Specialized Attack Simulations

Deepfake Video Phishing

  • May 9, 2025
  • 0

Sherlocked Security – Deepfake Video Phishing

Simulating Realistic Deepfake Phishing Attacks to Test User Response to Manipulated Video Content and Social Engineering

1. Statement of Work (SOW)

Service Name: Deepfake Video Phishing
Client Type: Enterprises with High-Value Targets, Organizations with Executives, Financial Institutions, Corporate Security Teams
Service Model: Deepfake Phishing Attack Simulation + Video Manipulation + Social Engineering Validation
Compliance Coverage: GDPR, SOC 2, PCI-DSS, HIPAA, ISO 27001

Testing Areas:

  • Deepfake Video Creation and Manipulation
  • Phishing Attack Simulation Using Deepfake Technology
  • Elicitation of Sensitive Data or Actions via Video Content
  • Social Engineering Tactics Validation (Impersonation, Urgency, Deceptive Narratives)
  • Security Awareness Assessment in Video-Based Phishing Scenarios

2. Our Approach

[Target Profiling] → [Deepfake Video Creation] → [Video Delivery via Email/Message] → [User Interaction with Video] → [Sensitive Data Elicitation] → [User Behavior Analysis] → [Reporting & Recommendations]

3. Methodology

[Target Identification] → [Deepfake Video Creation (Impersonation)] → [Phishing Narrative Construction] → [Video Delivery via Email/SMS] → [Sensitive Data Elicitation] → [Tracking User Interaction] → [Post-Engagement Reporting & Recommendations]

4. Deliverables to the Client

  1. Deepfake Phishing Campaign Results
  2. Security Awareness Score for Employees / End-Users
  3. Elicitation of Sensitive Information (Credentials, Financial Data, Personal Details)
  4. User Behavior Insights (Video Click-Through, Data Submission, Reporting Rate)
  5. Recommendations for Video-Based Phishing Defense
  6. Suggested Improvements for Corporate Video Verification Procedures
  7. Awareness Training Material for Employees to Detect Deepfake Phishing Attempts

5. What We Need from You (Client Requirements)

  • List of target employees, executives, or stakeholders for deepfake simulation
  • Access to corporate video communications (e.g., internal videos, recorded meetings, training content)
  • NDA and scope confirmation
  • Information about communication channels commonly used for video (e.g., email, internal communication platforms, Slack)

6. Tools & Technology Stack

  • Deepfake Creation Tools: DeepFaceLab, FaceSwap, ZAO, Reface
  • Video Editing: Adobe Premiere Pro, Final Cut Pro, Davinci Resolve
  • Email/SMS Delivery Tools: Mailgun, Twilio, SendGrid
  • User Tracking: Google Analytics, Bitly, Custom Landing Pages
  • Phishing Payloads: Custom Scripts to Extract Sensitive Data

7. Engagement Lifecycle

1. Pre-Engagement Target Profiling → 2. Deepfake Video Creation & Simulation → 3. Phishing Video Distribution → 4. User Interaction Tracking → 5. Sensitive Information Elicitation → 6. Reporting & Recommendations → 7. Post-Engagement Awareness Training

8. Why Sherlocked Security?

Feature Sherlocked Advantage
Realistic Deepfake Video Creation Leverage advanced deepfake technology to create convincing video impersonations of executives, colleagues, or other trusted entities.
Social Engineering Tactics Simulate high-level social engineering attacks with real-world urgency and manipulation strategies.
Comprehensive User Behavior Analysis Analyze how users respond to deepfake videos, measuring trust levels and actions taken (e.g., clicking links, submitting data).
Post-Campaign Awareness Training Provide custom training to enhance user awareness of video-based phishing threats and improve defenses.

9. Real-World Case Studies

Executive Impersonation Phishing Attack

Issue: Attackers used deepfake technology to create a video impersonating a C-suite executive, requesting sensitive financial data from employees.
Impact: Employees followed instructions in the deepfake video and sent confidential financial reports.
Fix: Implemented multi-factor verification for any financial data requests, enhanced training on identifying suspicious video content, and restricted direct requests for sensitive information via video.

