Putting numbers and weighing answers to the deepfake fraud dilemma

Deepfakes are maturing fast, becoming harder to detect with the naked eye and analytical algorithms, but researchers have a few suggestions for how people and businesses can protect themselves.

Deepfakes and injection attacks are now used in attempted fraud in 3.9 percent of age and identity verification checks, up from 1.6 percent in 2023, according to Yoti.

The company performs 5 million checks a week across its various services, and noted that it observed more than 6,000 attacks per day in January of 2025, a marked increase from 1,000 per day last February. Yoti put out a white paper on how to combat deepfakes a year ago, just as the scale of the problem was becoming clear to many.

Similarly, Sardine notes in a LinkedIn post that it is “starting to see this challenge reach critical mass.” The company predicts not just greater sophistication, but attacks starting in social media before moving onto crypto or banking platforms.

Further, Sardine sees these trends intersecting with the explosive growth of first-party fraud to create “a perfect storm” of fraud.

Phantom fingers and difficult dialects

In addition to errors in details like the number of fingers people have, inconsistent shadows or reflections and the credibility of the source and the message, the limitations of the technology can be exploited, according to Eurasia Review. iProov has found that 60 percent of people are confident they can accurately identify a deepfake, but only 0.1 percent can back the claim up by actually doing so.

Viggo Tellefsen Wivestad, a researcher with Norwegian science institute SINTEF, points out that the deep learning algorithms behind deepfakes can struggle with details like a local dialect of a language with a relatively small number of speakers. Due to the availability of training data, he says, “It is easier to create deepfakes from Jonas Gahr Støre’s Eastern Norway dialect than Erna Solberg’s Bergen dialect.”

Wivestad suggests setting up a code-word ahead of time, or asking a suspected fraudster about a detail they would not know, to differentiate people from digital fakes. People can also control the channel they are interacting in.

“Someone who is looking to defraud you will normally need to initiate the contact themselves, so if you are in any doubt, end the conversation and contact the person via the channels you would normally use,” Wivestad tells Eurasia Review. “It is also not possible to deepfake reality, so you might want to consider having sensitive conversations face-to-face.”

Multimodal biometrics and mandates

Multimodal biometrics also have a role to play in defending against deepfakes, as Biometrics Institute members discussed during a recent episode of the organization’s “On the Pulse Conversation.”

The conversation, which included representatives of JCour Consulting, Facephi, Corsound AI, Trust Stamp and Facia, led to the conclusion that deepfakes are here and cannot be prevented, only detected. Participants considered whether governments should mandate protections against deepfakes, possibly including biometrics.

And the problem is a global one. Malaysia’s government is considering whether specific legislation is necessary to regulate deepfakes, reports Awani International. Malaysia already has a law against disseminating false content, but that may not be enough after 454 fraud cases involving deepfakes were reported to the country’s national police force, with losses amounting to 2.27 million Malaysian ringgit (approximately US$610,000).

In the U.S., DARPA is working on advanced deepfake detection technologies. Device-level defenses are coming, too, with Honor planning to launch on-device analytics to watch out for injection attacks in April, according to Gizchina. And Appdome is launching 30 new dynamic defense plugins to perform deepfake detection as part of its Account Takeover Protection suite, which it says can help protect the integrity of native device biometrics.

Article Topics

Appdome  |  biometrics  |  deepfakes  |  injection attack detection  |  Malaysia  |  multi-modal  |  Sardine  |  Yoti