Sign in Subscribe
3 min read

When Trust Becomes the Target: Deepfakes and the Erosion of Digital Confidence

Share
When Trust Becomes the Target: Deepfakes and the Erosion of Digital Confidence

DIGITAL TRUST & CYBERSECURITY

AI-powered deception is no longer a future threat. It is reshaping how organisations must think about trust, verification, and the human layer of security.

By The CyberDiplomat | Based on findings presented at ITWeb Security Summit 2026 | June 2026

2,000% — Increase in deepfake attacks globally over three years 62% — Of organisations hit by at least one deepfake attack in the past year $25 million — Lost by Arup in a single deepfake video call fraud

Trust, Not Systems, Is Now the Primary Attack Surface

For decades, cybersecurity focused on hardening systems — patching vulnerabilities, encrypting data, locking down networks. That model assumed the attacker was trying to break in. Today's most sophisticated threat actors have realised something more efficient: they do not need to break in if they can simply be invited.

Deepfake technology, powered by freely accessible AI models, allows criminals to impersonate executives, colleagues, and trusted contacts with startling fidelity. The attack vector is not a software exploit. It is a human relationship.

"These attacks are no longer just exploiting ignorance. They're exploiting trust — because you trust that the person communicating with you is someone you know." — Yunus Scheepers, BUI, ITWeb Security Summit 2026

Two Cases, Two Outcomes

Two high-profile incidents illustrate both the danger and the defence.

Arup — $25 million lost [Attack succeeded] A finance employee joined what appeared to be a legitimate video call with the company's CFO and other executives. Every participant except the employee was a deepfake. The employee transferred $25 million across five bank accounts in five separate transactions. To date, none of the money has been recovered.

Ferrari — Fraud stopped by a single question [Attack failed] A caller impersonating Ferrari CEO Benedetto Vigna attempted a similar scheme. The targeted executive paused and asked a personal question: "What was that book you recommended to me last week?" The call ended immediately. The attack failed not because of a technical control, but because the employee felt empowered to push back.

Why Digital Interaction Narrows Our Defences

Human perception evolved across five senses. In any physical environment, we unconsciously read posture, micro-expressions, spatial cues, and tone. Digital communication strips most of that away. Even on the best video connection, a three-dimensional human being is rendered as a two-dimensional stream of pixels — compressed, smoothed, and algorithmically reconstructed.

This is precisely the gap that deepfake technology exploits. When an attacker can manipulate the only two senses a video call allows — sight and hearing — the traditional signals of authenticity disappear. What remains is familiarity, authority, and trust.

Rebuilding Digital Trust: Four Pillars

1. Training Over Awareness Awareness programmes tell people what threats exist. Simulation-based training tests how they actually respond under pressure — a critical difference.

2. Zero-Trust Architecture Every action is verified, every access is limited. Trust is never assumed — it is always earned, regardless of who appears to be asking.

3. Psychological Safety Employees must feel safe questioning unusual requests — even from apparent authority. A culture of silence multiplies risk exponentially.

4. Synthetic Media Detection Emerging tools can identify AI-generated video and audio. Pairing these with strong approval workflows creates a layered technical defence.

The Question Every Leader Should Ask

No organisation can claim complete immunity from deepfake attacks. The human element — the very thing that makes teams function — is also the element that can be deceived. The goal is not perfection. It is building an environment where people are trained enough, supported enough, and trusted enough to pause and ask a simple question before acting.

As Scheepers put it, the test is straightforward: if someone posing as your CEO called an employee today with an unusual financial request, would that employee feel safe enough to push back? If the answer is uncertain, the vulnerability is already present — and no firewall will fix it.

"If the people in your business are too afraid to speak up when they see something not quite right, you are exponentially more likely to fall victim to a deepfake attack." — Yunus Scheepers, BUI

Source: ITWeb Security Summit 2026 presentation by Yunus Scheepers, Group Divisional Manager of Cyber Security Operations, BUI.

© The CyberDiplomat, 2026. All rights reserved.

Published by:

The CyberDiplomat

Member discussion