Deepfake

What is Deepfake?

A deepfake is synthetic media — video, audio, or images — generated using artificial intelligence techniques, particularly deep learning models, to create convincing representations of real people saying or doing things they never said or did. The term combines 'deep learning' and 'fake.' In cybersecurity, deepfakes have evolved from a disinformation concern into a direct attack tool: deepfake video files grew from 500,000 to over eight million globally in two years, and deepfake-enabled vishing surged 1,633% in Q1 2025 according to Keepnet research. Deepfakes are now a primary capability in AI-powered social engineering attacks.

Description

Deepfake generation technology has become accessible and inexpensive. AI voice cloning can produce convincing audio from as little as three seconds of source audio, and real-time voice conversion tools enable live phone impersonation during active calls. Deepfake video generation, while computationally heavier, has been used in documented enterprise fraud cases. The cybersecurity risk profile of deepfakes spans several attack categories. In fraud and authorization bypass, deepfake voices are used to impersonate executives and authorize wire transfers, override security controls, or extract sensitive information from employees. In social engineering, synthetic video calls have been used to create false urgency and establish false trust in real-time conversations. In identity verification attacks, deepfakes are used to defeat liveness detection checks in KYC (Know Your Customer) processes and biometric authentication systems — a significant threat for financial services organizations. In disinformation campaigns targeting organizations, fake executive statements can damage reputation or move markets. The World Economic Forum's Global Cybersecurity Outlook 2026 found that 73% of organizations were directly affected by cyber-enabled fraud in 2025, with AI-enhanced social engineering driving a growing share of losses.

Usage and Examples

In the most publicized enterprise deepfake case, employees at a multinational engineering firm attended a video conference where every participant except them was AI-generated, impersonating real colleagues and executives. They were instructed to authorize transfers totaling $25.6 million. In financial services, voice deepfakes have been used to impersonate finance managers on WhatsApp, resulting in transfers of over $18.5 million in a single incident. Organizations defending against deepfake threats need verification procedures that do not rely solely on audiovisual identity — callback verification through known numbers, multi-party authorization for financial transactions, and pre-arranged code words for sensitive requests. Technical defenses include deepfake detection tools, though the arms race between generation and detection continues to accelerate.

How Does This Relate to Penetration Testing?

Deepfake capabilities are increasingly part of the social engineering toolkit in advanced red team engagements. Testing whether an organization's processes and employees would detect or resist a deepfake-augmented attack — before a real attacker attempts one — provides concrete evidence for the business case behind verification procedures, awareness training, and process controls. Phishing simulation exercises that incorporate voice cloning scenarios test the specific employee behaviors that deepfake attacks exploit: trust in familiar voices, willingness to override normal procedures based on executive authority, and urgency-driven decision-making. Evolve Security's Red Team and Advisory services help organizations assess their exposure to deepfake-enabled attacks and build the process controls to withstand them.