Deepfakes Are Lowering the Barrier to Identity Fraud | eSecurity Planet
Threats
SHARE
Facebook X Pinterest WhatsApp

Deepfakes Are Lowering the Barrier to Identity Fraud

HYPR’s live demo shows how easily deepfakes can enable identity fraud.

Written By
Ken Underhill
Ken Underhill
Jun 17, 2026
3 minute read
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Organizations have spent years teaching employees to trust what they see and hear. 

However, advances in artificial intelligence (AI) are rapidly undermining those assumptions. 

A recent LinkedIn Live demonstration by HYPR showed just how quickly and easily a convincing deepfake can be created using freely available tools and publicly accessible images. 

During the demonstration, HYPR CEO and Co-founder Bojan Simic illustrated how an attacker could create a live deepfake in minutes by combining an online photo with open-source software and a virtual camera application. 

Key Takeaways

  • Deepfake creation is now accessible to almost anyone. Free tools, publicly available images, and online tutorials can enable convincing voice and video impersonation attacks in minutes.
  • Traditional trust signals are becoming unreliable. AI-generated voices and faces can mimic executives, employees, and trusted partners, making visual and audio verification alone insufficient.
  • Deepfakes increase social engineering and fraud risks. Attackers can use AI-generated impersonations to influence financial transactions, gain unauthorized access, or steal sensitive information.
  • Organizations should implement layered identity verification. Out-of-band confirmation processes, device trust, and multiple verification methods can help reduce the risk of successful impersonation attacks.
  • Phishing-resistant authentication is critical. Passkeys, FIDO-based authentication, hardware security keys, and continuous identity assurance provide stronger protection than relying on human judgment alone.

Deepfake Attacks Are Becoming Easier to Launch 

The demonstration highlighted a growing cybersecurity concern: sophisticated impersonation attacks are no longer limited to nation-state actors or highly skilled cybercriminals. 

Instead, the tools required to clone faces, voices, and identities have become widely available and easy to use.

According to Simic, creating a convincing deepfake once required specialized AI expertise, expensive hardware, and significant time. 

Today, the process can be completed in less than five minutes using free software, publicly available tutorials, and a basic computer. 

This dramatically lowers the barrier to entry for threat actors seeking to conduct fraud, social engineering, or account compromise attacks.

The risks associated with deepfakes continue to grow as organizations increasingly rely on remote communications and digital interactions. 

Attackers can use AI-generated audio and video to impersonate executives, employees, vendors, or trusted partners during video meetings, phone calls, or identity verification processes. 

In some cases, deepfake-enabled social engineering has been linked to significant financial losses after employees were convinced they were communicating with legitimate company leaders.

Advertisement

Why Traditional Identity Verification Is Failing 

A key challenge is that traditional methods of establishing trust are becoming less reliable. 

For decades, organizations have relied on visual and auditory cues to verify identity. 

If someone looked and sounded like the expected individual, that was often considered sufficient evidence. 

Deepfake technology challenges that assumption. As Simic noted, “seeing is no longer believing, and hearing is no longer proof.”

Many security awareness programs still encourage employees to watch for unusual behavior, visual glitches, or inconsistencies during conversations. 

While user vigilance remains important, deepfake technology is improving rapidly, making human judgment alone an increasingly fragile defense. 

Attackers specifically exploit the natural tendency to trust familiar voices and faces.

How Organizations Can Reduce Deepfake Risk 

To reduce risk, organizations should adopt a layered approach to identity verification. 

First, critical actions such as wire transfers, privileged access requests, password resets, and sensitive data disclosures should require multiple forms of verification. 

Organizations should establish out-of-band verification processes that use separate communication channels before approving high-risk requests.

Second, organizations should implement phishing-resistant authentication technologies, such as passkeys, hardware security keys, or FIDO-based authentication methods. 

These controls help ensure that identity verification is tied to cryptographic proof rather than visual confirmation alone.

Third, security teams should strengthen device trust and identity assurance programs. 

Verifying that users are connecting from trusted devices and expected locations can provide additional validation when deepfake-enabled impersonation attempts occur.

Finally, identity verification should be treated as an ongoing process rather than a one-time event. 

Continuous identity assurance, behavioral monitoring, and risk-based authentication can help organizations detect suspicious activity even after initial access has been granted.

Advertisement

Identity Is the New Security Perimeter 

As AI-powered impersonation attacks continue to evolve, organizations must rethink how trust is established in digital environments. 

Deepfakes may be capable of replicating faces and voices, but they cannot easily replicate cryptographic credentials, trusted devices, and strong authentication controls. 

In an era where identity has become the new security perimeter, organizations that strengthen identity verification processes will be better positioned to defend against the growing threat of deepfake-enabled fraud.
Ken Underhill

Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University and brings years of hands-on experience to the field.

eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Resources Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information