As featured in Help Net Security: Cybercriminals have built a business on YouTube’s blind spots

The barrier to entry for deepfake fraud has collapsed. What used to require technical expertise, expensive software, and significant time now takes minutes with free AI models and a laptop.

This is a real and current day threat, one that cybercriminals have turned platforms like YouTube into profitable attack vectors.

In a recent Help Net Security article, our CEO Camellia Chan weighs in on how organisations need to respond to the industrialisation of deepfake scams. The piece examines how YouTube’s 2.53 billion users have become targets for AI-powered fraud that traditional security controls simply were never designed to stop.

YouTube Has Become a Business Opportunity for Cybercriminals

The article highlights several large-scale operations exploiting YouTube’s trust infrastructure:

The “Ghost Network” malware campaign involved over 3,000 videos uploaded to fake or hijacked channels. These videos promised cracked software or game hacks, but instead delivered phishing pages and malware downloads. By the time YouTube’s moderation team flagged them, thousands of users had already been compromised.

Deepfake crypto scams have weaponized the likenesses of public figures like Elon Musk, Donald Trump, and Nvidia CEO Jensen Huang to promote fraudulent investment schemes. In one case, a fake Nvidia GTC livestream featuring a deepfake of Jensen Huang drew approximately 100,000 viewers and ranked above the official stream in search results before being taken down.

Hijacked verified channels are being repurposed at scale. Scammers buy or compromise established YouTube accounts with followers and algorithmic trust, then keep the verification badge while flooding the channel with AI-generated scam content. Users see the blue checkmark and assume legitimacy – exactly what attackers are counting on.

As the article notes, researchers found that scammers are even hijacking legitimate business accounts – like a Norwegian design agency’s Google Ads account – to run sophisticated phishing campaigns that mirror official TradingView branding, complete with verified badges and pixel-perfect layouts.

The Economics of Deepfake Fraud Are Accelerating

The financial impact is staggering. According to Deloitte research cited in the article, GenAI-driven fraud losses in the United States are projected to reach $40 billion by 2027, up from $12.3 billion in 2023. That’s a 225% increase in just four years.

This surge is directly tied to the commoditisation of deepfake technology. What was once the domain of nation-state actors and well-funded criminal organisations is now accessible to anyone with an internet connection. Free tools, open-source models, and “deepfake-as-a-service” platforms have turned synthetic media creation into a scalable, low-cost operation.

The article points out that scammers no longer need Hollywood-level production quality. They just need content that’s convincing enough to fool someone for 30 seconds – the time it takes to click a malicious link, download malware, or authorize a fraudulent transaction.

Traditional Security Controls Aren’t Built for This

Now here is the uncomfortable truth: your firewall doesn’t filter synthetic media. Your email gateway doesn’t scan YouTube videos. Your endpoint protection doesn’t flag a tutorial that looks legitimate but delivers ransomware.

The attack surface has expanded beyond the network perimeter into content platforms, social media, and communication channels that employees use every day. And because these threats don’t rely on traditional malware signatures or network anomalies, they slip past conventional defenses undetected.

As our CEO Camellia Chan told Help Net Security: “Treat deepfakes like any other cyber threat and apply a zero-trust mindset. That means don’t assume anything is real just because it looks or sounds convincing.”

This philosophy is at the core of how X-PHY approaches synthetic media detection. Zero-trust can’t stop at authentication and access control anymore. It has to extend to every piece of content your organization encounters – video, audio, images, and documents.

What 2026 Will Bring (And Why You Need to Prepare Now)

The Help Net Security article projects that scam activity on YouTube will continue to rise in 2026 as AI tools become even more accessible and affordable. Here’s what security leaders should expect:

• Faster, cheaper production means more scams will reach wider audiences before platforms can respond
• Coordinated networks of fake creators will post, comment, and interact with each other to appear authentic and game algorithmic recommendations
• More hijacked channels with established audiences and trust will be weaponized for malware distribution and fraud
• Deepfakes of public figures will drive a new wave of investment scams, disinformation campaigns, and brand impersonation attacks

Reactive content moderation cannot scale to meet this threat. By the time human reviewers flag and remove malicious content, the damage is already done – systems are compromised, money is stolen, and trust is eroded.

