We’ve likely all had a phishing message or e-mail like this before:
This style of attack was popular 5-10 years ago and hopefully by now we all know how to spot and avoid these, but what if the e-mail actually had your picture in it?
Thanks to a new AI app these messages are likely to see a resurgence. The DeepFakesApp is an AI machine learning application that is able to convincingly manipulate and “face swap” videos. What once would have taken a team of advanced CGI artists and months of work[Star Wars Rogue One: Princess Leia] can now be done with no technical knowledge on a high end PC in a matter of hours.
The application was released in December and the reddit page dedicated to it has already amassed over 15,000 followers. Celebrities have been the main target so far, partly thanks to the large amount of training images available but already people are attempting these swaps on smaller collections of images of friends, colleagues and even random unsecured Facebook profiles.
What has this got to do with Phishing?
Well very soon we anticipate that spear phishing attacks will contain the ultimate click-bait, an e-mail with a very embarrassing picture or video clip of the target. The combination of shock value and the target’s desire to prevent this image spreading further is going to drive many unprepared recipients to click the link attached within and fall victim to the attack.
High risk users such as HR, Accounts and Directors are likely to be the intial targets for these e-mails due to the current time investment required in creating these images, however as this process inevitably gets quicker everyone will become a target.
What can you do to protect yourself?
The best way to protect yourself is to make yourself aware of the risks. Raising awareness and learning how to identify and handle phishing e-mails is your best protection against these threats. If you do not currently have a Cyber Security training program in place, then your business should be looking to set one up sooner rather than later.
If you are interested in online module based Cyber Security and Awareness training, get in touch for a demo and a quote at firstname.lastname@example.org or call 01534 780852.
For further reading on the DeepFakesApp see below:
(BEWARE: While not explicit the following link should be considered NSFW) https://motherboard.vice.com/en_us/article/bjye8a/reddit-fake-porn-app-daisy-ridley