Social engineering and Deepfakes, new techniques favored by the considerable advances of AI, are helping to erode confidence vis-à-vis the digital ecosystem.
To deal with it, educate users, strengthen identification mechanisms and facilitate public-private cooperation becomes a strategic emergency.
The scourge of social engineering for individuals and businesses
Who had believed that psychology would one day invite itself into the digital cyberpirate toolbox? Because it is through emotional manipulation that social engineering achieves its objectives: by creating panic or fear to push the consumer or the professional to act in the sense desired by the pirate. False banking advisor requesting urgent action on the banking application under penalty of undergoing an undue direct debit, false messages of operators alerting on a direct debit or termination … As always in the event of danger, emotion inhibits rational reflection and pushes consumers to error. In 2023, 74 % of cyber attacks in European SMEs involved a form of social engineering (1).
Deepfakes, a growing market
Another fraudulent manipulation worthy of science fiction, Deepfakes. Generated by artificial intelligence, these videos or audios perfectly imitate voice, faces and gestures, succeeding in lure individuals and sometimes even professionals. In February 2024, by usurping the appearance of the CFO during a videoconference thanks to a Deepfake, a fraudster managed to be transferred more than 25 million dollars by a multinational company located in Hong Kong (2). This phenomenon is growing: the global deepfake market for malicious use reached $ 79 million at the end of 2024 (3).
Awareness of digital fraud: an essential step
According to a survey by Yougov, 67 % of French people do not know what a deepfake is while 61 % of them do not know the term of social engineering (5). An ignorance which is explained by several factors: first, by the complexity of the techniques used and then, by the scarcity of awareness campaigns. The lack of vigilance can also be explained by the French cultural delay in terms of digital uses: the fact of securing its online identifiers, with complex and unique passwords or through a digital safe, has not yet entered the customs of the French, unlike to secure your home. In addition, thanks to shared information on social networks, hackers can precisely profile their targets, which facilitates psychological attacks.
Digital biometrics and identities: ramparts of the fight against fraud
One of the solutions is to make identity verification a systematic step to access any digital application or use. This must be based on real documents and rely on biometric technologies. Indeed, double authentication (or 2FA) – Combining password and single code transmitted by telephone – is likely to be bypassed by techniques of manipulation of emotions, the panicked individual himself giving his banking identifiers for example. While biometrics – access by recognition of the face, hand or voice – acts like a lock, a deepfake being incapable of perfectly reproducing these elements specific to each individual. In addition, there are advanced authentication systems that can detect signs of video injection or the presence of a person in the background, clues that signal potential manipulation or coercion. All these solutions make it possible to verify that the user is indeed a real individual, and not a synthetic image.
Increase digital education to minimize risks
However, all of these technologies cannot replace a good awareness of the greatest number. This will allow the user to be more vigilant and to better detect weak signals: unusual requests, the feeling of excessive emergency or a pressure that borders on harassment. Some companies already use internal phishing campaigns to test the vigilance of their employees, a virtuous practice which must be generalized. With regard to our online practices, we must get into the habit of managing our digital assets (IT tools, favorite applications or sites), as we manage our physical goods, developing a culture of prudence, by mastering our confidentiality parameters and by adopting rigorous digital hygiene (use complex passwords, avoid sharing private information on social networks, etc.).
Regulations, pillar of digital confidence
Finally, to eradicate these practices, it is essential to set up close cooperation between public and private actors. As the ANSSI in France does, several European initiatives are already campaigning for the use of certified verification means, more particularly for access to sensitive services: financial transfers, health data. This European digital identity project is already available in France on France Connect+, with the use of digital identity wallets. Their objective is to ensure a subtle balance between a substantial level of safety and a fluid and inclusive user experience. Indeed, the regulations must be rigorous, but must not increase and complicate online use. Too restrictive solutions would harm the good adoption of these uses. Only a concerted approach, based on transparency, flexibility and innovation, is a guarantee of efficiency and resilience.
Even if tools exist to protect themselves from social engineering and deepfakes, only an awareness as well as a rise in skills of consumers, attached to close cooperation between companies and public authorities, will make it possible to preserve confidence in the digital ecosystem. Identification, prevention and pedagogy are the watchwords of this offensive cyberstrategy.
1. Enisa-Threat Landscape 2024: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024
2. Https://www.capapital.fr/economie-politique/deepfake-piege-en-visioconference-transfet-25-millions-de-dollars-a-des-escrocs-1491622
3. Spiralytics, Deepfake Statistics, 2024: https://www.spiralytics.com/blog/deepfake-statistics/
4. Yougov X IdNow Study – Banking fraud: Survey of French confidence towards their bank – 2024