The X-PHY Approach to Deepfake Detection

At X-PHY, we have built our deepfake detection solution on a simple premise: if the threat operates at the speed of AI, your defenses need to as well.

X-PHY Deepfake Detector uses multi-modal AI to analyse synthetic media in real time. Enabling:

1. Real-time detection of AI-generated video, audio, and images without relying on cloud connectivity or external APIs
2. On-device processing that works in high-security, air-gapped environments where traditional SaaS solutions can’t operate
3. Zero-trust verification that treats all content as untrusted until proven authentic—no assumptions based on source, verification badges, or visual quality

The Path Forward: From Awareness to Action

The Help Net Security article makes clear that deepfakes aren’t a niche threat or a distant concern anymore. Deepfakes are a present, profitable, and rapidly scaling attack vector that’s already costing organizations billions.

Security awareness training won’t solve this. Telling employees to “be vigilant” or “look for red flags” is insufficient when the fakes are pixel-perfect and contextually flawless. You can’t train humans to outperform AI-generated deception.

Instead, organisations need to:

1. Expand their threat model to include synthetic media as a critical attack vector across email, collaboration tools, social platforms, and public content
2. Implement zero-trust principles for content verification – not just network access and authentication
3. Deploy autonomous detection across the stack that operates at the speed and sophistication of the attacks themselves
4. Build incident response capabilities specifically designed to handle deepfake scenarios, including brand impersonation, executive fraud, and synthetic media manipulation

Want to learn more about how X-PHY Deepfake Detector works? Schedule a demo or technical briefing with our team here.

This definition of a deepfake has now worked its way into the Oxford English Dictionary, reflecting how mainstream and pervasive deepfakes have become. If anything, it demonstrates that the threat is here to stay. 

In the deepfake conversation, it’s important to distinguish that not all AI-generated content is created equal. Some uses are creative and helpful, while others are deceptive and harmful. The distinction lies in intent.

To understand the difference, let’s step into a carnival.

AI-Generated Content – The Magician

On one side of the carnival tent, a magician conjures a dazzling, original painting out of thin air. It’s trickery, but you’re in on the fun. The magician winks, and you cheer -entertained, inspired, maybe even amazed.

That magician represents AI-generated content.

AI models like ChatGPT, DALL·E, DeepSeek, Grok and a whole host of other AI tools enable the creation of content, whether that’s a surreal illustration or a cool video clip of Godzilla working in your office. Their purpose? Creativity, productivity, empowerment, and fun.

This is where the category of harmless deepfakes fit in. TikTok face-swap filters, parody videos where celebrities “sing” unexpected songs, or playful experiments like the Tom Cruise parody are entertaining precisely because the audience understands they’re not real. They belong in the magician’s act — fun illusions made to amuse, not to deceive.

The intent here is clear: whether it’s generative AI or parody-style deepfakes, the purpose is creativity, inspiration, or laughter — not harm.

Malicious Deepfakes – The Con Artist

On the other side of the carnival, a con artist steps on stage with a painting for auction — but it’s a forgery. They pass it off as priceless, tricking the crowd into believing it’s real — for his own profit.

That’s the world of malicious deepfakes.

They rely on the very same AI tools and technologies that power fun, creative, and educational applications. The difference lies in intent. Where AI-generated content aims to entertain or inspire, malicious deepfakes are engineered to deceive.

Whether it’s impersonating a CEO to authorize fraudulent wire transfers, fabricating political speeches to sway public opinion, or creating non-consensual content to damage reputations, the con artist’s goal is always the same: profit, manipulation, or harm.

Here, the intent isn’t to entertain — it’s to deceive. And that’s what makes malicious deepfakes so dangerous: they erode trust at its core.

