Defending Your Business Against AI-Driven Deepfake Attacks

Understanding deepfake technology

Deepfakes are AI-generated videos, photos, or audio clips designed to appear convincingly real by altering original content — from mimicking voices, to superimposing faces onto different bodies, to manipulating videos to show fabricated speech and movements. 
 

What types of deepfake attacks are there?

A presentation attack involves showing falsified images or videos directly to the camera — printed photos, masks, or screen replays that trick verification systems.

Business example: An employee attempting to access a secure financial system holds up a high-resolution printed photo of the CFO’s face to the camera during facial recognition login and bypasses the authentication system to gain unauthorized access to company accounts.

An injection attack bypasses the camera altogether, feeding synthetic or altered biometric data directly into the verification pipeline to appear authentic at a software level.

Business example: A cybercriminal uses malware to intercept the data stream between a company’s verification camera and its authentication software, injecting a deepfake video feed of the CEO during a remote banking session to authorize large wire transfers without the CEO's knowledge.
 

Deepfakes can be malicious

Deepfake technology is widely available. It's important to recognize when it is being used maliciously to understand its evolving capabilities.

The following business examples show how deepfakes create threats:

• A company receives a video call where individuals impersonate executives and request immediate fund transfers.
• An organization discovers manipulated video content showing leadership making inappropriate statements.
• A business leader's voice gets synthesized to authorize unauthorized payments to fraudulent accounts.
   

How malicious deepfakes can harm businesses

Financial fraud: Deepfake video calls or audio recordings appearing to be from executives can authorize fraudulent transactions.

Brand and reputational damage: Deepfake content showing business leaders making damaging statements can tarnish individual and company reputations.

Data breaches: Cybercriminals can use deepfakes to trick employees into disclosing sensitive information.

Authentication disruption: Deepfakes can deceive identity verification technologies like facial and voice recognition to access sensitive information and financial accounts.
 

Help your business mitigate the risks of deepfakes

By staying informed and adopting proactive measures, your business can reduce risks from this evolving threat.
 

Educate

• Regularly train employees on deepfake technology and its risks.
• Provide examples across all mediums -- email, text, web, audio, and video.
• Implement regular training to help employees recognize deepfake red flags and to report suspicious content.
   

Prepare

• Invest in technologies that analyze media files for manipulation signs.
• Partner with cybersecurity firms specializing in deepfake detection.
• Develop incident response plans to address deepfake attacks quickly.
   

Protect

• Establish identity verification protocols including multifactor authentication, secure communication channels, and secondary verification steps.
• Consider using pre-arranged code phrases to confirm identities.
• Monitor email, social media, and communication channels for unusual activities or suspicious content.
   

Knowledge and preparation are your best defenses.

We're committed to arming you with the latest information on cybercrime and payments fraud. To learn more, visit key.com/businessfraud.

For information about KeyBank's core fraud solutions, connect with your payments advisor or relationship manager or email our commercial payments team.