In the past few years, artificial intelligence technology has crossed a threshold with the capability to make people look and sound like other people. A “deepfake” is fabricated hyper-realistic digital media, including video, image, and audio content. Not only has this technology created confusion, skepticism, and the spread of misinformation, deepfakes also pose a threat to privacy and security.
With the ability to convincingly impersonate anyone, cybercriminals can orchestrate phishing scams or identity theft operations with alarming precision. In a recent incident, cybercriminals posed as a company’s chief financial officer and other colleagues in a Zoom meeting. The elaborate scam led to the loss of $25 million.
Identify and report deepfakes
To help protect Stanford against similar attempts, below are some tips to identify and report deepfakes.
What you should watch for:
- Be wary of phone calls or videos that appear to come from trusted colleagues or senior executives when they involve unexpected demands or requests for financial transactions.
- Take note of unusual, urgent requests to set up vendors, make purchases, process electronic fund transfers, or update accounts payable or banking information.
What you should do:
- If you have any doubts about the legitimacy of a request, pause and consult with others before proceeding. It’s always better to take a moment to verify than to fall victim to a fraudulent scheme.
- Independently verify the request by contacting the alleged requester using a separate, trusted communication channel that you initiate. This will ensure that you’re communicating with a legitimate person, rather than an imposter.
- If you encounter any suspected deepfake fraud attempts or fraudulent activity, immediately report it. Here are a few Stanford resources for reporting:
- Information Security Office and University Privacy Office for IT security or privacy concerns (e.g., suspected phishing scam or data compromise).
- Ethics and Compliance Hotline for concerns about possible financial irregularities, unethical behavior, and violations of policies, regulations, or laws.
- Fingate (view under Managing Potential Fraud and Disputes) if you suspect the deepfake to be initiated by someone who has hacked one of our suppliers.
Share this information with members of your team or business unit who initiate and approve financial transactions. Your vigilance and communication will help protect our community against the threat of deepfake fraud and maintain the integrity of our financial transactions.