DF-Captcha: A Deepfake Captcha for Preventing Fake Calls

by   Yisroel Mirsky, et al.

Social engineering (SE) is a form of deception that aims to trick people into giving access to data, information, networks and even money. For decades SE has been a key method for attackers to gain access to an organization, virtually skipping all lines of defense. Attackers also regularly use SE to scam innocent people by making threatening phone calls which impersonate an authority or by sending infected emails which look like they have been sent from a loved one. SE attacks will likely remain a top attack vector for criminals because humans are the weakest link in cyber security. Unfortunately, the threat will only get worse now that a new technology called deepfakes as arrived. A deepfake is believable media (e.g., videos) created by an AI. Although the technology has mostly been used to swap the faces of celebrities, it can also be used to `puppet' different personas. Recently, researchers have shown how this technology can be deployed in real-time to clone someone's voice in a phone call or reenact a face in a video call. Given that any novice user can download this technology to use it, it is no surprise that criminals have already begun to monetize it to perpetrate their SE attacks. In this paper, we propose a lightweight application which can protect organizations and individuals from deepfake SE attacks. Through a challenge and response approach, we leverage the technical and theoretical limitations of deepfake technologies to expose the attacker. Existing defence solutions are too heavy as an end-point solution and can be evaded by a dynamic attacker. In contrast, our approach is lightweight and breaks the reactive arms race, putting the attacker at a disadvantage.


page 3

page 4

page 5

page 8


Discussion Paper: The Threat of Real Time Deepfakes

Generative deep learning models are able to create realistic audio and v...

TASEP: A Collaborative Social Engineering Tabletop Role-Playing Game to Prevent Successful Social Engineering Attacks

Data breaches resulting from targeted attacks against organizations, e.g...

Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots

Cyber Security is a critical topic for organizations with IT/OT networks...

Deepfake CAPTCHA: A Method for Preventing Fake Calls

Deep learning technology has made it possible to generate realistic cont...

Voice Mimicry Attacks Assisted by Automatic Speaker Verification

In this work, we simulate a scenario, where a publicly available ASV sys...

An analysis of scam baiting calls: Identifying and extracting scam stages and scripts

Phone scams remain a difficult problem to tackle due to the combination ...

Analysis of Attacker Behavior in Compromised Hosts During Command and Control

Traditional reactive approach of blacklisting botnets fails to adapt to ...

Please sign up or login with your details

Forgot password? Click here to reset