It started with a simple selfie. A LinkedIn profile pic, a Facebook snapshot, an ID scan—just enough for AI to work its magic. Within minutes, criminals can craft a talking, blinking, smiling imposter, ready to dupe banks, businesses, and even entire corporations.
According to a new whitepaper from identity authentication firm authID, deepfake-driven fraud is exploding. Financial institutions are battling a surge in attacks, with AI-powered scams now making up nearly half of all fraud attempts in the sector. A Hong Kong executive was recently tricked into wiring $25 million during a deepfake-powered video call, convinced he was speaking to his own colleagues. And the problem is only getting worse.
A study cited in authID’s report found that deepfake fraud cases have skyrocketed from less than 1% in 2021 to 6.5% in 2024, a 2,000% increase in just three years. With AI tools more accessible than ever, today’s fraudsters don’t need coding skills or hacking experience. They just need a good prompt.
The two faces of deepfake fraud
The whitepaper reveals that bad actors are using two primary methods to exploit deepfake technology: presentation attacks and injection attacks.
A presentation attack is the traditional method of deception: showing a deepfake image or video to a camera in an attempt to pass identity verification. Fraudsters can generate fake IDs with matching faces, making it increasingly difficult to detect a forged identity. Even human reviewers, used by some companies as a final line of defence, fail to spot fakes 99% of the time.
Injection attacks, on the other hand, go one step further. Instead of holding up an ID to a camera, fraudsters bypass security systems entirely by injecting deepfake images directly into verification software. By exploiting API vulnerabilities, manipulating data streams, and even using virtual cameras, they can circumvent security measures without ever physically appearing in front of a device. Unlike traditional scams, these attacks can be fully automated, making them even harder to detect.
AuthID’s report reveals that presentation attacks account for 12% of fraud attempts, while injection attacks make up 7.5%, and both are on the rise.
Financial institutions, tech platforms, and security firms are scrambling to fight back, but deepfake technology is evolving faster than countermeasures can keep up. AI-generated fraud has moved beyond simple impersonation scams to orchestrated heists and identity theft at scale. With criminals able to create ultra-realistic digital personas in seconds, the question isn’t whether another massive deepfake fraud will happen, it’s when.