All news with #deepfake fraud tag

⚠ Geopolitical tensions have created a fertile environment for opportunistic scammers who exploit fear and sympathy to harvest credentials, personal data, or direct payments. Common ploys include fake charities, romance and travel scams, fraudulent charges, investment schemes, sensational fake news and classic advance-fee cons. Scammers increasingly use convincing content produced with generative AI and impersonation tactics to bypass trust; verify independently, avoid unsolicited links or calls, and protect devices with reputable anti-malware.

🔐 The ICO has published a five-step guide urging organisations to prepare for AI-enhanced cyber threats, including deepfake social engineering, adaptive malware and automated exploitation. It points readers to the NCSC's updated Cyber Assessment Framework and expects baseline adoption of Cyber Essentials and the UK Cyber Governance Code. The guidance emphasises robust patching, MFA, least‑privilege, supply‑chain vetting, DPIAs for high‑risk AI and human oversight of AI-enabled defences.

🔐 At the World Economic Forum Annual Meeting on Cybersecurity 2026, Fortinet highlighted how AI and deepfakes are reshaping attack surfaces, with identity now a primary vector and attackers operating in structured, continuous campaigns. Discussions stressed that AI accelerates reconnaissance and exploitation while defenders contend with fragmentation, governance gaps, and inconsistent visibility. Fortinet urged platform consolidation, stronger identity and exposure management, and operationalized public-private collaboration to better align detection with response.

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.

🔊 Deepfake voice cloning now needs as little as three seconds of audio and freely available tools to produce convincing, real-time impersonations. Incidents spiked in 2025, with attackers focusing on finance, HR and IT teams to trigger fraudulent transfers or credential changes. The author warns that traditional security stacks rarely detect these social-engineering attacks and urges organizations to build human verification habits—verbal passcodes, callbacks and continuous simulation-led training from vendors like Adaptive Security.

🔍 Microsoft observed North Korea-aligned actors posing as legitimate hires—using stolen or fabricated identities and generative AI—to gain trusted access to corporate SaaS. They target external career sites and Workday Recruiting APIs (hrrecruiting/*) to submit convincing applications, complete onboarding, then use legitimate accounts to access Teams, SharePoint, OneDrive, and Exchange Online. Defenders should correlate multi-source telemetry, enable Microsoft Defender for Cloud Apps connectors, and monitor behavioral anomalies in candidates and new hires.

🔎 Deepfake technology is now widely accessible and sufficiently realistic to fool employees, executives and automated heuristics. A 2025 Gartner survey found nearly half of cybersecurity leaders encountered audio or video deepfakes in the prior year, and real-world incidents show attackers using synthetic media for both financial fraud and reputational sabotage. Organizations must combine rapid forensic verification, coordinated legal action and clear communications while pursuing long-term authentication and watermarking standards to restore trust.

🔒 A malicious macOS app impersonating Ledger Live on the Apple App Store drained approximately $9.5 million in cryptocurrency from 50 users after they were tricked into entering their seed/recovery phrases. Blockchain investigator ZachXBT traced funds moved across multiple chains (Bitcoin, Ethereum, Tron, Solana, Ripple) and funneled through more than 150 deposit addresses tied to a centralized mixer called "AudiA6" on KuCoin. Apple removed the fraudulent app after multiple reports, and KuCoin says it has frozen the implicated accounts pending further action. Ledger provides a Mac app on its website but not through the App Store; users are urged to download only from official vendor channels.

🔒 Telehealth offers fast, convenient access to care but creates persistent medical records that are highly valuable to criminals. Stolen health data — from diagnoses and prescriptions to insurance IDs and test results — often fetches far more than payment or social-login credentials and enables extortion, fraud, and identity theft. The rise of AI-driven fake clinics and diagnostic tools makes realistic phishing and data-harvesting sites easier to create. Protect yourself by using a dedicated medical email, avoiding social sign-in, enabling 2FA, using clinic-provided encrypted portals, and keeping health devices patched.

🛡️ The FBI's 2025 Internet Crime Report shows US victims lost more than $17.7 billion to internet-enabled fraud, with the Internet Crime Complaint Center (IC3) receiving over one million complaints in 2025. Cryptocurrency investment scams were the single largest source of financial loss at $7.2 billion, followed by Business Email Compromise and fake tech support schemes. The report also highlights nearly $893 million lost to AI-enabled fraud and 22,364 AI-related complaints, warning that synthetic content and deepfakes are increasingly abused to perpetrate scams.

