AI-generated fraud: Preventing deepfakes, AI voices, and fake profiles

7 April 2025
| No comments
Advertising

Share post

AIs generate everything for the user—including a wealth of fraudulent content, such as deepfakes, AI voices, or fake profiles. Users can be perfectly deceived by these methods—except for good systems. Only a combination of measures can help combat AI-generated fraud: people, processes, and technology.

Since the emergence of generative AI two years ago, it has captured people's imaginations and permeated more and more areas of life – with numerous advantages, of course, but also new risks. Security researchers at Trend Micro continue to see AI as a key driver of criminal activity in 2025. AI-generated fraud is evolving rapidly and becoming increasingly difficult to detect. The FBI also warns that fraudsters are increasingly using artificial intelligence to improve the quality and effectiveness of their online scams and reduce the time and effort required to deceive their targets, according to Tobias Grabitz, PR & Communications Manager at Trend Micro.

Advertising
Perfect SME cybersecurity
How small and medium-sized enterprises defend against AI-led attacks with tailored security

The many faces of AI fraud

AI-based technologies, such as generative AI tools, are legitimate tools that assist in content creation. However, in the hands of criminals, they serve to facilitate crimes such as fraud and extortion. These potentially malicious activities include the misuse of text, images, audio, and video.

Recently reported Google Mandiant says North Korean IT professionals use AI to create personas and images, posing as non-North Koreans, to gain employment with organizations around the world. Once successful, these individuals generate revenue for the North Korean regime, engage in cyberespionage, or even attempt to spread malware to steal information on corporate networks.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

🔎 Protection at all levels: Interaction of different measures: people, processes and technology (Image: Trend Micro).

Among the most commonly used criminal methods are deepfakes. These AI-generated videos can depict people in a deceptively real way and manipulate their statements. They are used for disinformation campaigns, blackmail, identity theft, or even fraudulent financial transactions.

Voice clones are also popular: AI can be used to replicate voices. Vishing (voice phishing) is used by fraudsters to pose as family members, business partners, or government officials over the phone and thus obtain sensitive information or money.

AI-generated, automated fake social media profiles can be used for social engineering, spreading misinformation, or even financial fraud. Similarly, AI-powered chatbots can deceive users in fake online stores or on fraudulent websites to obtain personal or payment information.

Finally, AI can be used to create personalized and convincing phishing emails that are difficult to distinguish from genuine messages. These emails can now be tailored even more specifically to victims, making detection more difficult. Last but not least, AI tools are also useful in forging documents, for example, for fake job applications or loan applications.

Protection at all levels

Combating AI-generated fraud requires a combination of measures: people, processes and technology must be taken into account.

People

🔎 Protection at all levels: Interaction of different measures: people, processes and technology (Image: Trend Micro).

Awareness and media literacy: Broad education about the potential for AI-based manipulation is crucial. Users must learn to critically handle information and question content. Traditional phishing awareness training, which focused on incorrect language, poor grammar and spelling, and suspicious URLs as indicators, is no longer sufficient. Modern attack simulations and training courses focusing on new threats and attacker behavior are recommended. This also includes promoting media literacy to better identify fake content.

The FBI also recommends:

  • Be skeptical of unexpected requests and verify information directly with the source.
  • Recipients should also pay attention to subtle imperfections in images/videos (e.g., unnatural hand positions, facial irregularities, strange shadows, or unrealistic movements).
  • When making calls, check for unnatural tone of voice or word choice to detect AI-generated voice cloning.
  • Finally, it helps to limit the publicly accessible content of your own images/voice, set social media accounts to private and restrict followers to trusted people.
  • Zero-trust approach: The principle behind it is to trust no one by default and to consistently verify identities and content.

Processes

🔎 Protection at all levels: Interaction of different measures: people, processes and technology (Image: Trend Micro).

Verification needs to be rethought: Verifying financial transactions or contracts through verification calls from numbers on lists is obsolete due to AI-assisted vishing. It is recommended to create a predefined stakeholder list, request consent from multiple stakeholders, and use coded language that is used only within your own company. For individuals, the FBI, for example, recommends identifying a secret word or phrase with your family to verify the caller's authenticity.

A policy for GenAI: A company-wide policy for the use of generative AI can enforce the measures for the security of AI use.

Technology

Authentication methods: Stronger authentication methods, such as two-factor authentication, can make access to sensitive accounts more difficult.

Deepfake detection: Tools that can automatically detect deepfakes are still under development and do not always work reliably. Trend Micro is actively researching this area to develop effective detection methods.

AI-based fraud detection: AI can also be used to detect fraud by analyzing patterns in large amounts of data and identifying suspicious activity. Trend Micro offers a solution for consumer users based on artificial intelligence, ScamCheck.

Advanced email security: Email security solutions should go beyond traditional gateways. Typography analysis and computer vision, which can "see" down to the level of individual pixels, can play an important role in detecting fake login pages, for example.

Conclusion

AI-generated fraud is a serious threat that affects us all. By combining technological solutions, clear processes, education, and vigilance, both consumers and businesses can better protect themselves against this growing threat. It's important to be aware of the risks and handle information critically. The constant evolution of AI requires us to continually adapt our defenses to stay one step ahead of fraudsters.

More at TrendMicro.com

 

About Trend Micro

As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.

 

Matching articles on the topic

DDoS attacks: the most important means of cyber warfare

In the second half of 2024, there were at least 8.911.312 DDoS attacks worldwide, according to the results of a recent DDoS Threat Intelligence Report. ➡ Read more

Cybercrime: Russian-speaking underground is leading

A new research report provides a comprehensive insight into the Russian-speaking cyber underground, an ecosystem that has fueled global cybercrime in recent ➡ Read more

Cyber ​​Resilience Act: Companies should act now

The Cyber ​​Resilience Act (CRA) is coming in leaps and bounds. This means that manufacturers will soon no longer be able to ➡ Read more

Use of AI/ML tools increased by 3000 percent

AI/ML tools are popular, according to the findings of a recent threat report. However, their increased use also brings with it security risks. Cybercriminals ➡ Read more

Vishing: Criminals rely on voice phishing attacks

Using AI-generated deepfakes, cybercriminals imitate trusted voices. Vishing exploded in the second half of 2024, according to the results of a ➡ Read more

Digital Trust Index: Trust in digital services is declining

Digital trust or fear of a data breach influences whether consumers turn to or away from brands, according to the results ➡ Read more

Software security is inadequate in half of the companies

The 15th edition of the "State of Software Security Report", which is based on a comprehensive dataset of 1,3 million individual applications and 126,4 million ➡ Read more

Cyber ​​Risk Index falls slightly – but not for all companies

Companies that rely on proactive security demonstrably reduce their risk, as reflected in the Cyber ​​Risk Index (CRI) study. ➡ Read more

AI, ML, new technology, Stories, TrendMicro
, , , , , ,