... are we sure this is "Sophos researcher John Shier" who said that? It could be those DeepFake guys trying to put us all off the scent...
Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. "The thing with deepfakes is that we aren't seeing a lot of it," Sophos researcher John Shier told El Reg last week. Shier said current deepfakes – AI generated videos that mimic humans – …
So he's saying we shouldn't worry about it for very low level, low effort crimes where simple social engineering techniques such as phising work fine. I don't think the majority of security conscious people are very worried about that. It's the high value, high effort targets where this can make a massive difference and I for one do still think there's plenty of organisations that SHOULD worry about the risk and agree on verification methods if high-value deals/transactions have to be discussed or authorized via video chat.
"It's the high value, high effort targets where this can make a massive difference"
That assumes such targets are harder to fool. In my experience that is not a valid assumption. In practically any office in the world, you can walk into reception and say 'hi, I'm here to pick up the backup tapes[/usb stick/whatever]' and someone will go and get them for you. If they don't have any ready, someone will prepare them. No-one will ask you who you are or why you're picking them up.
No probably about it. I've literally done that. We were supposed to be collecting the servers so weren't stealing them, but it hadn't been arranged properly with the people on the ground, and they let us take them anyway because we asked nicely.
I used to work for a relocation company. There was also the time another team relocated an entire office, and the only problem was it was the wrong office. No-one stopped them.
> "People will give up info if you just ask nicely,"
And they will do that especially quickly if they think they are talking to a person in authority. Where "authority" can be anyone from a doctor down to a gutter-press journalist. Or anyone faking someone in those positions.
Until people develop a sense of wariness, scepticism and suspicion, this will continue to be the richest seam for scammers to mine. And it seems that every generation brings a fresh cohort of innocent, trusting, victims.