🔍 Modern attackers use AI to imitate trusted users, tools, and services, making many incidents malware-free and harder to detect. The article compares these tactics to art forger Elmyr de Hory and outlines threats such as agentic AI, supply-chain impostors, cloaked tunnels, rogue infrastructure, and sophisticated phishing. Network Detection and Response (NDR), including Corelight’s Open NDR Platform, is highlighted as essential for spotting behavioral anomalies, protocol inconsistencies, and contextual metadata to expose impostors early.

🎵 Michael Smith pleaded guilty to conspiracy to commit wire fraud after using AI to generate hundreds of thousands of songs and deploying up to 10,000 bots that streamed them billions of times, fraudulently earning more than US $8 million in royalties. He has agreed to forfeit US $8,091,843.64 and will be sentenced on July 29, 2026. The case highlights how AI and automation can be abused on streaming platforms, undermining legitimate artists' income.

🔐 By 2026, the central competition in identity-related work will be the ability to prove that the person behind a high-impact action is a real, accountable human. Generative AI and deepfakes create synthetic identities that can pass routine checks, contaminate risk models and hijack estate workflows. Defenses must focus on provenance, cross-channel consistency and continuous, risk-based verification tied to audit-grade trails.

🔍Jake Moore, ESET Global Cybersecurity Advisor, demonstrated practical methods that can defeat widely used facial recognition systems. Using modified smart glasses, AI-generated images and real-time face swaps he showed how identities can be exposed, synthetic faces can bypass eKYC checks, and watchlists can be evaded. His findings highlight the need for rigorous adversarial testing and stronger verification controls; he will present live demos at RSAC 2026.

🤖 GenAI has accelerated social engineering and phishing, allowing attackers to produce hyper-personalized messages, convincingly cloned executive voices, and realistic video impersonations in seconds. Deepfake incidents have shifted from online curiosity to tangible business risk, causing financial loss and operational disruption while making identity verification on everyday collaboration platforms increasingly difficult. To address these threats, Check Point Services has expanded its training portfolio and advocates for modern defenses and smarter awareness programs designed for the realities of the AI era.

🔒 The OpenID Foundation warns that inconsistent handling of deceased users' digital accounts across platforms and jurisdictions creates systemic gaps that invite fraud and exploitation. The report, titled The Unfinished Digital Estate, highlights the growing risk of AI-driven deepfakes simulating deceased individuals to manipulate relatives, spread disinformation, or extract funds. It urges coordinated action from policymakers, platforms and standards bodies to create interoperable frameworks, verifiable death/incapacity processes, and clear consent, delegation and audit mechanisms to protect posthumous identity autonomy.

🛡️ Cloudflare announces integration with Nametag to add workforce identity verification to Cloudflare Access, confronting the emerging 'remote IT worker' fraud where organized actors use stolen or deepfaked identities to infiltrate companies. The OIDC-based flow requires a selfie and government ID scan, and Nametag's Deepfake Defense uses cryptography and AI to attest liveness and identity. Verification completes in under 30 seconds and no biometrics are stored. This layer enables identity-based policies before access is granted.

⚠️ A new Cloudflare Threat Report warns that widespread access to large language models and AI tools has lowered the barrier to entry for cybercriminals, enabling rapid, scalable attacks. Attackers are using LLMs to craft convincing phishing, generate malware, and map networks in real time, increasing impact and reach. The report highlights AI-generated deepfakes and fraudulent IDs used to bypass hiring filters and embed malicious insiders, with state actors like North Korea exploiting this vector. Cloudflare urges organisations to adopt real-time intelligence and proactive defenses to counter the industrialisation of cyber threats.

🤖 MIT Technology Review examined Moltbook, the supposed AI-only social network where many viral posts were in fact published by people posing as bots. Experts including Cobus Greyling of Kore.ai note that humans create and verify bot accounts and craft prompts, so agents do nothing without explicit human direction. Researcher Juergen Nittner II frames the episode with his LOL WUT Theory, warning that easy-to-produce, hard-to-detect AI content could erode trust online. The Moltbook episode is a preview of that risk rather than proof of autonomous agent societies.

🛡️ As deepfakes and injection attacks evolve, identity verification must move from isolated media checks to end-to-end session trust. Ricardo Amper of Incode explains that high-fidelity synthetic faces, replayed footage, virtual cameras, rooted devices, and automated probing can all defeat perception-only defenses. Incode Deepsight combines perception, integrity, and behavioral signals in real time to validate the entire verification session and reduce false acceptances while blocking persistent unauthorized access attempts.