If I had to guess, I think most people, when asked about “deepfakes”, if they are concerned at all, are concerned about elections, political fakes, or famous people being taken down by fake videos. We aren’t thinking about phishing, and yet, in a time when many companies are struggling with employees who can’t seem tor resist clicking on a link in an email or responding to a fake email, what will happen when it’s this instead?
“Forget about spear phishing. Instead, create a video or audio clip of “the boss” demanding a password or a financial transaction.”
As I’ve said before about emails from the boss, that aren’t really from the boss, the first step is creating a culture where it’s OK to say no to the boss if she asks for something outside of the normal checks and balances.
How many of you can say that would be supported in your workplace? Or, with a partner in a law firm?
Do you have the ability to say no, and be backed up by management in doing so?
Would you even take that chance?
That’s how fake audio/video is going to create phishing success, not by exploiting an employee’s ignorance, or inattention, but by exploiting the very way you run your business.