DeepTrust

Autonomous voice-based scams are here... AI now allows attackers to automate and scale personalized voice phishing and social engineering from 1:1 to 1:many. As reported by Bill Toulas in the article below, UIUC researchers Richard Fang, Dylan Bowman, and Daniel Kang evaluated how ChatGPT-4o can be used to automate these types of attacks. Key Quotes: "Overall, the success rates ranged from 20-60%, with each attempt requiring up to 26 browser actions and lasting up to 3 minutes in the most complex scenarios". "Bank transfers and impersonating IRS agents, with most failures caused by transcription errors or complex site navigation requirements. However, credential theft from Gmail succeeded 60% of the time, while crypto transfers and credential theft from Instagram only worked 40% of the time". "As for the cost, the researchers note that executing these scams is relatively inexpensive, with each successful case costing on average $0.75". "The AI agents that perform the scams use voice-enabled ChatGPT-4o automation tools to navigate pages, input data, and manage two-factor authentication codes and specific scam-related instructions. Because GPT-4o will sometimes refuse to handle sensitive data like credentials, the researchers used simple prompt jailbreaking techniques to bypass these protections".

How can deepfakes be used to target organizations? Here's a great graphic from a recent FS-ISAC report - I've added where DeepTrust can help. While the FS-ISAC report (linked below) and original graphic are specific to financial institutions, many of these threats apply across industries. Highly recommend taking some time to check out their incredible work.

Great new report from the FS-ISAC (linked below) discussing how deepfakes are impacting the financial sector. As social engineers continue to increase their usage of AI in attacks, it is critical that organizations prepare accordingly. AI is unlocking new levels of personalization, scale, and effectiveness along with new channels for attack delivery. Internal voice and video calls between employees are now increasingly vulnerable to impersonation attacks leveraging deepfakes, as are all customer facing communication channels. Going forward, it is critical that organizations of all sizes assess their vulnerability to AI powered social engineering and fraud. Employee awareness, education, and training is critical, but with how good deepfakes already are (and their rapid pace of continued improvement), implementing additional tools and controls is essential to protect employees. At DeepTrust, we are helping organizations protect their employees from AI powered social engineering across all of their voice and video calls. Some key quotes from the article: "Deepfake video, audio, or images are a potent emerging threat to financial services firms". "...With each technological advancement comes new challenges, and perhaps none is more pressing or potentially disruptive than the rise of deepfake technology". "Losses from deepfake and other AI-generated frauds are expected to reach tens of billions of dollars in the next few years". "6 in 10 Executives say their firms have no protocols regarding deepfake risks". "Abuse of trust is not a novel attack against the sector, but deepfakes leverage and exploit trust at a new level". https://lnkd.in/gh5dHHjD

Wiz employees targeted with deepfake voice messages from the "CEO" in the latest example of how attackers are leveraging gen AI to improve social engineering and phishing. Fortunately, in this instance, employees were able to identify that something was wrong due to inconsistencies between Assaf's typical voice and the deepfake of him that was created using audio from a public speaking event. Unfortunately, this is just the latest high profile incident in the increasing trend of deepfakes being used to improve voice and video based social engineering attacks. As the tech continues to improve, so will the effectiveness of these types of attacks. Going forward, protecting employees from these attacks is increasingly critical - especially across voice and video communication channels where employees are increasingly being targeted. DeepTrust can help. https://lnkd.in/g7t3GT_U

🎙️I'm excited to tell you about one of my podcast episodes in which we dive deep into the critical topic of leveraging AI to protect human voice authenticity - How AI can save us from deepfake voice scams? 🗣 In a world increasingly plagued by #deepfake scams and audio manipulation, understanding how to verify the authenticity of voices has never been more crucial. My guest, Noah Kjos, co-founder and COO of DeepTrust AI, sheds light on this pressing issue and the innovative AI solutions his company has developed to help people combat becoming a victim of these deepfake scams.🎙️ 🚀Here are three key takeaways from our conversation: 🌟 The Growing Threat of Deepfakes: Deepfake technology has advanced rapidly, making it easier for malicious actors to create convincing audio impersonations. Noah shared a harrowing personal story about how his grandfather received a scam call that sounded just like him, highlighting the real-world implications of this technology. It's a stark reminder that we must remain vigilant and educated about the risks associated with our digital voices. 🌟 The Importance of Education and Awareness: One of the biggest challenges in combating deepfake audio is the lack of awareness among consumers and businesses. Many people don't realize how accessible their voices are online, whether through social media, podcasts, or other platforms. Noah emphasized the need for educational initiatives to inform individuals about the potential misuse of their voice and the importance of skepticism in our communications. 🌟 Innovative Solutions for Detection: DeepTrust AI is at the forefront of developing tools to detect deepfake audio. Their technology analyzes audio for unique synthetic artifacts that can indicate whether a voice is real or generated. With an impressive accuracy rate of 98%, their solutions are designed to integrate seamlessly into existing communication platforms, providing an additional layer of security for businesses and individuals alike. As we navigate this new era of digital communication, it's essential to stay informed and proactive about the tools available to protect ourselves. I encourage you to listen to the full episode for more insights from Noah and to learn how we can all contribute to a safer digital environment. 🔗 Listen to the episode here! https://lnkd.in/dZSqAf-6 Let's continue the conversation! What are your thoughts on deepfake technology and its implications? How do you think we can better protect ourselves and our communities? Share your thoughts in the comments below! 👇

