All news with #deepfake fraud tag

🛡️ New IO research reports that 26% of surveyed UK and US organisations have experienced data poisoning, and 37% observe employees using generative AI tools without permission. The third annual State of Information Security Report highlights rising concern around AI-generated phishing, misinformation, deepfakes and shadow AI. Despite the risks, most respondents say they feel prepared and are adopting acceptable use policies to curb unsanctioned tool use.

🛡️Researchers at Genians say North Korea’s Kimsuky group used ChatGPT to generate fake South Korean military ID images as part of a targeted spear-phishing campaign aimed at inducing victims to click a malicious link. The emails impersonated a defense-related institution and attached PNG samples later identified as deepfakes with a 98% probability. A bundled file, LhUdPC3G.bat, executed malware that enabled data theft and remote control. Primary targets included researchers, human-rights activists and journalists focused on North Korea.

🔐 Attackers are increasingly bypassing email defenses by infiltrating organizations through the hiring process, as in the 'Jordan' example where a bogus hire gained broad access on day one. Remote recruiting, AI-generated profiles and deepfakes have turned identity into the new perimeter, undermining traditional vetting. Adopting zero standing privileges—with JIT/JEP, strict baselines and comprehensive auditing—and tools such as BeyondTrust Entitle can remove persistent access and automate time‑bound, auditable privilege grants.

🛡️ VirusTotal has extended Code Insights to analyze PDF files by correlating the document’s visible content with its internal object structure. The AI inspects object trees, streams, actions, and the human-facing layer (text/images) to surface both technical exploits and pure social-engineering lures. In early testing it flagged numerous real-world scams—fake debt notices, QR-based credential traps, vishing alerts, and fraudulent tax-refund notices—that traditional engines missed when files contained no executable logic.

⚠️ AI-driven deepfake ads on social media are increasingly used to impersonate banks, celebrities and news outlets to lure victims into investment fraud. Campaigns observed in 2024–2025, including the Nomani Trojan activity, use fake or hijacked accounts, localized messaging and deepfake testimonials to harvest credentials or steer targets into scam groups. Reported losses from investment fraud are substantial, so verify offers independently and avoid clicking unsolicited financial ads.