Video Deepfake Attack
What is Video Deepfake Attack?
Video Deepfake AttackAn attack that uses AI-generated synthetic video of a real person, often in a live meeting, to authorise fraudulent transactions or spread disinformation.
A video deepfake attack combines face-swap or full-frame synthesis models with voice cloning to impersonate a real person on recorded or live video. In early 2024 a finance worker at the Arup engineering group in Hong Kong was tricked into transferring approximately US$25 million after joining a video call in which the CFO and other colleagues were entirely deepfaked. Attackers also use the technique to bypass remote know-your-customer (KYC) checks and to spread targeted disinformation that impersonates politicians or executives. Defences include passphrases agreed in advance, mandatory out-of-band verification for large transfers, liveness detection on KYC flows, and media-provenance standards such as C2PA.
● Examples
- 01
The 2024 Arup case in Hong Kong, where a deepfake video call impersonating the CFO led to a US$25 million wire fraud.
- 02
Real-time face-swap used during a remote KYC video check to open a bank account under a stolen identity.
● Frequently asked questions
What is Video Deepfake Attack?
An attack that uses AI-generated synthetic video of a real person, often in a live meeting, to authorise fraudulent transactions or spread disinformation. It belongs to the AI & ML Security category of cybersecurity.
What does Video Deepfake Attack mean?
An attack that uses AI-generated synthetic video of a real person, often in a live meeting, to authorise fraudulent transactions or spread disinformation.
How does Video Deepfake Attack work?
A video deepfake attack combines face-swap or full-frame synthesis models with voice cloning to impersonate a real person on recorded or live video. In early 2024 a finance worker at the Arup engineering group in Hong Kong was tricked into transferring approximately US$25 million after joining a video call in which the CFO and other colleagues were entirely deepfaked. Attackers also use the technique to bypass remote know-your-customer (KYC) checks and to spread targeted disinformation that impersonates politicians or executives. Defences include passphrases agreed in advance, mandatory out-of-band verification for large transfers, liveness detection on KYC flows, and media-provenance standards such as C2PA.
How do you defend against Video Deepfake Attack?
Defences for Video Deepfake Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Video Deepfake Attack?
Common alternative names include: Video deepfake fraud, Live deepfake impersonation.
● Related terms
- ai-security№ 1208
Voice Cloning Attack
An attack that uses AI-generated speech mimicking a real person to bypass voice authentication or trick victims into authorising payments or actions.
- ai-security№ 036
AI-Generated Disinformation
False or misleading content produced or amplified by generative AI to deceive audiences, manipulate opinion, or influence elections, markets, or conflicts.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
- ai-security№ 297
Deepfake
Synthetic audio, image, or video media generated by AI to convincingly depict a real person saying or doing something they did not.