Vendor Impersonation Phishing Using Video

Issue: Cybercriminals used deepfake technology to impersonate a trusted vendor’s CEO in a video, requesting urgent payments for services.
Impact: The finance team processed a fraudulent payment due to the high level of trust the deepfake generated.
Fix: Replaced email and video-based payment requests with secure payment portals, added payment verification steps, and instituted awareness training for finance teams on deepfake risks.

10. SOP – Standard Operating Procedure

  1. Target Profiling & Identification

    • Identify key targets (e.g., executives, finance team, HR personnel) for deepfake video simulations.
    • Gather publicly available video content (e.g., LinkedIn videos, public interviews, YouTube channels) to base the deepfake on.

  2. Deepfake Video Creation

    • Use deepfake tools like DeepFaceLab or FaceSwap to generate realistic videos based on target profiles.
    • Construct a narrative that mirrors legitimate business communications (e.g., urgent requests for information, financial transactions, or account verification).

  3. Phishing Campaign Setup

    • Design video delivery strategies that look authentic (e.g., via email, SMS, or messaging platforms).
    • Embed tracking links in the video or accompanying text (e.g., login pages, payment forms).
    • Include a sense of urgency in the narrative to manipulate viewers into taking immediate action.

  4. User Interaction Tracking

    • Monitor user responses to the deepfake video (e.g., click-through rates, submission of sensitive data).
    • Use custom landing pages to track form submissions (e.g., username, passwords, personal information).
    • Analyze how users perceive the authenticity of the video and whether they follow through with the phishing actions.

  5. Sensitive Data Elicitation

    • Elicit sensitive information such as credentials, financial details, or personal data from the targeted users.
    • Assess whether users can differentiate between legitimate video requests and manipulated content.

  6. Post-Engagement Reporting & Recommendations

    • Generate a detailed report on user behavior, including:
      • Click-through rates on phishing links.
      • Data submission statistics.
      • Awareness of deepfake manipulation.
    • Provide actionable recommendations for improving video-based security policies, increasing awareness, and using AI-based tools for video verification.

11. Deepfake Video Phishing Checklist

1. Deepfake Video Creation

  • Identify target profile: Select the right person to impersonate (executive, colleague, vendor, etc.).
  • Use high-quality deepfake software: Tools like DeepFaceLab and FaceSwap to create realistic video content.
  • Narrative Construction: Develop an authentic narrative that aligns with normal organizational communication (e.g., “urgent account verification,” “fund transfer confirmation,” “important document download”).
  • Audio Syncing: Ensure the voice and lip-syncing match perfectly for a more convincing phishing attack.

2. Phishing Video Delivery

  • Platform Selection: Send the deepfake video via email, internal messaging systems, or SMS.
  • Create a sense of urgency: The message should sound urgent (e.g., “Immediate action required” or “Your account is at risk”).
  • Embedding Tracking Links: Include links to malicious websites or login pages that track user clicks and actions.

3. User Interaction Tracking

  • Track Click-Through Rates: Measure how many users click on the malicious links or watch the video.
  • Analyze User Behavior: Track what actions users take after watching the video (e.g., data submission, account login, or email verification).
  • Use Analytics: Use tools like Google Analytics or Bitly to track link interactions.

4. Data Elicitation

  • Create Phishing Forms: Capture sensitive data such as usernames, passwords, or OTPs through fake forms.
  • Monitor Data Entry: Track how many users submit information after watching the video.

5. Reporting & Recommendations

  • Generate Reports: Include metrics like click-through rate, submission of sensitive data, and awareness level of users.
  • Recommendations for Mitigation: Advise on implementing strong video authentication practices (e.g., video verification processes, multi-factor authentication) and training for employees on deepfake identification.
  • Awareness Training: Suggest continuous education and video-based phishing simulations to enhance detection skills.
Credential Stuffing & ATO Simulation
Insider Threat Wargames