Get ready for Zoom-based deepfake phishing attacks, expert warns
Go ready for Zoom-based deepfake phishing attacks, expert warns
Deepfake attacks will get more sophisticated and harder to notice, Matthew Canham, a University of Central Florida research professor and cybersecurity consultant, told the Black Hat security conference last week.
Canham added that we may presently run across phishing attacks using deepfakes on Zoom or other videoconferencing apps, which he dubbed "zishing," as well as deepfake attacks using biometric media like fingerprints or facial recognition.
- How to gear up a Zoom meeting
- The all-time identity theft protection services
- Plus: Your Wi-Fi router might tell anybody where you live — what you lot can exercise
"My friend Dolores got a series of text messages from her boss to buy gift cards for 17 employees for the upcoming vacation party — and not to tell anyone," Canham said, "Dolores bought the souvenir cards, the political party came, and the boss didn't know anything about it."
Dolores, Canham explained, had been the target of a text-bulletin-based deepfake attack, in which an automatic script or "bot" initially contacted her and impersonated her boss by "spoofing" her boss's cell number.
The bot exchanged several letters with Dolores to establish trust, then a man took over on the other end and walked her through the balance of the scam.
Other deepfake scams
A well-publicized attack in the U.K. a few years ago involved phone calls, Canham said. A reckoner-generated vocalization application — or maybe a skilled human impersonator — that mimicked the boss's voice called a company posing as the chief executive, and so ordered that wire transfers be made to a specific account.
This happened two or 3 times before the company got suspicious and asked the "dominate" to verify his identity.
Canham calls these "synthetic media" attacks, in which the deception involved a combination of existent and simulated information. He'southward come with a classification framework that gauges five factors: medium (text, voice, video or a combination), control (run by a human, a bot or both), familiarity (how well does the target "know" the fake person), interactivity (are communications slow, fast or instant?), target (a particular private, or anyone?).
Canham cited a wave of virtual-kidnapping scams that took place in Indiana. People would receive calls from a family unit member, just to speak to a scammer who said he had abducted their family unit member and demanded bribe. One human being fifty-fifty got a such a call near his girl, even as his ain son got a ransom phone call from someone pretending to be the father.
The only "proof" was that the calls seemed to exist coming from a loved one. Withal, it's not difficult to "spoof" a phone number.
What the future holds for deepfake video scams
More video-based scams are coming, Canham said. Nosotros've already seen the deepfake video that comedian and director Jordan Peele did in which old President Barack Obama seems to comment on the movie Blackness Panther and insults and then-President Donald Trump.
In that example, Peele impersonated Obama'due south voice himself, and then used a deepfake programme to modify existing video of Obama and then that the mouth movements matched the words.
More alarming, though it may not exist obvious, Canham said, was the "I'm not a cat" Zoom video from 2020 in which a Texas lawyer found himself stuck with a kitten avatar during a court hearing.
In this case, the kitten avatar perfectly matched the Texas lawyer's mouth and center movements in real-fourth dimension. Information technology may non be long before like overlays and avatars tin brand videoconferencing participants convincingly look like completely different people.
"Give information technology a few years, and I recollect we'll soon see Zoom-based phishing attacks," Canham said, "Take that lawyer kitten video — imagine it wasn't a true cat, but the image of a unlike lawyer."
After that, he said, the next frontier is biometric-based phishing attacks, although that might involve "Mission Incommunicable"-way concrete creations.
"Yous could contend that a 3D-printed fingerprint might qualify," Canham said.
Nevertheless, there could be a digital component to that likewise. A few years agone, German researchers showed that a high-resolution photo of Chancellor Angela Merkel'south eyes might be good enough to fool an iris scanner, and that a similarly precise photo of another High german politico's raised mitt could exist used to create disarming fake fingerprint.
To cease a deepfake assail before it goes too far, Canham said, some surprisingly low-tech solutions might exist constructive. He said he'd heard of ane company boss who told his staffers he would never ask them to purchase souvenir cards.
In other instances, pre-shared code words might be required for an authorized person to transfer large amounts of money, or the approval of more than ane person might be necessary.
He also suggested fighting a bot with a bot, as information technology were. There's already the Jolly Roger Telephone projection, Cahnam said, a reckoner program that'southward designed to describe telemarketers into pointless conversations and waste their time. Maybe the best defence force against deepfakes is another deepfake.
You tin can view Canham's Black Hat presentation slides here, as well equally a related white paper.
Source: https://www.tomsguide.com/news/deepfake-phishing-attacks
Posted by: williamssweir1984.blogspot.com
0 Response to "Get ready for Zoom-based deepfake phishing attacks, expert warns"
Post a Comment