Deepfake-Assisted Phishing - AI Security Technique

Adversaries may use deepfakes (AI-generated synthetic images, audio, or video) in phishing campaigns to impersonate trusted individuals, executives, or organizations. These attacks exploit human trust by presenting fraudulent voice or video communications as legitimate, enabling adversaries to manipulate targets into disclosing credentials, transferring funds, or granting access to systems.

Voice deepfakes (AI-cloned voices) are used in vishing [\[1\]][vishing] (voice phishing) attacks over telephone or VoIP. Adversaries can clone a target's voice using a few seconds [\[2\]][valle] of publicly available audio from speeches, earnings calls, podcasts, or social media [\[3\]][voice]. These cloned voices are then used in pre-recorded voicemail messages or live phone calls. Video deepfakes can impersonate a trusted individual's face and voice. Adversaries use publicly available video from company meetings, earnings calls, or social media to create convincing AI-generated video of target individuals. They are used in live video conference calls or recorded video messages. AI-generated content has advanced to the point that it is often difficult to identify as synthetic [\[4\]][fbi].

Adversaries may first perform Obtain Capabilities: Generative AI followed by Generate Deepfakes in preparation for their Phishing campaign. Deepfake phishing campaigns often utilize other communication channels (such as email, SMS, or instant messaging) for layered social engineering attacks [\[5\]][aiid839].

These attacks span a wide range of victims and attack types, demonstrating the breadth of deepfake-enabled fraud. Adversaries have conducted extensive deepfake-assisted phishing campaigns against the individuals, including targeted scams [\[6\]][aiid564] [\[7\]][oecd1] [\[8\]][aiid1280] [\[9\]][aiid1285], as well as large-scale credential harvesting campaigns targeting billions of users [\[10\]][aiid839] [\[11\]][aiid941]. Adversaries have used deepfakes to impersonate executives [\[12\]][aiid1100], causing business entities to suffer significant financial losses from [\[13\]][aiid634] [\[14\]][aiid147]. There are also reports of government officials being targeted in widespread campaigns [\[4\]][fbi] [\[15\]][aiid927].

The attacks span communication channels including voice deepfakes for vishing [\[16\]][aiid567] and video deepfakes in conference calls [\[13\]][aiid634], as well as multi-channel campaigns combining phone, email, and messaging platforms [\[10\]][aiid839].

[valle]: https://www.microsoft.com/en-us/research/project/vall-e-x/ "VALL-E Family: Neural codec language models for speech synthesis" [vishing]: https://www.social-engineer.org/framework/attack-vectors/vishing/ "Vishing - Social-Engineer Framework" [voice]: https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks "AI-powered voice spoofing: Understanding and defending against vishing attacks" [fbi]: https://www.ic3.gov/PSA/2025/PSA250515/ "FBI Public Service Advisory: Scammers are deepfaking voices of senior US government officials" [oecd1]: https://oecd.ai/en/incidents/2026-04-06-ca7a "AI-Generated Voice Used in Scam Targeting Drica Moraes' Contacts" [oecd2]: https://oecd.ai/en/incidents/2026-03-02-3408 "AI Deepfake Voice Scams Target 1 in 4 Americans" [aiid634]: https://incidentdatabase.ai/cite/634/ "Alleged Deepfake CFO Scam Reportedly Costs Multinational Engineering Firm Arup $25 Million" [aiid147]: https://incidentdatabase.ai/cite/147/ "Reported AI-Cloned Voice Used to Deceive Hong Kong Bank Manager in Purported $35 Million Fraud Scheme" [aiid1100]: https://incidentdatabase.ai/cite/1100/ "AI Incident Database - LastPass CEO Voice Deepfake Attempt" [aiid927]: https://incidentdatabase.ai/cite/927/ "Italian Defense Minister Voice Clone" [aiid564]: https://incidentdatabase.ai/cite/564/ "Voice deepfake targets bank in failed transfer scam" [aiid567]: https://incidentdatabase.ai/cite/567/ "Deepfake Voice Exploit Compromises Retool's Cloud Services" [aiid1280]: https://incidentdatabase.ai/cite/1280/ "Reported Use of AI Voice and Identity Manipulation in the 'Phantom Hacker' Fraud Scheme" [aiid1285]: https://incidentdatabase.ai/cite/1285/ "Purportedly AI-Generated Jason Momoa Deepfake Used in Romance Scam" [aiid839]: https://incidentdatabase.ai/cite/839/ "Purportedly AI-Driven Phishing Scam Uses Spoofed Google Call to Attempt Gmail Breach" [aiid941]: https://incidentdatabase.ai/cite/941/ "AI-Driven Phishing Scam Uses Deepfake Robocalls to Target Gmail Users"

ATLAS ID

AML.T0052.001

Priority score

16