Access Controls
Initiatives
Capabilities
IntegrationsCybersecurity 101 Categories
What is deepfake phishing?
Deepfake phishing is a type of phishing attack that uses AI-generated fake audio or video to trick victims into revealing sensitive information or sending money. Unlike traditional phishing, which often relies on text-based emails, deepfake phishing creates highly realistic audio or video impersonations of trusted individuals, such as a CEO, a family member, or a government official.
The goal is to exploit human trust and urgency to bypass security awareness, making these attacks highly effective and dangerous.
How Deepfake Phishing Works
The attacker uses deep learning technology to create a video or audio of a target individual. This often involves mimicking their voice, appearance, and mannerisms, making the impersonation appear genuine.
- Targeted Attack:
The attacker sends the deepfake to the intended victim, often through a video call or phone call, to make it appear as a legitimate communication.
- Urgent Request:
The deepfake then delivers an urgent, often unexpected, request for financial transactions, personal data, or other actions that benefit the attacker.
- Exploiting Trust:
By leveraging the perceived authenticity of the deepfake and the victim’s trust in the impersonated individual, the scammer creates a sense of urgency and pressure to act quickly, reducing the likelihood of the victim verifying the request
What are examples of deepfake phishing scams?
Deepfake phishing scams can affect individuals and companies alike.
Financial fraud:
An employee receives a video call from someone who looks and sounds like their boss, instructing them to make a large electronic fund transfer, only to find out later it was a deepfake.
Individual attacks:
A scammer uses a voice clone of a relative to convince a grandparent that the relative is in trouble, like a hostage or in jail, and urgently needs money.
Business-focused attacks:
Executives’ voices or faces are used to trick employees into compromising company accounts or sharing sensitive information
Real-World Examples
- CEO Fraud with Deepfake Voice
Scenario: An employee receives a phone call or voicemail that sounds exactly like their CEO or CFO.
Attack: The “CEO” urgently instructs them to wire funds to a new account or approve a vendor payment.
Real-Life Case: In 2019, criminals used AI-generated voice to impersonate a UK-based CEO, tricking a manager into transferring €220,000.
- Fake Video Calls
Scenario: An attacker creates a deepfake video of an executive, HR manager, or IT support person and joins a Zoom/Teams call.
Attack: They request confidential files, login credentials, or ask for security bypasses during the call.
Emerging Trend: Cybersecurity firms have already reported criminals experimenting with deepfake avatars on video conferencing platforms.
- Deepfake Recruiter Scams
Scenario: A “recruiter” on LinkedIn sends a video introduction or conducts an interview using a synthetic face/voice.
Attack: They use the pretext of a job offer to collect sensitive information like Social Security numbers, bank details, or even trick targets into downloading malware as part of a fake “skills test.”
- Family or Friend Emergency Scams
Scenario: A victim receives a phone call or video that appears to be their child, spouse, or relative.
Attack: The deepfake voice claims they’ve been in an accident or arrested and need money immediately.
Real-Life Case: In 2023, parents in Arizona reported a scam where a cloned voice of their daughter demanded ransom.
- Vendor or Partner Impersonation
Scenario: A finance team gets a video message from what looks like a real vendor contact.
Attack: The deepfake instructs them to update payment details or switch to a new bank account for invoices.
- Credential Harvesting via Fake IT Helpdesk
Scenario: Employees receive a video tutorial or voicemail from someone posing as internal IT support.
Attack: The deepfake directs them to a fake login portal or requests MFA codes under the guise of “resetting systems.”
Why These Scams Work
- They exploit trust in voice and face recognition, which traditional phishing (emails, texts) lacks.
- They create urgency and authority that make victims less likely to pause and verify.
- They’re hard to detect without specialized training and tools, since the deepfake may look or sound convincing.
How can deepfakes be prevented?
How to Protect Yourself
Here is how individuals can protect themselves based on type of deepfake:
Phone: Verify the caller’s identity
Always verify requests, especially for financial transactions, by contacting the sender through a known, trusted method (like a separate phone call to a known number).
Email or Text: Be suspicious of urgent requests
Be wary of sudden, urgent demands for money or sensitive information, even if the request comes from a familiar voice or face.
Video: Watch for visual and auditory inconsistencies
Look for visual clues like unnatural facial movements, flickering or inconsistent lighting, or unusual blinking. Pay attention to repetitive speech patterns or inconsistent voice tones.
Companies can protect their critical assets by combining technological defenses with human vigilance.
- Implement strong email policies (using passwordless authentication)
- Improve network security with solutions like zero trust NAC
- Conduct regular security awareness training for employees
How does NAC help defend against deepfake phishing?
How NAC Helps Against Deepfake Phishing
- Limits Lateral Movement & Rogue Devices
If a deepfake scammer convinces someone to plug in a laptop, connect a personal device, or “help test something,” NAC ensures that unauthorized devices cannot connect to the corporate network.
This blocks one of the easiest follow-ups to a social engineering scam: dropping a rogue device inside your perimeter.
- Enforces Identity + Device Posture
Modern NAC (especially cloud-native) ties network access to user identity + device compliance.
Even if an attacker tricks someone into sharing a password, the NAC won’t allow access unless the connecting device is registered, compliant, and healthy.
- Automates Access Controls
Deepfakes rely on human judgment under pressure (“The CEO says do this now!”).
NAC enforces automated network policies that a phone call or video cannot override.
For example: a wire transfer request might come through a deepfake, but the workstation being used still has only standard user privileges on the network.
- Visibility & Alerts
NAC gives security teams visibility into who and what is connecting.
If a deepfake scam leads to unusual behavior (e.g., an employee connecting a new device “on the CEO’s orders”), NAC can flag it instantly.
On-Prem NAC vs. Cloud-Native NAC
On-Prem NAC (e.g., Cisco ISE, Aruba ClearPass):
- Strong enforcement, but complex to manage.
- Scaling across remote branches is hard.
- Updates (new detection, integrations) are slower — a disadvantage when facing fast-evolving threats like deepfake scams.
Cloud-Native NAC (e.g., Portnox Cloud):
- Faster deployment & policy updates — important for adapting to new attack patterns.
- Works seamlessly across branches, remote workers, and hybrid environments where deepfake social engineering is most likely to strike.
- Better integrations with identity providers, SIEM/SOAR, and endpoint security tools — meaning faster correlation if a phishing/deepfake attempt results in suspicious access.
- Reduced reliance on local infrastructure (no outages if a branch server goes down — relevant since attackers often strike during chaos).
Bottom Line
NAC alone can’t stop someone from believing a fake video or voice. But it dramatically reduces the chances that a bad decision turns into a breach.
When it comes to adapting to new social engineering threats like deepfakes, cloud-native NAC has a clear advantage over on-prem because it:
- Scales across distributed users,
- Updates faster,
- Integrates more easily with other security controls, and
- Requires less manual oversight (less room for human error).