Photoshopped images and fake news are nothing new in the war of misinformation but what’s becoming more and more common are deepfakes, and they could spell real trouble for businesses.
A deepfake is the name for manipulating a video or audio clip to make it look and sound like someone is saying something they’re not. In this blog, I’ll take you through just what deepfakes look like, how they’re created, the potential harm they can cause for businesses and how to mitigate this risk.
Are you seeing a deepfake or the real thing?
While we’ve grown skeptical of photos and images being circulated online because of the ease of photo editing, falsified videos and audio clips have been harder to create, but not anymore.
You might’ve seen this clip, which looks and sounds like an address from former US President Barack Obama.
You might’ve also heard the sound bite where Prime Minister Jacinda Ardern appears to say that the nation’s capital should be moved to Auckland.
Both of those examples never happened, but they appear very convincing and were created using artificial-intelligence powered algorithms and programs.
How are deepfakes made?
Essentially, the way it works is that a deepfake program (which can be easily found online and downloaded) is fed with as much source material of the subject as possible, such as videos of speeches and interviews. The technology then analyses aspects like voice patterns, facial movements while speaking and other nuances in how they communicate. The more information it’s fed, the more accurate it will be at recreating that person and this is why it’s become so easy to fabricate a video of a prominent public figure such as a politician or celebrity.
When you combine this with the ease of which information and misinformation can be spread on social media, you have a concoction that could be used to influence elections, damage a person’s image, and, for businesses, it could cause significant damage.
How deepfakes spread misinformation and harm businesses
The danger with deepfakes lies in their ability to spread misinformation, much like a fake news article or photoshopped image would. But knowing that videos can be easily altered isn’t as widespread among the public right now, so those who see or hear these could easily believe it’s the real thing – and it’s becoming a major issue in the midst of the COVID-19 global pandemic.
The clickbait attack
One of the most popular ways deepfakes are leveraged by hackers is to piggyback on an event that is topical and already garnering a lot of attention and then creating a fake video about it. The idea is to hook people in to click on a link which will take them exactly to where a hacker wants them; it’s the next level in phishing attacks.
There have already been countless supposed COVID-19 conspiracies and stories doing the rounds both here and around the world, and some of these could well have been created by hackers looking to steal personal information.
Let’s say one of your employees sees a video where the World Health Organization declares the discovery of a new pandemic that will force the complete closure of all borders even for citizens returning to their home countries.
This employee might have family or friends living overseas who are Kiwis who wouldn’t be able to get home, so they click the video and also share it because it looks to be a credible piece of information.
By clicking the link, they could potentially download malware to their company computer which then tracks their activity to find out various login and password details.
This can easily lead to a ransomware attack on your organisation, where your data has been compromised and the attackers demand payment to relinquish it.
So, what are the odds of one of your employees coming across a deepfake or even just a video with false information?
More than one in four of the most viewed COVID-19 videos in English on YouTube contain misleading or inaccurate information, according to a study by BMJ Global Health.
Will changes to the Privacy Act minimise the harm of deepfakes?
The Privacy Act in New Zealand is changing in order to keep up with the rapid technological developments that have spawned a new privacy landscape globally.
Organisations now collect a lot of information about customers, employees and the general public and the new legislation will put greater emphasis on the need for those organisations to take proper care of the personal information they hold.
The most powerful aspect of online disinformation is the ability to micro-target messaging at the exact audience where it will have the greatest impact, for example, serving pro-Trump fake videos to Trump supporters.
As we’ve outlined above, deepfakes can be the bait to get you to fall into a phishing trap, but the information gathered about you in this trap can then be used to tailor a fake message to one that will resonate with your interests. So the more they can gather about you, the more targeted their attacks will become and the more successful they will be.
While the changes to the Privacy Act will go some way towards ensuring personal data is more secure, the biggest weakness is still your people.
Prioritise educating your people
Educating your workforce to be aware of how hackers can try to trick them into clicking a link is paramount. And this is even more important with the events going on in 2020.
More companies have moved to a working-from-home situation and it can be difficult to ensure employees are practicing proper cyber security awareness when they aren’t behind your corporate firewall.
Right now, it’s especially important to make sure your employees are aware of COVID-themed scams and remain vigilant to any emails purporting to be from the health authorities or Government.
New Zealand’s privacy laws are set to change and businesses will need a plan in place to make sure they comply. Check out our videos and resources to find out what businesses need to know to be prepared.