Nextcloud wins Platinum at the IT Awards 2024!
Nextcloud has been awarded Platinum at the IT Awards 2024. Today, we celebrate this win together!
Read MoreOngoing public concerns over real-time video scams has been the spur to gain global attention as we witness new major incidents taking place increasingly more. Take a Hong Kong MNC recently falling prey to a scammer in a colossal $25.6 million heist — the deepfake technology has already evolved enough to bring on a whole new brand of fraud.
What remains is a call to action. Are there ways to protect yourself and your organization against con men posing as your boss, your business partner, or even your own mother? Let’s find out!
First things first, let us start with the definition.
In case the definition of a deepfake is still unclear to some, a deepfake is content generated using deep learning techniques that is intended to look real, but is in fact fabricated. Artificial intelligence (AI) used to generate deepfakes typically employs generative models, for example, Generative Adversarial Networks (GANs) or auto-encoders.
Deepfakes are used not only in video content, but also in audio recordings and images. The purpose of a deepfake is often to depict an individual or a group saying or doing something that they never did in reality. To produce content that appears convincing, the AI must use large datasets in its training. It allows the model to recognize and reproduce natural patterns present in content it is designed to mimic.
While deepfake technology is a breakthrough with great potential in the film industry and game development, as well as a rising social media trend, it also opens dangerous opportunities for illegal use. The examples are numerous and include identity theft, evidence forging, disinformation, slander and biometric security bypass. In all cases, fraudsters typically leverage the depicted person’s authority over the targeted individuals or personal connection to them, depending on the setting.
Watch back our webinar on secure conferencing in Talk. learn how to set up reliable access control, prevent leaks and track back all suspicious activity.
WatchDeepfakes are used to produce video, audio or image content, as a recorded media or a real-time stream. It can be a YouTube video, a ‘leaked’ recording in a social post, a phone call or a video conference – the opportunities are practically unlimited.
Depending on the purpose, the format is picked accordingly. For example, political disinformation works best where mass engagement is possible, meaning that spreading it publicly via social media is the best tactic. Whereas seeking a private gain from a company or or individual requires a more intimate setting and often a personal conversation.
When it comes to threats to your personal life, finance or security, we can narrow down the most dangerous deepfake scenarios to encounters with people you care about, trust , or report to. This can be a family member, a friend, or an authority figure at work such as your boss or a company executive.
The setting will most likely be private: whether over a phone call or a video meeting. Personal meetings are much easier to execute and give the faker much more control over the situation. The conversation, whatever the background is, will lead you to an action under a sense of urgency or fear – most likely to transfer a sum of money. The tactic is to deceive your logic and common sense using fear, compassion or even ambition.
As generative AI development drives a huge interest and investment, we are entering a dangerous zone: real-time video, the most sophisticated and convincing deepfake use case yet, still has a very little awareness.
Real-time video deepfakes generate manipulated video content in real-time for immediate application during live streams and video calls. Voice cloning and face swapping are the most frequently used techniques to compose a complete faked environment.
Face swapping is a common application of deepfakes, allowing the software to replace facial features of a target person with fake features, most often those of another person. With facial landmark detection and manipulation techniques, the blending appears seamless and hard to spot when caught unaware.
In addition to looking convincing, a faker also needs to sound convincing. For this part, voice cloning is used. In voice cloning, the AI replicates the voice of the individual. A significant amount of high-quality audio data is required to train a voice cloning model, usually obtained from recordings of the target person speaking in various contexts and using different intonations.
Deepfake technology is capable of impersonating real-life individuals and doing it in a real-time setting, making the result even more convincing (and terrifying!). But how does the software work in a way that we encounter deepfakes using familiar meeting platforms?
Deepfake generation software can be integrated with streaming platforms and video conferencing tools in many ways:
Finally, to the most important part. How do you protect yourself against a deepfake, or at least get prepared to spot a fake boss making a sketchy request over video?
Privacy-first videoconferencing software is a key to safe meetings. Meet Nextcloud Talk, a powerful chatting and meeting platform that lets you regain control.
AI face swapping technology maybe advanced, but it’s not perfect. There are red flags you can spot, or at least learn to look out for when something seems off or unnatural:
There are methods to help you fish out the red flags that generally won’t make the conversation awkward if the person is in fact real.
First, there’s nothing more natural than a casual conversation. Engage in small talk: ask about their day, routine, questions about people you both know, etc. A complete stranger will struggle to be spontaneous and maintain the same personal connection. It’s also easier to catch one off guard when they lose a sense of control.
You can also use other video conferencing features: ask the person to share their screen and show you something related to your common tasks. This will be very difficult to replicate without access.
Finally, once they make a suspicious request, you have more freedom to be alert openly — politely ask them to confirm their identity by providing some exclusive information or send you a confirmation message via a different channel.
One more way to ensure confidence when it comes to sensitive topics is setting up a password or passphrase. This is an easy way to confirm the identity of the people you know, both at work and between family members, and it is equally effective via voice, video and text communication.
If a faker poses as a person you know well, chances are you have more than one communication channel to reach out with. Use email, a messenger or a personal phone number to contact them and raise a question — the reason is valid.
To replicate and manipulate a person’s voice or image, AI needs a massive amount of data. This data is often gathered beforehand, during online calls and meetings. Features like Recording Consent in Nextcloud Talk may help you protect yourself and others from such a data haul.
It’s unlikely for your real boss to set up a meeting via a platform you never use for work. And if they do, they must have a good reason! Don’t be afraid to stand up to suspicious activity.
Using company software means better control over the data and compliance with privacy regulations. Even better — if you run it on-premises! Should an incident happen, the company IT team can run an audit to retrieve the relevant data and investigate.
Ensure secure access to your videoconferencing platform with settings like 2FA, strong passwords, data encryption, activity monitoring, and login restrictions. This applies to your personal settings and administrative controls.
Using a privacy-oriented, unified workspace with admin control in all apps makes sure your security protocols are in place to detect and prevent breaches. Nextcloud Hub provides a user friendly videoconferencing platform that keeps users happy to stay within company IT.
How Nextcloud Talk protects your data:
Nextcloud is an open-source project backed by a strong community with proactive approach to vulnerability research and patching. It is designed to let you stay compliant with GDPR, CCPA, and the upcoming EU ePrivacy Regulation.