Deep Fakes Ai Firebrand

Hands, eyes, voice — How to spot an AI Deepfake

It's that time of year when fake notifications flood our inboxes... Stay vigilant!

Fb Logo Uk Wheel Rgb 200Px
Phil Chapman
17 December, 2024

Do you remember the buzz phrase ‘Hands, Face, Space’ in 2020? Welcome to a new one in 2024, ‘Hands, Eyes, Voice’!

The other week I was fortunate to attend a webinar hosted by SecurityWeek in the US that was all about the use of AI and deepfake attacks.

The main speaker was a very experienced Ethical Hacker who demonstrated how easy it was to find a target and fake their face and voice – which was quite alarming. These techniques are already being used in vishing attacks and internet romance fraud. Organised crime groups are also using the technology in their spear phishing and whaling attacks with a degree of success.

Seeing it happen live on a demo really hammers home the importance of believing that this technology is real and being used (it is not sci-fi).

The point of Ethical Hacking is education and defence. So here are a few tips and tricks that I picked up from the webinar.

If you think you're being scammed by a phone or video call, interrupt the caller while they're speaking. 

If they continue to speak or there is a 5-6 second delay in their response – be suspicious.

Do not call them back on any numbers they give you or agree to receive codes from them.

If you can see them, look out for the following signs of it being a deepfake:

1. Hands

Moving hands (in front of the face or holding something) are a real giveaway to AI not quite being up to speed yet. Don’t worry about counting fingers, but if the image pixelates or the hands appear to morph into the cup, pen, or face, be suspicious. Don’t just blame Teams or a slow internet connection!

2. Eyes

Blinking eyes are generally slower on AI faces or reversed (which looks very odd). Be aware that eyes are another AI give away and if they look odd, be wary!

3. Voice

Faking a voice is quite simple, but AI makes it sound robotic. It is possible to merge a fake voice with another to improve cadence and make it sound more natural, but it is still not perfect. If you know the person you are supposed to be talking to, call them back or message them on a known number or system just to check that it is them.

It's that time of year when we're all receiving more Spam and Junk mail amongst legitimate messages about parcels, online orders, etc. So now is a particularly important time to stay vigilant. This technology will only get better (probably quicker than we think!), so be on the lookout!