Cybersecurity

How to spot a deepfake

A green wireframe model covers an actor's lower face during the creation of a synthetic facial reanimation video, known alternatively as a deepfake, in London, Britain February 12, 2019. Picture taken February 12, 2019.

The use of deepfake technology is on the rise - but it has a fatal flaw Image: REUTERS

Christine Laurens
This article is part of: World Economic Forum Annual Meeting
  • The use of deepfake technology is growing in volume and sophistication.
  • Awareness and vigilance are our best weapons against this threat.
  • These technologies may be smart - but they are not human. We are.

Just when you thought modern life couldn’t get any crazier, a video emerged during the run-up to the recent UK election, in which the Prime Minister Boris Johnson appeared to endorse his political opponent Jeremy Corbyn.

“Appeared” is the important word here, because this was actually just one of the latest in a steady stream of deepfakes – video and audio clips in which artificial intelligence simulates real people doing unreal things.

Of course, humans have been faking it for centuries. From tattoos and piercings to face paints and wigs, we love altering ourselves and indulging in a bit of make-believe. My own little secret for years was that I wore green-coloured contact lenses. I did need them for short-sightedness – the colour was purely a personal choice. And who can seriously say they haven’t tried an Instagram filter or two?

Have you read?

But there’s a darker side to this story.

In an increasingly divisive political climate, sabotaging politicians by showing them in fictionalized situations could be personally and politically devastating. The use of deepfakes in creating pornography is another disturbing trend.

It’s something that could potentially start to do real damage to businesses, too. Cybercriminals have already fooled a company into making a $234,000 wire transfer using an AI-powered deepfake of its CEO’s voice – and who knows how many other stories have gone unreported?

Recently, one of my team received a WhatsApp voice message from someone pretending to be our managing partner. Others received an email, supposedly from me, asking for a wire transfer to be made. In both cases, the phishing attempts didn’t succeed, but it was human instinct rather than formal security controls that saved the day.

So how can we protect ourselves as individuals and organisations from deepfake attacks?

It comes down to being super vigilant. Organizations can help by making sure employees undergo a thorough cybersecurity awareness programme that is updated frequently to inform them about the latest threats, and how to react. Here are a few things to think about.

1. Choose your information sources wisely

There has been a rise in the use of social media as a news source, particularly among younger people – which is not surprising, given they have grown up with digital media. Meanwhile, in non-Western countries like Brazil, Malaysia and South Africa, WhatsApp has become a primary network for sharing and discussing news.

In both scenarios, people will be seeing a mixture of genuine news, fake news, and subjective opinion presented as fact – sometimes from authentic sources, and sometimes from bots.

Perhaps this is why the report linked above also reveals that 55% of those surveyed are concerned about their ability to tell what’s real from what's fake online, while 26% said they had started relying on “more reputable” news sources. Of course, what might be considered reputable is still highly subjective, so if you want a clear, evidence-based analysis of a story, fact-checking sites like Snopes are probably the most useful resource.

2. Be careful about the information you share online

I wouldn’t say I’m reckless about my internet profile, but like many people there are certain things I do without thinking too much about, because they are just the norm these days, and convenience outplays caution. My husband, on the other hand, wants nothing to do with any of it and is extremely careful about any information he puts out there. He even deleted his Facebook account and was upset when a photo of him appeared on Google.

He probably has the right approach. It’s incredibly important to be sure you can trust any organization that has an online presence. There are lots of tips available out there, like this post from security firm ASecureLife.

Another thing to do on a regular basis is Google yourself – and your kids if you have them - to get an idea of your online footprint. The same goes for any accounts that you’ve created, for example to buy something online. You’ll probably be horrified by the number of places that hold information about you. If there’s anything lying dormant, don’t just leave it there – get it deleted.

Loading...

3. Run the “Real person, or bot?” test

Although bots are increasingly capable of more and more, there’s one thing they haven’t cracked yet – and that’s coming across as convincingly human. Just think about the last time you used the chat facility with a brand – you were probably able to tell from the language whether it was a chatbot or a person. We instinctively know what sounds right, and how real people speak and write.

Most people tend to message in a fragmented way, so if you’re getting only full and formal sentences in response, that’s probably a sign - as is getting the same answer more than once, or superfast replies. Even when we’re LOLing or communicating in emoji, humans tend to take longer than a split second to compose and send what we want to say. Especially when we’re looking for an emoji that doesn’t exist.

Discover

How is the Forum tackling global cybersecurity challenges?

What should leaders do?

Deepfake attacks are probably the most sinister thing we’ve experienced yet, and if you’re not familiar with the person being impersonated, how are you to know it’s a fake? To me this gives organizations an even more important responsibility than any cybersecurity measures they have in place.

It’s for anyone who has the authority to make financial or other important business decisions to make themselves known in a very authentic way to employees. That means getting out there and talking with people, being in their company, listening to one another and letting them get a feel for who you really are. It means not hiding anything, or trying to be something you’re not. And it means fostering a culture of genuine openness, so that people feel comfortable questioning something that doesn’t feel right, even if it has seemingly come from an authority source.

Lots of research has already shown the benefits of this type of approach anyway, but the better employees get to know the real you, the less the risk that they’ll be duped by any pretenders. Because while mimics are clever, and deepfakes are designed to be convincing, at the end of the day they’re not the real deal. And we are.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Related topics:
CybersecurityForum InstitutionalFourth Industrial Revolution
Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

US introduces new data rules, and other cybersecurity news to know this month

Akshay Joshi

November 4, 2024

3 key factors to make your cybersecurity training a success

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum