< ciso
brief />
Tag Banner

All news with #deepfake fraud tag

101 articles

Verification Step Emerges as New ATO Attack Surface

🛡️ Passkeys and passwordless flows are reducing credential stuffing, but attackers now target identity verification and recovery paths such as magic links, step-up flows, and re-enrollment. Generative AI has made impersonation and synthetic media widespread, increasing fraudulent verification attempts. Defenders must adopt biometric liveness, risk-based re-verification, intent binding, and network-effect signals to stay ahead as regulations and threats evolve.
read more →

NCA warns parents on risks of AI-generated content

🔒 The National Crime Agency (NCA) and Internet Watch Foundation (IWF) have launched a campaign to warn parents about the dangers of oversharing images and videos of their children online. The IWF reported a dramatic rise in AI-generated child sexual abuse material in 2025, prompting social media outreach and new guidance to help parents manage image consent and protect children. The campaign includes advice on privacy settings, discussing consent with family and schools, and steps to take if abuse is suspected.
read more →

AI Enables Faster, Cheaper, Harder-to-Detect Attacks

🛡️ A ReliaQuest report finds AI is making cyber-attacks cheaper, faster to scale, easier to customize and harder to spot while not fundamentally altering attacker tradecraft. Initially used for polishing phishing and basic scripting in 2024, by mid-2025 AI had expanded into deepfakes, AI-assisted scripts and an underground market for tools. Today AI appears embedded in workflows—generating phishing pages, web shells, and obfuscating code—and as the lure itself, with attackers leveraging trusted AI brands to trick users.
read more →

Tabletop simulates modern retail ransomware mayhem

🔍 The Semperis-run "Enter the War Room" tabletop at Infosecurity Europe simulated a ransomware and reputational attack on fictional supermarket BlueCart. Red-team operators exploited supplier trust, stolen credentials, weak MFA, and poor network segmentation to access AI supply-chain systems and exfiltrate loyalty data. Attackers combined misinformation, deepfakes, fake orders, and payroll disruption to magnify harm, while defenders focused on out-of-band communications, honeypots, and refusing ransom demands to limit impact.
read more →

INTERPOL: Cybercrime Surge in Asia and South Pacific

🔍 INTERPOL warns of a dramatic rise in cybercrime across Asia and the South Pacific driven by rapid digitalization, organized criminal networks, and uneven cybersecurity maturity. Phishing is identified as the most widespread and costly threat, while ransomware, AI-driven scams, deepfakes, and banking trojans have also surged. Authorities are scaling cross-border cooperation and resilience efforts to counter these threats.
read more →

New York man charged with AI-enabled cyberstalking

📢 A New York man was indicted on cyberstalking charges after allegedly creating multiple fake social media and email accounts to harass a former college classmate. The defendant is accused of distributing AI-generated nude images and fabricated racist messages across platforms including Instagram, LinkedIn, Reddit, X, Strava, and Yahoo between January and March 2025. Authorities say he used spoofed accounts to send images to the victim’s family and continued the campaign after the victim transferred to a Georgia college. Federal prosecutors emphasize that sharing intimate images without consent is a prosecutable offense and urge victims to report such abuse.
read more →

Cybercrime Escalates Across Asia-Pacific Amid Digitization

🛡️Interpol warns that cybercrime now accounts for 30% of crime in over half of Asia and South Pacific nations, driven by rapid digital adoption. The 2025/2026 Asia and South Pacific Cyberthreat Assessment, covering 18 countries, highlights online scams, infostealers, ransomware, deepfakes and BEC as primary threats. The report notes sharp rises in ransomware, DDoS and deepfake activity, and calls for improved cross-border collaboration and capacity building.
read more →

DOJ seizes deepfake nude sites under new law

🔒 The U.S. Department of Justice seized CFAKE.com and SOCFAKE.com after finding they hosted nonconsensual AI-generated nude images and videos, marking the first publicly announced domain seizures under the TAKE IT DOWN Act. The sites allegedly displayed sexually explicit deepfakes of politicians, celebrities, athletes, and others. The action followed a multinational probe involving Italy and France and led to an arrest in Nice and seizure of related cryptocurrency. The law, enacted in May 2025, criminalizes publishing intimate altered images without consent and requires prompt takedowns.
read more →

Google sues to dismantle AI-powered scam networks

🛡️ Google is taking legal, technical, and legislative steps to disrupt large-scale AI-enabled phishing and smishing campaigns. The company filed a civil lawsuit against the China-based “Outsider Enterprise,” coordinated with the FBI and telecom partners to block malicious texts, and is advocating bipartisan federal legislation to strengthen protections. Google also leverages AI-driven detection on Android and messaging defenses to intercept malicious messages at scale.
read more →

Google adds Android protection against AI call scams

📱 Google is rolling out a new fake call detection feature for Android 12+ devices, starting with Pixel phones and enabled by default. When both parties use Phone by Google and RCS-enabled Messages, the caller's device sends a silent encrypted confirmation to the recipient; if absent, the recipient's device pings the contact's phone to verify authenticity and shows a warning if the contact denies making the call. The feature aims to counter AI voice-cloning and number-spoofing scams.
read more →

