Cybercriminals use deepfakes and fake biometrics to defraud banks

summary
Biometric systems, preferred by 73% of Brazilians, face increasing threats from cybercriminals leveraging deepfakes and other advanced technologies, and cybersecurity companies are seeking innovative, multifaceted solutions to combat fraud.

Tokens and passwords are no longer a common way to access personal devices and accounts. Biometric systems, which have replaced fingerprints, facial recognition, and even voice analysis, represent a new realm of transaction authentication.

According to Juniper Research, more than 4.2 billion mobile devices already use some form of active biometrics, and 57% of all digital transactions worldwide are expected to be authenticated using these methods by the end of 2026. The adoption of technology is also a concrete reality in Brazil. According to an Accenture study, 73% of Brazilian consumers feel safer using biometrics than traditional numeric codes in banking apps and digital wallets.

And unfortunately, this also attracts the attention of cybercriminals. “With advances in biometric technology, especially facial recognition, businesses and governments have strengthened their security systems with automatic identification of individuals. However, this movement has also come with cybercriminals seeking advanced techniques powered by artificial intelligence that can evade authentication systems,” explains Anchises Moraes, Threat Intelligence Director, Apura Cyber ​​Intelligence SA.

Cybersecurity experts say criminals are using everything from high-resolution printers to software to tamper with biometric signatures and challenge the technical protections of banking applications, public services, and financial platforms.

These attacks can be categorized into five levels of complexity. Level 1 uses high-resolution digital photos, HD videos, and even paper masks, while Level 2 uses realistic dolls and 3D latex or silicone masks. At level 3, the impostor relies on surreal artifacts and waxheads. Level 4 involves modifying the 3D facial map to fool the authentication server and “prove you’re alive.” The most advanced stage, Level 5, also includes the digital insertion of images and videos directly into the device, as well as the use of highly convincing deepfakes, which trick the system into accepting fraud as if it were organic activity by a legitimate user.

Deepfake fraud and the use of synthetic digital IDs are on the rise in Brazil. A report by Deloitte and others published by the Infochannel portal shows that economic losses due to artificial intelligence fraud could reach R$4.5 billion by the end of 2025. We have already observed an increase of over 800% in the use of deepfakes.

An iconic incident in China revealed the destructive potential of these scams. An employee of a state-owned company was induced to transfer US$622,000 (approximately R$3.1 million) after having a video chat with someone who appeared to be his CEO. Fraudsters used deepfakes in real-time to duplicate images and voices of company executives, creating a highly urgent situation to force money transfers. This scam uses public videos of executives to create avatars, and similar scams have been reported since then.

As such, cybersecurity companies rely on multiple layers of protection to mitigate these threats, Ancises explains. One of the main strategies is the implementation of multimodal systems. It combines data from video, audio, temperature sensors, depth and behavioral analysis to make it harder for fraudsters. The advanced system also integrates real-time deepfake detection and behavioral biometrics to monitor details like your typing speed, the pressure on your touchscreen, and even how you interact with your device.

Other tactics include dynamic challenge-and-response techniques with unpredictable AI-generated challenges (such as asking you to blink only one eye or speaking unplanned contextual information), and a combination of passive and active proofs that combine automated video analysis with real-time interaction. In addition, systematic monitoring of breaches has been stepped up, with specialized teams scouring the dark web and open databases for recycled images and profiles in new scams. Despite the growing sophistication of attacks, companies’ responses are also evolving, showing that the war over digital identity is only just beginning.

“That is why the work that Apura does in collaboration with other cybersecurity companies is essential when monitoring networks for potential threats and, unfortunately, in the event of a successful attack, to thoroughly assess all factors involved to further develop and improve defensive tactics against cybercriminals seeking to exploit vulnerabilities in the use of biometrics,” concludes Apura cyber intelligence specialists.