Pixel the Elf was tightening the last screw to Little Johnny’s new iPad when his phone rang. It was Santa, and he was distraught.

“There’s something wrong with my sleigh and my credit card is missing. I need you to wire me $10,000 immediately or else Christmas will be ruined,” said Santa.

Pixel thought it was a strange request but didn’t want to let his boss down. He hurried to the North Pole Credit Union and sent Santa the money. On his way back to the workshop, he was surprised to see Santa pulling up in his sleigh, which was in its usual pristine condition.

It turns out it wasn’t Santa on the phone — it was a deepfake.

Deceived by a Deepfake

Generated with AI, deepfakes are audio, images or videos made to look and sound like real people. Criminals often create deepfakes to deceive individuals into sending money or sharing personal information. They can also be used to damage someone’s reputation.

• Audio: This is the type of deepfake — also known as voice cloning — that fooled Pixel. The cybercriminal finds audio samples of the person’s voice through sources like social media or interviews. They have AI analyze the samples and then create convincing imitations. The voice clones are often used to scam others through frantic phone calls or messages that appear to come from a boss or family member.
• Images: Most of us are familiar with this kind of deepfake and how hard they can be to spot. AI is used to produce fake images of people by manipulating existing images or creating new ones. The images may show the person in a situation or with people they were never involved with, leading to the spread of misinformation.
• Video: Using a mix of voice cloning and images, deepfake videos are complex and can be surprisingly convincing. They have been used to imitate politicians, celebrities and high-level executives.

Unwrap the Truth

Believing in Santa is one thing, but being tricked by a faux Santa is another. Falling for a deepfake can put your wallet, your data and university data at risk. Remember these tips to stay protected:

1. Be suspicious: Trust your gut if a conversation or message feels off. Watch for unusual facial features, expressions and blinking as well as blurriness or lighting inconsistencies.
2. Take your time: Cybercriminals create a sense of urgency to get you to act fast. It’s important to pause before you send money or share confidential information. Verify the requestor’s identity by contacting the individual in a different way.
3. Ask for help: If you aren’t positive something is legitimate, get a second opinion from someone you trust. For university-related questions, contact the NC State Help Desk via the NC State IT Service Portal or call 919.515.HELP (4357). If an incident occurs, report it immediately.