Carla Martín Ramírez

The exposure of information on the network, as well as every online interaction and action, leaves a trail that forms a digital footprint and that is relevant for both individual users and business environments. In the case of companies, regardless of their sector and size, it is essential to identify and protect the information exposed to preserve its integrity and prevent possible security attacks. The digital footprint study is not limited to the information that the company decides to make public, such as its website, social networks or official images, but covers any type of data that can be collected in order to obtain more information about the company. Such data can include employee and customer comments and images on social networks, financial and business information, metadata, operating systems and corporate tools used, vulnerabilities, or unprotected information in repositories. The digital footprint not only affects the company's reputation, as it is closely linked to its brand and digital identity but can also be analyzed and used by threat actors for malicious purposes. The following are some examples of this: CEO fraud: this fraud aims to trick employees who have access to the company's financial resources into transferring money from the company's bank account or paying a false invoice, for example. To commit this fraud requires, among other things, extensive knowledge of how the company works, the management and middle management positions and the types of corporate communications. A well-known case of this type of fraud occurred earlier this year at a Hong Kong multinational. The company was the victim of a sophisticated fraud that combined in-depth knowledge of the company with the use of deepfakes. The fraudsters impersonated the image and voice of the CFO and other employees in a video call, managing to deceive a worker who made a fraudulent transfer of 24 million euros. CEO fraud can involve deepfakes and detailed knowledge of the business. Another significant case was published in November of this year, although on this occasion it was not completed. A popular restaurant in Cartagena (Murcia) was the victim of this type of scam, including the use of artificial intelligence to clone the manager's voice. The fraudsters also managed to gain access to security cameras to monitor the place in real time. The scammers called the venue with the falsified voice of the manager and requested a bank transfer, describing specific details of the situation to lend further credibility to the scam. However, on this occasion, the employee targeted by the scam became suspicious of the deception because some aspects did not match the usual work dynamics. Impersonation of social networks or web pages : impersonation consists of appropriating the identity of a person or company with malicious motives, in order to obtain some benefit or cause some kind of reputational damage. To do this, using the information collected about the company on the network, such as brand image, communication style and products offered, a fraudster can create a web page or profile very similar to the original one in some social network to impersonate the company with the aim of deceiving its customers to obtain an economic benefit. Incibe, for example, reported a recent case in which a website impersonation scheme was dismantled in Spain. The criminal organization carried out impersonations of legitimate online stores dedicated to the sale of high-end electronic products and the fraudulently created websites were identical or very similar to the originals. Another example of this was published in October this year, when a group of fraudsters fraudulently created a website of a home appliances and electronics business in Vigo (Spain). The fraudsters also impersonated the company on WhatsApp and Wallapop and used, in addition to the image of the company, the specific details of the store, address and VAT number to appear more truthful. These cases represent only a sample of the many potential attacks or frauds that could affect a company and that could have a higher probability of success when there is greater exposure of accessible information. Impersonation on social networks and websites can cause reputational and economic damage to companies. The importance of the digital footprint in corporate security In this context, the Spanish Association of Companies Against Fraud recently published the Report on Fraud Trends in Companies 2024-2025. According to the report, the companies surveyed recorded a 78% increase in attempted fraud compared to the previous year, and 61% more fraud consummated. Regarding the fraud channels used, online fraud accounted for 62%, and added to the 20% of the telephone channel, non-face-to-face fraud amounted to 82% of the total. Knowing the digital footprint should be part of the strategy to protect business integrity and prevent attacks. The report highlights a growing concern about fraud and its impact on companies, in addition to the fact that fraud through non-face-to-face channels has become a major risk for companies. For this reason, knowing the enterprise digital footprint and continuous monitoring of exposed information plays an important role in a company's security strategy, as inadequate management of accessible information not only makes it easier for criminals to access it, but also increases the likelihood that attacks will be more specific, sophisticated and targeted, raising the risk that potential fraud or attacks will be successfully consummated. Cyber Security How Clean Email Business protects SMEs from email cyber-attacks September 13, 2023

