A call from the CEO: The quarter's ending, and she needs a big transfer, stat, for a last-minute acquisition. The line's a bit fuzzy — she says she's driving — but before it cuts out, she gets the comptroller to wire millions to an external account, Kaveh writes.
The catch: That wasn't the CEO on the line. It was a deepfake — an AI-generated voice clone, trained on hours of her speech, with made-up background noise to mask its shortcomings.
What's happening: This futuristic scam has already hit at least three companies, according to Symantec, a prominent cybersecurity company. And experts worry it's the hint of a new reality for businesses.
- Deepfakes — in audio, video, or image form — can help scammers pull off new-age heists, or, in a yet-unrealized nightmare scenario, tank a stock before an IPO or product launch.
- Imagine: a convincing fake video or audio clip of Elon Musk disclosing a massive defect the day before a big Tesla event. The company's share price would crumple.
The big picture: Video and audio deepfakes are improving at a frightening pace, and they're increasingly easy to make.
- There's been an uptick in sophisticated audio attacks over the past year, says Vijay Balasubramaniyan, CEO of Pindrop, a company that protects call centers from scammers.
- But businesses aren't ready, experts tell Axios. "I don’t think corporate infrastructure is prepared for a world where you can’t trust the voice or video of your colleague anymore," Henry Ajder of Deeptrace, a deepfakes-detection startup, tells Axios' Jennifer Kingson.
Even if companies were clamoring for defenses, few tools exist to keep harmful deepfakes at bay, says Symantec's Saurabh Shintre. The challenge of automatically spotting a deepfake is almost insurmountable, and there are hurdles ahead of a promising alternative: creating a digital breadcrumb trail for unaltered media.
- Pindrop monitors for audio attacks like altered voices on customer service lines.
- Symantec and ZeroFOX, another cybersecurity company, say they are developing technology to detect audio fakes.
What's out there already isn't cheap.
- New Knowledge, a firm that defends companies from disinformation, says its services can run from $50,000 to "a couple million" a year.
- Just monitoring the internet for potential fakes comes at "a substantial cost," says Matt Price of ZeroFOX. "And that's not even talking about the detection piece, which will probably be fairly expensive."
As a result, businesses are largely defenseless for now, leaving an opening for a well-timed deepfake to drop like a bomb.
- "If you're waiting for it to happen, you're already too late," New Knowledge COO Ryan Fox tells Axios.
Go deeper: Companies take the battle to online mobs