Skip to main content

São Paulo/SP – December 16, 2022. deepfake is a technology used to create fake but very realistic videos of people doing something they've never actually done or in situations they've never witnessed.

*By Marcelo Sousa

THE deepfake is a technology used to create fake but very realistic videos of people doing something they've never actually done or in situations they've never witnessed. The term "deepfake” was created in reddit, a news and discussion portal in 2017. This new term drew a lot of attention because artificial intelligence was being used to replace people's faces and create fake and embarrassing videos of famous people. Currently, there are applications that can create deepfakes in a matter of seconds. O impressions and ZAO are some examples of applications.

And why is it a security risk? Criminals are using this technology that is becoming more popular, to make millionaire scams on companies and people, and even to spread disinformation and fake news🇧🇷 Therefore, the deepfake poses a security risk. O "deep" in deepfake refers to deep learning, which originates from artificial intelligence where algorithms train themselves. Protected photos, videos and with the help of algorithm, it is possible and easy for people to create fake and malicious videos on Internet.

Below are some examples of how criminals are taking advantage of this technology.

  • Social Engineering Attacks: A worrying scenario regarding deepfake, is when material is created to induce the victim to make a decision that may put him or her at risk. One possible situation would be to create a fake video of a friend from work. The showing of this footage at a meeting could be used by criminals to collect important company data, or even apply blows. In August 2019, in the United Kingdom, an executive of an energy company transferred 220 thousand euros to someone who impersonated the CEO of his company, through a video fake.
  • Disinformation: the use of deepfake can have serious consequences, especially when it comes to public opinion, because it is very difficult to differentiate, at first, if the material is real or fake🇧🇷 Thus, technology may end up contributing to the dissemination of fake newsand sharing news and images that do not portray the truth.

How to notice if the video is real or if it has been modified?

Below are some tips on how to tell if the video is real or if it has been modified:

  • Analyze possible blurs or misalignments: check if the face is aligned with the body, or if there are smudges at the junction of the face and neck.
  • Analyze Hair: in this type of video, criminals have difficulties in simulating the natural movement of the hair, and normally the hair looks plastered.
  • Analyze eye and face movements: an important suggestion is to notice whether the facial expressions match the story told in the video.

All these tips are important and currently applicable, however, it is good to know that the natural tendency of the technique is to evolve and mature over time, making it increasingly difficult to identify its veracity.

— Marcelo Sousa is an Information Security GRC Consultant at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!