Case Study: The Tom Cruise Deepfake

In 2021, TikTok exploded with videos of “Tom Cruise” — playing golf, telling stories, even doing magic tricks. Millions of people were captivated.

But here’s the twist: it wasn’t Tom Cruise.

The creator, known as @deeptomcruise on TikTok, is a skilled impersonator who studied Tom’s voice, gestures, and mannerisms. Combined with faceswap AI and post-production editing, the result was a deepfake so convincing that even seasoned viewers did a double take.

This was a magician’s trick — a parody, not a scam. But it highlighted how thin the line can be. The very same techniques that made millions laugh could just as easily be misused to mislead millions more.

X-PHY Deepfake Detector: Seeing What Humans Can’t

That’s where the X-PHY Deepfake Detector comes in. A tool that spots and surfaces manipulated content that is invisible to the human eye. It detects subtle signs of manipulation, such as unnatural micro-expressions, lip-sync mismatches, and synthetic audio fingerprints.

All of this happens in real time, on-device, with evidence logging built in. No cloud uploads. No privacy trade-offs. Just secure, trustworthy detection when and where it matters most.

Making digital trust a possibility

From carnival tricks to viral parodies, AI-generated content and deepfakes are reshaping the way we experience digital media. AI-supported creativity can inspire us, but malicious deepfakes threaten to erode trust at its core.

There is no denying that deepfakes have gone mainstream. The Tom Cruise case, amongst many others, show us how convincing they can be. And X-PHY Deepfake Detector shows us that spotting them isn’t Mission Impossible.

Sign up for a 7-Day free trial or drop us a message to learn more about enterprise pricing.

How have attackers used deepfakes in real-world incidents, even if hypothetically, and how plausible are those tactics becoming?

We’ve already seen deepfakes used in everything from financial fraud to political disinformation. One of the more alarming trends is impersonation scams, where attackers use synthetic audio or video to pose as CEOs or politicians.

A notable example occurred in Hong Kong in 2020, when a bank manager was tricked into transferring $35 million after receiving a phone call from someone he believed to be a company director. The fraudster used AI-based voice cloning to perfectly mimic the executive’s voice, and backed up the request with convincing emails and documentation. This case was one of the earliest and most high-profile examples of deepfake voice fraud in the financial sector.

This is just one example, but recently I’ve seen an increasing number of reports where companies were tricked into transferring large sums of money based on deepfaked video calls – some of our partners, customers, and even my internal staff have highlighted this as a concern. So clearly, these are no longer hypotheticals – they’re happening now, and the tools to create them are increasingly accessible.

The tactics are highly plausible because they exploit our trust in visual and auditory information. Remember the saying, seeing is believing? We can’t even say that anymore. As long as people rely on what they see and hear as evidence, these attacks will be both effective and difficult to detect without the right tools.

What role does AI play in defending against deepfakes? Are there promising models or architectures specifically designed for this?

AI is both the problem and the solution when it comes to deepfakes. On one hand, it powers the creation of synthetic media. On the other hand, it’s our best line of defense. Advanced machine learning models, especially multi-modal AI, are becoming increasingly effective at spotting subtle, sophisticated signs of manipulation – from unnatural blinking and facial inconsistencies to mismatched audio-visual cues. The value of using AI lies in its ability to provide protection in real-time, with better privacy and faster response times – crucial as threats become more targeted and dynamic.

Some promising AI models used are Convolutional Neural Networks (CNNs), Long Short-Term Memory networks (LSTMs) and Gated Recurrent Units (GRUs). CNNs are used to analyze minute details in visual data, LSTMs and GRUs are memory-based AI models to track audio-visual syncing.

Deepfake detection is also increasingly being integrated into broader security ecosystems, where every layer – from hardware to data to content – acts as a checkpoint for authenticity, adding a vital layer of trust. By combining deepfake detection with robust endpoint security, organizations can ensure that every device is equipped to verify the integrity of digital communications quickly, privately, and without the need to transmit sensitive content to the cloud.

How should organizations update their incident response plans to include deepfake scenarios?

