Trust Me, I’m (Not) Real: How Deepfakes Are Powering the Latest Scams
How cybercriminals use AI-generated personas and deepfakes to run convincing scams
Imagine watching an influencer or expert sharing tips to quickly boost your finances. They seem trustworthy and professional. But what if that person doesn’t exist, or worse—what if they’re a deepfake created with AI?
Welcome to the era of deepfake-enabled cybercrime, where attackers use AI personas, synthetic videos, and even hired actors to build trust and then exploit it. These tactics are central to some of the most effective scams today, as detailed in the Q1/2025 Threat Report.
Deepfakes and AI personas: a dangerous blend
Cybercriminals now create relatable, human-like characters who look directly at the viewer and calmly guide them through steps—often leading to device compromise.
-
Fake influencers: One example is the persona “Thomas Harris” (also known as Thomas Roberts or Oscar Davies), a fabricated video influencer promoting non-existent financial tools. Victims think they’re improving trading skills but instead install malware.
-
Professional-looking scam videos: These are often hosted on hacked YouTube accounts as unlisted videos, promoted via targeted ads to reach users already interested in related topics.
-
CryptoCore case: The infamous CryptoCore group resurfaced with deepfake videos of tech executives and analysts promoting fraudulent cryptocurrency investments. Over 2,000 incidents led to nearly $4 million in losses.
Scams with a face: deepfakes that walk you through it
Modern “Scam-Yourself” attacks have evolved with deepfake integration:
-
Trading bot scams: Deepfakes or actors instruct victims to insert malicious code into crypto platforms.
-
Fake browser updates: Deepfake guides lead users to download “updates” that are actually malware.
-
FakeCaptcha tactics: Even CAPTCHA challenges are now paired with deepfake prompts to trick victims into clicking and downloading malicious software.
These attacks target both Windows and macOS, proving that no platform is safe.
How to spot and stop deepfake-powered scams
While deepfake scams are sophisticated, detection is still possible:
-
Be skeptical of advice that promises quick money or asks for software downloads.
-
Cross-check identities: Verify influencers and their platforms independently.
-
Avoid following instructions from random videos involving crypto, browser settings, or software installs.
-
Use trusted security tools like Norton antivirus to block malicious sites and downloads.
As deepfake technology becomes cheaper and easier to use, scammers will keep exploiting it to blur reality. Staying informed, cautious, and security-conscious is the best defense.
