Emerging threat from deepfakes leads to cybersecurity arms race

Dominic Forrest said he enjoys giving educational sessions demonstrating how easy it is for crooks to overlay someone else’s face onto their own using deepfake technologies. 

During one such demonstration, Forrest explained that a single image from someone’s LinkedIn profile — or any social media account — can be overlaid onto his face in real-time. The technology, called “face swap,” has advanced to the point that most people would struggle to tell the difference between a real person and someone using a deepfake. 

“I strongly believe you can’t tell the difference anymore,” said the chief technology officer for biometric identity provider iProov.

While giving these demonstrations to organizations, Forrest said he’ll refer to examples where employees were tricked into transferring company funds to cybercriminals. In one of these cases, an employee in the Hong Kong branch of UK engineering firm Arup transferred $25 million after a criminal gained the employee’s trust via a deepfaked videoconference call in early 2024, reported the World Economic Forum (WEF).

“You can see people’s eyes open and suddenly going: ‘Hey, we’re vulnerable to this,’” said Forrest about the demonstrations. “And, unfortunately, all organizations are vulnerable to this.”

Technology-enhanced social engineering

The threat posed by deepfakes comes from people believing what they see, a report from the Department of Homeland Security stated, “and as a result deepfakes and synthetic media do not need to be particularly advanced or believable in order to be effective in spreading mis/disinformation.”

Arup’s chief information officer, Rob Grieg, called the 2024 incident “technology-enhanced social engineering” in an interview with the WEF, adding that it wasn’t a cyberattack in the purest sense since none of the company’s systems were compromised.

“People were deceived into believing they were carrying out genuine transactions that resulted in money leaving the organization,” Grieg said.

With the advancement of deepfake technology, especially with the arrival of generative AI, the sophistication and threat posed by such methods has only increased. 

Deepfake attempts occurred every five minutes in 2024, and jumped from 0.1% to 6.5% of fraud cases according to information collected by the CISO Advisory, which added that more than $200 million in documented losses were attributed to 163 deepfake incidents in the first quarter of 2025.

A 2025 Gartner survey of cybersecurity leaders found that 62% of organizations experienced a deepfake attack involving social engineering, like a video or audio call, or exploiting an automated process. 

“As adoption accelerates, attacks leveraging GenAI for phishing, deepfakes and social engineering have become mainstream, while other threats — such as attacks on GenAI application infrastructure and prompt-based manipulations — are emerging and gaining traction,” Akif Khan, Gartner’s VP analyst, was quoted as saying during a security summit.

Job recruiters reportedly saw a surge in deepfake use among job candidates. An April 2025 post by Palo Alto Networks’ Unit 42 said there was evidence that North Korean workers were applying to — and getting hired for — remote IT positions using real-time deepfake technology and stolen personal information. 

Detecting deepfakes

The challenge of authenticating workers who don’t sit behind desks is a big factor that drove Ping Identity’s acquisition of biometric security provider Keyless in late October. 

With estimates of up to 80% of the workforce falling under the “frontline” category, where workers may share terminals or work in environments that restrict device use, Ping CEO Andre Durand told Bank Info Security that Keyless’ deepfake detection and privacy protections were essential as threat actors increasingly target IT help desks. 

Keyless uses a technique called “zero-knowledge biometrics” to authenticate without storing biometric data on a potentially susceptible server. In August, Biometric Update reported that Keyless claimed to have the strongest deepfake fraud protection available after meeting biometric attack detection standards in Europe by Cabinet Louis Reynaud - CLR Labs, specifically standards for detecting injection attacks that bypass a device’s camera to allow a criminal to inject synthetic media like deepfakes.

Ping expected to first deploy the technology to shared computers, factory terminals and call center interfaces before rolling it out to its wider suite, according to Bank Info Security.

For its part, iProov announced in November that it was the only vendor to meet the biometric verification requirements of the U.S. National Institute of Science and Technology’s (NIST) Digital Identity Guidelines that define the technical and security requirements for digital identity systems used by the U.S. federal government.

Its Flashmark technology uses controlled illumination to confirm a person is real and physically present, preventing injection and spoofing attacks that bypass traditional liveness checks, and is backed by continuous threat monitoring from its security operations center (SOC).

"You really want to know that credential is under the control of the right person," said Forrest. "You've got to make sure it is a real face and a real person who's there right now."

Evolution in the ability to detect deepfakes comes at a time where threat actors are looking for ways to skirt such security.

iProov reported in September that it discovered a deepfake tool that could defeat weak facial biometric authentication systems by bypassing the physical camera of jailbroken iPhones running iOS 15 or later. In August, identity verification vendor Jumio reported an 88% increase in injection attack attempts over the last year. 

“The technology is improving vastly. The ability and the quality of these improves fast, and you have to stay ahead of it,” said iProov’s Forrest. “It’s very much an arms race … on laptops, on PCs and on other devices.”