Deepfake Threats: Awareness and Self-Protection

Deepfake technology poses a documented and escalating threat to individuals, financial institutions, and democratic processes across the United States. This page covers the technical foundations of deepfake media, the primary attack scenarios in which synthetic media is weaponized, and the structural decision points that separate effective detection from missed threats. The National Online Safety Authority's provider network of protective services includes vetted organizations operating in this space.

Definition and scope

A deepfake is a category of synthetic media in which artificial intelligence — specifically generative adversarial networks (GANs) or diffusion-based models — fabricates or manipulates audio, video, or still images to misrepresent a real person's likeness, voice, or actions. The term encompasses both full-synthesis content (a face or voice generated entirely by AI) and face-swap or voice-cloning overlays applied to existing authentic footage.

The Federal Bureau of Investigation (FBI) has formally classified deepfake-enabled fraud as a growing cyber-enabled crime category, with its Internet Crime Complaint Center (IC3) tracking reports that involve synthetic media in identity fraud and business email compromise schemes (FBI IC3). The Federal Trade Commission (FTC) similarly identifies AI-generated voice cloning as a mechanism for consumer fraud, particularly in the "grandparent scam" and impersonation-of-authority patterns (FTC Consumer Information).

Scope extends across four primary threat domains:

1. Individual identity fraud — fabricated media used to bypass biometric authentication or extort victims
2. Financial fraud — voice or video clones impersonating executives to authorize wire transfers
3. Political disinformation — synthetic video of public officials used to manipulate electoral perception
4. Non-consensual intimate imagery (NCII) — AI-generated explicit content depicting real individuals without consent

The purpose and scope of the National Online Safety Authority's provider network provides context for how threat categories like deepfakes are mapped to protective service categories.

How it works

Deepfake generation follows a structured technical pipeline, regardless of whether the output is audio, video, or image-based.

Phase 1 — Data collection. The AI model requires training data: photographs, video clips, or audio recordings of the target individual. Publicly accessible social media profiles, video platforms, and news archives supply the majority of this material without any breach of access controls.

Phase 2 — Model training or fine-tuning. A GAN or diffusion model is trained or fine-tuned on the collected data. In GAN architectures, a generator network produces synthetic outputs while a discriminator network evaluates authenticity — the two networks iterate until the generator produces outputs the discriminator cannot reliably reject. Diffusion models, by contrast, learn to reverse a noise-addition process, enabling high-fidelity synthesis from textual or image prompts.

Phase 3 — Synthesis. The trained model generates target output: a video of a person saying words they never said, a voice clone replicating tone and cadence, or a still image placing a person in a fabricated context.

Phase 4 — Post-processing and delivery. Output is refined using standard video or audio editing tools to remove artifacts, then distributed via email, messaging platforms, or social media.

The National Institute of Standards and Technology (NIST) addresses synthetic media detection as part of its broader work on biometric and media integrity standards, including the Media Forensics program (NIST Media Forensics).

GAN-based vs. diffusion-based deepfakes differ in detectability: GAN outputs often contain consistent spatial artifacts (irregular eye reflections, blurred ear regions, misaligned teeth) whereas diffusion-based outputs tend to be more photorealistic but may exhibit frequency-domain anomalies detectable through forensic analysis tools.

Common scenarios

Deepfake threats manifest across distinct attack patterns, each targeting different vulnerabilities.

Executive voice fraud (Business Email Compromise variant). Attackers clone the voice of a corporate officer using publicly available audio — earnings call recordings, conference presentations, or media interviews — then call a financial employee to authorize a fraudulent wire transfer. The FBI IC3 reported $2.9 billion in BEC losses in 2023 (FBI IC3 2023 Annual Report), with voice-enabled variants representing an emerging subset.

Biometric authentication bypass. As financial institutions deploy voice and facial recognition for customer authentication, synthetic replicas of enrolled biometrics are used to pass liveness checks. NIST's ongoing biometric evaluation programs (FRVT, SpeakerID) benchmark system resistance to presentation attacks including deepfakes (NIST FRVT).

Non-consensual intimate imagery. Synthetic explicit imagery depicting real individuals — most frequently targeting private individuals rather than public figures — is distributed for extortion or harassment. As of 2024, at least 10 U.S. states had enacted legislation specifically addressing AI-generated NCII, though federal statutory coverage remained incomplete (Cyber Civil Rights Initiative Legislative Overview).

Political synthetic media. Video fabrications depicting candidates, elected officials, or government representatives making false statements are distributed in the period preceding elections. The Election Assistance Commission (EAC) and the Cybersecurity and Infrastructure Security Agency (CISA) have both issued advisories on synthetic media threats to election integrity (CISA).

Protective services relevant to each scenario are accessible through the online safety resource provider network.

Decision boundaries

Determining when deepfake content constitutes an actionable threat — and which response channel applies — depends on structured criteria rather than subjective assessment.

Threshold 1: Criminal vs. civil jurisdiction. Deepfake content used in financial fraud, extortion, or election interference falls under federal criminal statutes (wire fraud, 18 U.S.C. § 1343; computer fraud, 18 U.S.C. § 1030). Non-consensual intimate imagery may trigger state criminal law, civil tort claims, or both, depending on the jurisdiction.

Threshold 2: Individual vs. organizational response. Individuals facing deepfake extortion should report to the FBI IC3 and preserve all communications and content as evidence before removal. Organizations confronting synthetic media in fraud scenarios should engage legal counsel and notify the relevant financial regulator (OCC, FDIC, or FinCEN, depending on institution type) in addition to law enforcement.

Threshold 3: Platform takedown vs. legal escalation. Major platforms maintain content policies that prohibit non-consensual synthetic media. Platform takedown requests represent the fastest short-term removal mechanism but do not establish legal record. Legal escalation under applicable state or federal statute is the appropriate path when the content is part of ongoing extortion, harassment, or fraud.

Threshold 4: Technical detection vs. manual review. Automated detection tools — including those evaluated under NIST's Media Forensics program — carry documented false-positive and false-negative rates. No automated system achieves 100% accuracy; human forensic review by a qualified digital media examiner remains the standard for evidentiary-grade authentication.

The provider network resource framework describes how protective services addressing these thresholds are classified and verified within this reference system.