Yesterday the New York State Department of Financial Services (DFS) issued new guidance around AI-cybersecurity risks. Top of the list? AI enabled social engineering. "AI-enabled social engineering presents one of the most significant threats to the financial services sector. While social engineering has been an issue in cybersecurity for years, AI has improved the ability of threat actors to create highly personalized and more sophisticated content that is more convincing than historical social engineering attempts." The notice also calls out two other significant ways AI is enabling attackers. "AI has accelerated the speed and scale of cyberattacks. With the increased proliferation of publicly available AI-enabled products and services, it is widely believed by cyber experts that threat actors who are not technically skilled may now, or potentially will soon, be able to launch their own attacks. This lower barrier to entry for threat actors, in conjunction with AI-enabled deployment speed, has the potential to increase the number and severity of cyberattacks..." Social engineering, phishing, and fraud can now all be attempted with unprecedented ease, effectiveness, and scale thanks to the new AI tooling available to attackers. With this, it's increasingly important that organizations assess how they are defending their employees from these types of attacks - especially from AI powered ones, and especially across historically lightly defended voice and video communication channels. Read more below: https://lnkd.in/g53GtXTR

In security, deepfakes aren't THE threat. This year so far 49% of businesses worldwide have been targeted with deepfake audio and video scams (report linked below). This data shows that deepfakes are no longer an "emerging" threat - but let's be honest, they never were. Deepfakes are just malicious use of gen AI. New tools with which to conduct social engineering, phishing, and fraud. The tool itself is not the problem. It's how it allows these types of attacks to evolve. Impersonation attacks across voice and video communication channels are now infinitely easier, and can be done at scale while being personalized on a per-employee basis. With this, there is a growing urgency in defending employees from these types of attacks - especially from AI powered ones, and especially across historically lightly defended voice and video communication channels. DeepTrust can help.

Awesome demonstration from Joe Tidy of how deepfake clones are now able to join and communicate in live meetings. With the Zoom CEO saying digital twins will "revolutionize workplace productivity", deepfakes in video calls are only becoming more and more common. With this, the security of video conferencing platforms is quickly becoming increasingly critical and complex. Not only will organizations need to know if and when a deepfake is used, they will also need to know what it is being used for and it's source. At DeepTrust we help security teams navigate this problem and protect their employees from social engineering and deepfakes across all of their voice and video communication channels. In a future where employees can no longer tell what (and who) is "real" on a call, active real-time protection across platforms is essential.

How are hackers abusing AI? Per Morgan Stanley, #1 and #3 on the list are social engineering and deepfakes. With gen AI improving faster than ever, businesses need to begin rethinking how they approach security for their voice and video calls. Relying on employee security awareness training won't be enough when we can no longer reliably tell what's real or fake. At DeepTrust we can help. https://lnkd.in/gkzKTQ-4

US Senator targeted with a real-time deepfake on a Zoom call 👀 This is just the latest high profile incident highlighting the fact that generative AI is now good enough to allow effective social engineering attacks across video conferencing platforms. "Cardin and his staff had met previously with Kuleba, "and when they connected on Zoom, it appeared to be a live audio-video connection that was consistent in appearance and sound to past encounters,” according to the notice." Familiar faces and voices are extremely disarming - and with the rapid improvements in generative AI, we have now passed the point of being able to rely on our own eyes and ears to secure our calls. At DeepTrust we are helping security teams with this exact problem. We defend voice and video calls across organizations from social engineering, voice phishing and deepfakes so that employees can have confidence that they are protected from these types of attacks with minimal disruption to their workflows. https://lnkd.in/gH4qNGp9