How geopolitical turmoil fuels online gift and aid scams

⚠ Geopolitical tensions have created a fertile environment for opportunistic scammers who exploit fear and sympathy to harvest credentials, personal data, or direct payments. Common ploys include fake charities, romance and travel scams, fraudulent charges, investment schemes, sensational fake news and classic advance-fee cons. Scammers increasingly use convincing content produced with generative AI and impersonation tactics to bypass trust; verify independently, avoid unsolicited links or calls, and protect devices with reputable anti-malware.
read more →

ICO issues five-step guidance on AI-driven cyber risk

🔐 The ICO has published a five-step guide urging organisations to prepare for AI-enhanced cyber threats, including deepfake social engineering, adaptive malware and automated exploitation. It points readers to the NCSC's updated Cyber Assessment Framework and expects baseline adoption of Cyber Essentials and the UK Cyber Governance Code. The guidance emphasises robust patching, MFA, least‑privilege, supply‑chain vetting, DPIAs for high‑risk AI and human oversight of AI-enabled defences.
read more →

World Economic Forum: AI, Deepfakes, and Cyber Defense

🔐 At the World Economic Forum Annual Meeting on Cybersecurity 2026, Fortinet highlighted how AI and deepfakes are reshaping attack surfaces, with identity now a primary vector and attackers operating in structured, continuous campaigns. Discussions stressed that AI accelerates reconnaissance and exploitation while defenders contend with fragmentation, governance gaps, and inconsistent visibility. Fortinet urged platform consolidation, stronger identity and exposure management, and operationalized public-private collaboration to better align detection with response.
read more →

Meta smart glasses, Copy Fail bug, and deepfake hire

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.
read more →

Deepfake Voice Attacks Outpacing Organizational Defenses

🔊 Deepfake voice cloning now needs as little as three seconds of audio and freely available tools to produce convincing, real-time impersonations. Incidents spiked in 2025, with attackers focusing on finance, HR and IT teams to trigger fraudulent transfers or credential changes. The author warns that traditional security stacks rarely detect these social-engineering attacks and urges organizations to build human verification habits—verbal passcodes, callbacks and continuous simulation-led training from vendors like Adaptive Security.
read more →

Detecting Cloud Identity Infiltration via Fake Hires

🔍 Microsoft observed North Korea-aligned actors posing as legitimate hires—using stolen or fabricated identities and generative AI—to gain trusted access to corporate SaaS. They target external career sites and Workday Recruiting APIs (hrrecruiting/*) to submit convincing applications, complete onboarding, then use legitimate accounts to access Teams, SharePoint, OneDrive, and Exchange Online. Defenders should correlate multi-source telemetry, enable Microsoft Defender for Cloud Apps connectors, and monitor behavioral anomalies in candidates and new hires.
read more →

The Deepfake Dilemma: Fraud, Reputation and Response

🔎 Deepfake technology is now widely accessible and sufficiently realistic to fool employees, executives and automated heuristics. A 2025 Gartner survey found nearly half of cybersecurity leaders encountered audio or video deepfakes in the prior year, and real-world incidents show attackers using synthetic media for both financial fraud and reputational sabotage. Organizations must combine rapid forensic verification, coordinated legal action and clear communications while pursuing long-term authentication and watermarking standards to restore trust.
read more →

Fake Ledger Live macOS App Stole $9.5M in Crypto from Users

🔒 A malicious macOS app impersonating Ledger Live on the Apple App Store drained approximately $9.5 million in cryptocurrency from 50 users after they were tricked into entering their seed/recovery phrases. Blockchain investigator ZachXBT traced funds moved across multiple chains (Bitcoin, Ethereum, Tron, Solana, Ripple) and funneled through more than 150 deposit addresses tied to a centralized mixer called "AudiA6" on KuCoin. Apple removed the fraudulent app after multiple reports, and KuCoin says it has frozen the implicated accounts pending further action. Ledger provides a Mac app on its website but not through the App Store; users are urged to download only from official vendor channels.
read more →

Telehealth Risks in 2026: Medical Data and AI Scams

🔒 Telehealth offers fast, convenient access to care but creates persistent medical records that are highly valuable to criminals. Stolen health data — from diagnoses and prescriptions to insurance IDs and test results — often fetches far more than payment or social-login credentials and enables extortion, fraud, and identity theft. The rise of AI-driven fake clinics and diagnostic tools makes realistic phishing and data-harvesting sites easier to create. Protect yourself by using a dedicated medical email, avoiding social sign-in, enabling 2FA, using clinic-provided encrypted portals, and keeping health devices patched.
read more →

FBI: Over $17.7bn Lost to Cyber Fraud in US During 2025

🛡️ The FBI's 2025 Internet Crime Report shows US victims lost more than $17.7 billion to internet-enabled fraud, with the Internet Crime Complaint Center (IC3) receiving over one million complaints in 2025. Cryptocurrency investment scams were the single largest source of financial loss at $7.2 billion, followed by Business Email Compromise and fake tech support schemes. The report also highlights nearly $893 million lost to AI-enabled fraud and 22,364 AI-related complaints, warning that synthetic content and deepfakes are increasingly abused to perpetrate scams.
read more →