Treat deepfakes like any other cyber threat and apply a zero-trust mindset. That means don’t assume anything is real just because it looks or sounds convincing.

Update your response plan to include steps for verifying video or audio content, especially if it’s being used to request sensitive actions. Build a risk model that considers how deepfakes could be used to target critical business processes, such as executive communications, financial approvals, or customer interactions. Make sure your team knows how to spot red flags, who to alert, and how to document the incident.

Use detection tools that can scan media in real time and save flagged content for review. The faster you can identify and act, the more damage you can prevent. In today’s environment, it’s safer to question first and trust only after you verify.

What internal policies should organizations put in place to mitigate the risk of deepfake attacks?

Organizations should put clear policies in place around verification, detection, and escalation. Any sensitive request – involving money, credentials, or confidential data – should require extra verification, like a call-back or secondary approval.

Deepfake awareness should be built into regular training so employees can spot warning signs early. Utilizing the detection tools to support teams by scanning and flagging suspicious media in real time, helping them make faster, safer decisions.

Incident response plans must also cover how to escalate, preserve evidence, and communicate if a deepfake is suspected.

At the end of the day, questioning unusual communications must become the norm, not the exception.

Is there a risk of liability or compliance exposure if a company falls victim to a deepfake? How should that be factored into planning?

Yes, absolutely – especially if data is leaked or money is lost. Regulators expect companies to take reasonable steps to prevent this kind of fraud. Under laws like the EU’s Digital Operational Resilience Act (DORA), organizations have a duty to protect personal data and ensure operational resilience against cyber threats. A failure to anticipate or guard against deepfake-driven attacks could increase the risk of liability, fines, and reputational damage.

That’s why it’s important to include deepfakes in your cybersecurity and risk planning. Work with your legal team, update your processes, and make sure your systems and staff are ready. If something does happen, you want to be able to show you took it seriously and were prepared.

This article was published on Help Net Security: https://www.helpnetsecurity.com/2025/05/16/camellia-chan-x-phy-defending-against-deepfakes/

To learn more about how our solutions can support your cybersecurity strategy, drop us a message at info@x-phy.com, and we’ll get right back to you!

Case File

In early May 2025, a video surfaced online purporting to show Canadian Prime Minister Mark Carney announcing a ban on vehicles manufactured before the year 2000. This video quickly went viral across social media platforms, sparking public confusion and concern. However, upon closer examination, it became evident that the video was a deepfake – a manipulated piece of media designed to mislead viewers.

Deepfake Detector Analysis

Video Length: 28 seconds

Detection Time: Under 2 seconds

Number of Alerts: 12

Anomalies Detected:

1. Facial Inconsistencies: Subtle glitches in lip synchronization and unnatural eye movements.
2. Audio Discrepancies: Mismatched vocal tone and cadence compared to verified recordings of PM Carney.
3. Visual Artifacts: Distortions around the mouth and jawline during speech. 

The Reality 

Investigations revealed that the deepfake was crafted using footage from a legitimate press conference held by PM Carney on March 27, 2025. In the original event, he discussed Canada’s response to U.S. tariffs and mentioned plans to procure Canadian-made vehicles for federal use. There was no mention of banning older vehicles. The deepfake manipulated this footage to fabricate a policy announcement that never occurred. 

Broader Implications

This incident is part of a troubling trend where deepfakes are used to spread misinformation, particularly during politically sensitive times. A report by Canada’s Media Ecosystem Observatory highlighted a surge in fake political content on social media leading up to the federal election, with over a quarter of Canadians encountering such disinformation online. 

For an idea of how the public responded to this deepfake video, just take a look at some of the responses to this post on X.

Get Ahead of the Problem

At X-PHY, we recognize the dangers posed by deepfakes and are dedicated to combating them in an easy, lightweight, and effective manner. 

The X-PHY Deepfake Detector delivers this through on-device processing that ensures your safety and privacy. Contact us to learn more or visit our eStore today. Special pricing for enterprise deployment is available upon request.