Jason Keenaghan | Director of Product Management
More About This Author >
Jason Keenaghan | Director of Product Management
More About This Author >
Scams have always evolved alongside technology. When printing presses arrived, so did forged documents. The telephone opened the door to voice scams. The internet gave rise to phishing — and we’ve all seen those fake “urgent” emails from someone pretending to be your CEO.
Now, we’re facing something far more sophisticated: deepfakes.
AI-generated voices and videos give scams an unsettling new level of realism. They make people believe what they see and hear — and that’s what makes them so dangerous. Many organizations still underestimate just how serious this threat is.
And since it’s Cybersecurity Awareness Month, it’s the perfect time to talk about deepfakes — why they’re different, why they matter, and what we can do to fight back.
Why Deepfakes Are Unlike Any Other Cyber Threat
You might be tempted to think of deepfakes as “phishing 2.0.” But they’re much more than that.
Traditional phishing scams play on our emotions — urgency, fear, curiosity. Deepfakes go deeper. They target our senses and our instinctive trust in what we see and hear.
Think about it: if you heard your CFO’s voice on the phone or saw your CEO’s face on a video call, you’d probably act on their request. That’s human nature. Attackers know this — and they’re using it against us.
Take the now-infamous case in Hong Kong last year: a finance worker transferred $25 million after joining a video call with what looked and sounded like their CFO — and six other “colleagues.” Every single one of them was a deepfake. And these weren’t pre-recorded videos; the attackers were responding in real time.
What’s even more worrying is that this wasn’t some high-budget operation. Anyone with a decent computer, or even a smartphone, could have done it. The same type of technology that powers fun social media filters can now be weaponized to mimic real people.
Today, it only takes three seconds of someone’s voice to clone it convincingly. For video, a single good photo will do.
And as businesses begin to integrate AI agents into customer and employee interactions, the line between human and machine is getting blurrier. The question becomes: how will we know what’s real or who we’re actually talking to?
The Cat-and-Mouse Game of Fighting Deepfakes
A year or two ago, most deepfakes were easy to spot. The lip-syncing was off, or the eyes didn’t blink quite right. Those days are gone. Even the most experienced professional can now be fooled by a well-made deepfake.
That’s the challenge we’re up against; the classic cat-and-mouse dynamic of cybersecurity. As defenses improve, attackers evolve. The technology used to detect deepfakes gets better, but so does the technology used to create them.
Will we ever have a tool that detects deepfakes with 100% accuracy? Probably not. But that doesn’t mean we’re powerless.
Here’s where organizations should start focusing:
1. Uncover Your Most Vulnerable Processes
First, map out which parts of your business are most at risk. That typically includes:
- User onboarding
- Account recovery
- Help desk interactions
In short, anywhere people are asked to verify their identity — whether that’s an employee, a customer, or a partner.
2. Apply the Right Technologies
No single solution can eliminate the risk, but the right technologies make a big difference. Look for identity verification tools that specifically address deepfakes.
Organizations like NIST evaluate and rank these tools, helping you understand which ones actually perform as advertised.
At Thales, for example, we use AI-powered liveness detection to analyze tiny, involuntary movements that even the best deepfake can’t reproduce. That’s how we help organizations secure authentication and onboarding sessions against these emerging threats.
3. Train and Empower Your People
Even though humans can’t always spot a deepfake anymore, awareness still matters. Employees need to know that what they see and hear can be manipulated.
Encouraging a culture of healthy skepticism — especially around sensitive financial requests or identity verification — goes a long way. Trust, but verify.
Deepfakes Are Here to Stay — But So Is Trust
Let’s be honest: deepfakes aren’t going away. They’ll only become faster, cheaper, and more realistic. That’s why now is the time to act — to build resilience into your processes, test your defenses, and create a culture where trust isn’t assumed but earned.
Trust is one of the most valuable assets a business has. And in the age of deepfakes, defending it has never been more important.
To learn more about how Thales’ digital identity and verification solutions help organizations detect and prevent deepfakes, read our latest blog here.
And while you’re at it, tune in to the Security Sessions podcast, where I talk about the rise of deepfakes and what organizations can do to stay one step ahead.