this case that potentially harmful information is the bank account details), call them back to confirm it’s correct. Note that this would apply the first time someone gives you information (as per this example), or when it is changed (like a phone call from a staff member to change the bank account their salary is paid into).

And that is the core of the solution! If you’re in a company, ensure that these processes are formalised and communicated to staff. At home, ensure family members understand how it can be used against them, and how to respond (e.g., Have a password for the family and ask for that password if in doubt).

Really at the core if it all, it’s a healthy dose of suspicion, simple procedures, and a phone call to confirm everything is ok. Do this consistently and potentially save yourself / your company a lot of money, time, and reputation!

要查看或添加评论,请登录

Mike Ouwerkerk的更多文章

  • How to get staff to watch awareness videos

    How to get staff to watch awareness videos

    Cyber security awareness is not a one off initiative. People will slowly forget information they are taught, that's a…

    1 条评论
  • Compliance Does Not Equal Security

    Compliance Does Not Equal Security

    I train a lot of people, and I always like to ask whether they have done this type of training before. Largely people…

    3 条评论
  • 10 Hard Truths About Cyber Security Awareness

    10 Hard Truths About Cyber Security Awareness

    I've been in the trenches of cyber security awareness for quite a few years now. In that time I've made a lot of…

    3 条评论
  • Conversations with a Romance Scammer

    Conversations with a Romance Scammer

    OK, I'm out - "She" wants to have a voice chat. For the last week or so I've been chatting to a romance scammer.

    17 条评论
  • "Human Error" in Cyber Security - It's not what you think!

    "Human Error" in Cyber Security - It's not what you think!

    It's a constant message in cyber security - companies are being breached, and they blame "human error" for about 90% of…

    8 条评论
  • Cyber Security Cultural Change for SMEs

    Cyber Security Cultural Change for SMEs

    The war with cyber criminal scumbags wages on, and unfortunately the battle is still being lost by the good guys…

    5 条评论
  • Toot Toot Here Comes the Deep Fake Pain Train

    Toot Toot Here Comes the Deep Fake Pain Train

    The Scam Picture this: The receptionist gets to work, and there's a voicemail from the IT Manager saying that cleaners…

    2 条评论
  • The Benefits of Cyber Crime

    The Benefits of Cyber Crime

    Yeah I'm gonna go there. Doom and gloom is all we hear, the global economy is losing trillions, companies are getting…

    18 条评论
  • It's All About the Lightbulb Moments

    It's All About the Lightbulb Moments

    Metrics in cyber security awareness can be a bit of an art form, and will need to vary between organisations. But I…

  • My nomination for "10 Best Security companies in Asia 2019 (Asia Edition)"

    My nomination for "10 Best Security companies in Asia 2019 (Asia Edition)"

    I had a bit of fun baiting some more scammers / scumbags. No doubt they'll email me for the same bogus award next year…

    6 条评论

社区洞察

其他会员也浏览了