In 2020, phishing is among the most common forms of cyberattacks on businesses and individuals alike. 56% of IT decision-makers state that phishing attacks are the top security threat they are facing, with 32% of hacks involving phishing. Here is video phishing and how you protect yourself.
Phishing is no longer limited to emails from Nigerian princes offering the recipients massive returns on investments.
Many phishing messages and websites have become sophisticated to the point that users are no longer able to recognize them without specific training. Google now blacklists an average of 50,000 websites for phishing every week.
On the upside, the ways that you can protect yourself from phishing attacks have evolved as well in recent years. They range from using up-to-date firewall software to using secure platforms such as cloud-based business phone services.
A new threat is looming on the horizon: video phishing.
Driven by technological advances, artificial intelligence, and machine learning, this new trend has the potential of causing catastrophic security breaches.
Keep reading to find out what video phishing is, what it looks like, and how you can protect yourself.
How does Video Phishing work?
Surprise! Elon Musk is interrupting your Zoom call.
Sounds fake? It is.
But it looks disturbingly real.
See the end of the document for embed.
The video above shows an application of Avatarify, a tool developed by a researcher to transform users into celebrities in real-time during Zoom or Skype calls. Its inventor, Ali Aliev, says that the program’s purpose was to have some fun during COVID-19 lockdown — by surprising friends during video conferences as Albert Einstein, Eminem, or the Mona Lisa.
The technology behind donning someone else’s animated face like a mask is called deepfaking.
Deepfakes are relatively new applications of machine learning tools. These tools generate realistic faces by analyzing thousands of videos and images of a target’s face and extracting patterns for common expressions and movements. Then, these patterns can be projected onto anyone, effectively morphing them into someone else.
You use the image of Elon Musk. Or President Obama. In fact, a deep fake video of the former President calling his successor ‘a total and complete dips**t’ went viral back in 2018.
The implications of this technology for cybersecurity are wide-reaching and potentially disastrous.
Because instead of trolling your friends, or insulting President Trump via someone famous deepfakes — you won’t know if it’s friends being comical — or the dangerous, video phishing.
What are the Dangers of Video Phishing?
According to CNN, the majority of deepfake videos on the internet as of the end of 2019, were pornography. In total, 15,000 of such videos were counted. That might not sound like much, considering the vastness of the internet.
The reason for these rather limited numbers has been that generating convincing deepfakes takes a fair amount of computational power. Avatarify, for example, takes a high-level gaming PC to run properly.
But lower-quality applications have already been developed, such as a face-swapping app that got banned again fairly quickly.
It is only a question of time before deepfake technology becomes widely available. And widely used for cybercrime.
Some of these scams have already been recorded and you can find them on YouTube.
In one case, hackers used similar technology to deepfake the voices of CEOs and sent voicemail messages to executives. They succeeded in effecting a transfer of a mind-boggling $243,000.
In another case, three men were arrested in Israel for swindling a businessman out of $8 million by impersonating the French foreign minister.
Experts are already warning against other possible applications of deepfake videos for frauds to generate funds. One scenario, for example, is extortion. Hackers could threaten the release of a video containing content that can be damaging to a person’s or business’ reputation. Such content could range from straight-out pornography to the CEO of a company endorsing racist views.
As experiences have shown, that could be disastrous. For businesses, even the regular kind of ‘fake news’ can have catastrophic impacts on industry relationships, and even their stock market values.
“Those kinds of things can put a company out of business through reputation damage,” Chris Kennedy of the AI cyber-security platform AttackIQ said in a recent interview with Forbes. “We’re hitting the tipping point in which technology is taking advantage of the biggest human weakness, we’re over-trusting.”
How to Defend Yourself against Deepfake Video Phishing
Today, having a high cybersecurity standard is more important than ever. With online life proliferating during the COVID-19 crisis, scams and phishing attacks have flourished as well.
The good news in the case of phishing videos is that the technology, as of 2020, is still relatively new, and the case numbers relatively low. That means that individuals and businesses have time to prepare, and disseminate information to ward against such attacks.
Know the basic defense moves
As a most basic form of defense, extreme caution is advised if you receive an unsolicited video call, especially from someone famous or in a position of authority. Never trusting caller IDs, hanging up immediately, and not sharing any information on such calls is essential.
If you receive video messages that might be authentic, but you are uncertain about it, you can use software to determine if what you are facing is a deep fake. For example, companies such as Deeptrace offers software with the capacity to recognize AI-generated video content.
Apart from that, some low-tech solutions to protect against video phishing are having agreed-upon code words when communicating about sensitive information via video messaging, using a second communication channel to confirm information, or asking security questions that your interlocutor can only answer if they are the real deal.
Basically, pretend you’re in an old James Bond film. ‘In London, April’s a Spring month’ and all that.
Using AI to morph into someone else and extract sensitive information may still sound futuristic. But it is only a question of time until video phishing hits the mainstream.
As technology advances and artificial intelligence and machine learning applications to copy the face and voice of people become widely available, the number of deepfake scams is set to go through the roof.
The best you can do, is to be aware, keep informed, and brace yourself. Keep safe.