Brad Smith, Microsoft's president and vice president, told U.S. lawmakers a few months ago that one of his biggest concerns is related to the proliferation of deepfakes, and urged U.S. lawmakers to create new laws to protect their national security, as well as to take measures so that people know how to recognize this type of counterfeiting. Deepfake is a method of impersonation in which an advanced AI technique is used to collect data on physical movements, facial features and even voice, to process it and create fake audio-visual, graphic or voice content, with a hyper-realistic result.  Several types of deepfakes can be identified, used together or separately, for example: Deepvoice: in which fragments of a person's voice are replicated to broadcast another message or content. Deepface: in which through multimedia content in which a person appears, it is possible to impersonate his face and gestures to broadcast a different content. The first time this technique was used by a particular user was in 2017, by a Reddit user whose profile name was Deepfakes. Since then, and especially during the last few years, deepfakes have gained great relevance and accessibility, being nowadays much more available to the general public through commercial applications, which increases the risk of this type of technology being used with a fraudulent or malicious intentionality. ◾ A recent case is that of some thirty minors in Almendralejo (Badajoz), who reported that photographic montages of themselves made through artificial intelligence, created, and disseminated by other underage children, were circulating. ◾ In addition, an increase of scams has been alerted through calls impersonating the identity of family members, in which money is urgently requested because they are in some urgent situation. Deepfake in the corporate environment This, however, can be directly related to security in the corporate environment, since by modifying the voice and/or image of a member of a company's board of directors, cybercriminals could impersonate their identity and make calls, or even video calls, making decisions that could be harmful or fraudulent for the company. And we have previously commented on the use of deepfakes for this purpose, for example, in CEO Fraud scams. As we have already mentioned, over the last few years deepfake methods have become much more accessible and also, with the rise of artificial intelligence, they have advanced at a dizzying rate, becoming more and more realistic. Focusing on voice deepfake, this category of simulation has achieved that in recent months the reproduction of the artificial voice has a much more natural sound, increasingly resembling the human voice, and therefore making it difficult to discern whether it is a simulation or a real human voice. An example of this is the tool announced by Microsoft earlier this year, called VALL-E, a language modeling tool that can be used to synthesize high-quality custom speech with only a 3-second recorded recording, even supplanting cadence, voice pitch and acoustic environment. While this tool is not yet in circulation, there are many others that can currently be used, although they require a longer voice recording, such as Resemble.ai or CereVoice Me, among others. A recent application of this method for fraudulent use occurred during the spring of this year, when a Florida investor contacted his local Bank of America representative to inform him of a large money transfer. However, during the process a second call was made, in which the investor's identity was impersonated through voice cloning, with the goal of tricking the bank representative into transferring the money to another recipient. In this case, the fraud was quickly detected and was never completed. Another recent case in which money was actually transferred occurred in Baotou (Inner Mongolia, China). This time the technology was used to convince a man to transfer money to a supposed friend who needed 4.3 million yuan to make a deposit during a bidding process. However, cybercriminals had impersonated his friend in order to get the money transferred to them. Ways to Prevent and Detect Deepfakes Some emerging technologies are helping to make deepfakes detectable: Cryptographic algorithms can be used to insert hash values at set intervals during video; if the video is modified, the hash values will change. AI and blockchain can record a tamper-proof fingerprint for videos. Another way to neutralize deepfake attempts is to use a program that inserts specially designed digital "artifacts" into videos to hide the pixel patterns used by facial detection software. These slow down the deepfake algorithms and generate poor quality results. Biometric voice recognition: this recognition uses unique characteristics of a person's voice, such as pitch, cadence, and rhythm, to verify their identity. Spectrogram analysis: voice spectrograms can reveal signs of tampering, such as overlays or edits. Blockchain: some solutions use blockchain technology to track and verify the authenticity of images from their origin. Technology, however, is not the only way to protect against counterfeiting techniques, be they image, video or voice. Here are some useful techniques to effectively detect and prevent deepfake fraud attempts: Multifactor identity verification: combine voice recognition with other verification methods, such as password authentication or facial recognition, to increase security. The presence in any business organization of automatic controls integrated into all processes involving disbursement of funds is also very relevant. Education and awareness: ensuring that both employees and other users are aware of how a deepfake works and the challenges it can pose. Make good use of the media and use good quality sources of information. It is important to note that, given the constant advancement of technology, detection and prevention methods are also constantly evolving. This makes it very important for business organizations to keep up to date with the latest techniques and tools available, and to adapt their security strategies accordingly. AUTORES CARLA MARTÍN RAMÍREZ Intelligence analyst at Telefónica Tech DANIEL SANDMEIER Analyst at Telefónica Tech Cyber Security IA & Data Cyber Security Evolution: AI as a Tool for Attack and Defence June 28, 2023