Researchers at Palo Alto Networks’ Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news anchors, and high-profile government officials.
Unit 42 believes a single threat actor is behind the scheme. The researchers discovered hundreds of domains used to spread these campaigns, each of which has been visited an average of 114,000 times.
The goal of the operation is to spread investment scams and fake government-sponsored giveaways.
“Starting with a campaign promoting an investment scheme called Quantum AI, we studied the infrastructure behind this campaign to track its spread over time,” the researchers write. “Through this infrastructure investigation, we discovered several additional deepfake campaigns leveraging completely different themes that the same threat actor group created and promoted.”
The scammers are targeting users around the world, tailoring the campaigns for specific countries.
“We discovered deepfake videos in several different languages, including English, Spanish, French, Italian, Turkish, Czech and Russian. Each campaign typically targets potential victims in a single country, including Canada, Mexico, France, Italy, Turkey, Czechia, Singapore, Kazakhstan and Uzbekistan.
Similar to the Quantum AI scam campaign, these videos add AI-generated audio on top of an existing video and use lip-syncing tools to alter the lip movement of the speaker to match the new audio. Visitors to these webpages are prompted to register with their name and phone number, and they are instructed to await a call from an account manager or representative.”
While investment scams aren’t new, deepfakes allow criminals to easily lend authority to the scams by impersonating well-known figures. Notably, Unit 42 has observed deepfake-as-a-service tools being peddled on criminal forums.
“Our researchers have encountered cybercriminals selling, discussing, and trading deepfake tooling and creation services across forums, social media chat channels, and instant messaging platforms,” the researchers write.
“These tools and services offer capabilities for generating deceptive and malicious content including audio, video, and imagery. The ecosystem surrounding deepfake creation and tooling is alive and vibrant, and cybercriminals are selling a variety of options from face swapping tools to deepfake videos.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Unit 42 has the story.