September 10, 2024 By Sascha Brodsky 2 min read

Deepfake fraud is surging, signaling an alarming trend in corporate security.

Scammers can now create convincing voice impersonations of executives, potentially manipulating stock prices and orchestrating multi-million dollar frauds. As companies rush to bolster defenses, experts say many remain unprepared for this rapidly evolving threat.

“Bad actors have a low barrier to entry,” warns Srinivas Tummalapenta, an IBM Distinguished Engineer & CTO of IBM Security Services. With just $5 and a minute-long voice sample, scammers can now impersonate CEOs, potentially wreaking havoc on company finances and reputations.

Deepfakes are highly realistic digital forgeries created using artificial intelligence technology. These manipulated videos or audio recordings can make it appear that someone is saying or doing something they never actually said or did, posing significant challenges for distinguishing truth from fiction in digital media.

The scale of this threat is staggering. According to Onfido’s Identity Fraud Report 2024, there has been a 3,000% increase in deepfakes.

And the stakes are high. From elaborate spam to manipulated executive videos, the landscape of corporate fraud is evolving rapidly. “You can influence the share market,” Tummalapenta notes.

Banks are already on alert, using real-time voice analysis in call centers. But many companies still need to prepare. “The funds are unavailable,” Tummalapenta explains, with firms often failing to recognize the threat until they’ve been hit.

In one recent incident, scammers used AI technology to impersonate Ferrari CEO Benedetto Vigna in an elaborate fraud attempt.

A Ferrari executive received suspicious text messages from an unknown number claiming to be Vigna. The messages, which included the CEO’s photo, hinted at a major acquisition and asked for help.

The quick-thinking executive saw through the ruse, stopping the scam in its tracks. Others haven’t been so lucky. Tummalapenta says creating convincing fakes is alarmingly simple, while detection requires sophisticated tools.

Combating the threat

IBM is working with Reality Defender, a company whose technology can detect manipulated voice, video and image content. Tummalapenta demonstrates how the system analyzed voice samples, identifying an original recording as a complete match and a machine-generated sample as highly manipulated.

Real-time detection systems are crucial for industries like banking. Tummalapenta describes a system where “voice packets are analyzed in real-time, allowing the system to detect fakes and instruct the analyst to take appropriate action.”

The executive also highlights the potential for market manipulation through deepfakes. “A CEO’s public presentation could be manipulated to influence the stock market,” he warns.

However, many corporations have yet to implement robust defenses. “While technologies and integrators are available, many corporations haven’t allocated funds to address this problem,” Tummalapenta notes.

He stresses that AI fuels the creation of deceptive media, but innovative countermeasures are evolving rapidly to keep pace. The hurdle lies in corporations recognizing the risk and prioritizing and funding these safeguards against digital manipulation.

As attacks increase, companies are becoming more aware of the risks, particularly to high-level executives. “We’re getting inquiries from companies whose C-suite has been impacted, asking how to protect their executives,” Tummalapenta explains.

Education and awareness remain critical components of an effective defense strategy. “We’re educating people,” Tummalapenta says. “The more attacks they see, the more they understand the threat.”

Download the X-Force Threat Intelligence Index
Was this article helpful?
YesNo

More from Security

How well do you know your hypervisor and firmware?

6 min read - IBM Cloud® Virtual Private Cloud (VPC) is designed for secured cloud computing, and several features of our platform planning, development and operations help ensure that design. However, because security in the cloud is typically a shared responsibility between the cloud service provider and the customer, it’s essential for you to fully understand the layers of security that your workloads run on here with us. That’s why here, we detail a few key security components of IBM Cloud VPC that aim…

X-Force report reveals top cloud threats: AITM phishing, business email compromise, credential harvesting and theft

4 min read - As we step into October and mark the start of Cybersecurity Awareness Month, organizations’ focus on protecting digital assets has never been more important. As innovative new cloud and generative AI solutions help advance today’s businesses, it’s also important to understand how these solutions have added to the complexity of today’s cyber threats, and how organizations can address them. That’s why IBM—as a leading global security, cloud, AI and business service provider—advocates to our global clients to take a proactive…

Why data security is critical to AI

2 min read - Data is the new oil. It fuels our economy and drives new technology—notably, generative AI. However, for AI to be widely adopted, it must be trustworthy and secure. As IBM’s latest Cost of a Data Breach Report shows, business disruptions push breach costs and regulatory fines to new heights, with the average cost of a data breach reaching USD 4.88 million. However, according to a survey conducted by the IBM Institute for Business Value (IBV) study on cybersecurity and gen…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters