Investigating the Proliferation of Deepfake Scams | WhoisXML API

Threat Reports

Investigating the Proliferation of Deepfake Scams

Deepfakes can cause real harm. In February 2024, for example, an employee of a multinational company was tricked into handing US$25 million to a scammer who pretended to be their company’s CFO.1

In light of this and similar attacks, security researchers have tried to shed more light into deepfake scams and the risks they pose. One report, in particular, unveiled 416 scam IoCs.2

The WhoisXML API research team investigated just how widespread deepfake scam infrastructures could be in the DNS through an IoC list expansion analysis. Our study uncovered potentially connected artifacts comprising:

  • 1,070 registrant-connected domains
  • Six email-connected domains
  • 316 IP addresses, 285 of which turned out to be malicious
  • 515 IP-connected domains, three of which turned out to be associated with various threats
  • 3,056 string-connected domains, 12 of which may have already figured in malicious campaigns

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.

  • [1] https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
  • [2] https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/
Try our WhoisXML API for free
Get started