A network of scammers is gaining access to personal Facebook accounts and creating deepfake videos of them singing the praises of their scammers, in a dangerous new con that is spreading like wildfire on social media.
At least 25 videos have been created from Maltese profiles and experts fear this could be the tip of the iceberg of a new frightening online reality.
The videos are created by stealing victims’ photos, videos and recordings to compile an almost indistinguishable likeness of the person speaking, using their exact tone of voice, cadence and accent. There is one problem: they are seen on video saying things they have never actually said.
The scam is centred around a fake Facebook profile named Ddexterr Ssmithh. The fake profile uses a profile photo stolen from the Instagram account of Cue Black, a Jamaican Forex trader with over 440,000 Instagram followers, to pose as a bitcoin mining expert.
In the videos, the victims of the scam often confirm their names and thank Ddexterr Ssmithh for giving them the opportunity to invest in the fraudulent scheme.
Many repeat the same story, saying they earned a handsome sum of anything between €10,000 to €1 million, after investing an initial €1,000. They then go on to assure viewers that they have not been hacked and that this is “real and legit”.
Other videos feature people fumbling over their lines as they encourage their followers to invest in the same scheme.
The videos are in both English and Maltese.
Over 25 similar videos of this kind have been identified, many of them being created over the past few weeks.
Times of Malta has verified that several of these videos are deepfakes. Others are genuine recordings of people who have been told to read out lines to get their money back.
One victim who spoke to Times of Malta explained how they received a message from a ‘friend’ on Facebook Messenger asking for help. Having clicked a link within the message and provided some personal information, the victim suddenly found themselves locked out of their Facebook account with no way of regaining access.
Before the victim knew it, the scammers had uploaded a deepfake video of the victim together with manipulated photos of a Revolut account receiving €10,000 to their account.
What is a deepfake?
A deepfake is a technique that uses artificial intelligence to generate images, audio or video of events that did not really happen.
Deepfakes are often used to show public figures or celebrities doing or saying things that are out of character, such as the case of a deepfake of Pope Francis wearing a Balenciaga jacket that took the internet by storm earlier this year.
However, deepfakes also can be used maliciously to impersonate people, spread misinformation and deceive the public.
Speaking to Times of Malta, technology entrepreneur Gege Gatt said that it only takes some 30 seconds of recorded audio for AI software to be able to accurately reproduce a person’s speech patterns, faithfully recreating the tonality and musicality in their voice, as well as the inflection in their speech.
Deepfake scams have become widespread around the world. Last month, BBC reported how a deepfake of journalist and broadcaster Martin Lewis attempted to solicit money for a fake investment scheme, while similar scams were reported in China and India in recent weeks.
Lost memories, no opportunity for redress
Users who fall victim to similar scams say they have almost no ability to resolve the issue and reclaim their stolen accounts.
One victim told Times of Malta that they lost over a decade’s worth of precious photos of their son which were stored on their Facebook account. Another victim reportedly lost access to their business’ budding Facebook page.
All victims who spoke to Times of Malta said they repeatedly attempted to contact Facebook to resolve the issue and regain access to their account, to no avail, with the platform’s support centre making it impossible for users to speak to a customer care official.
Gatt says that these deepfake scams highlight the need for better protection of citizens through “a regulatory regime in which such content is punishable and prosecutable.
“Ordinary citizens must have a redress-mechanism and an ‘early warning’ method to gain assistance to cybercrime professionals (both at a state level – such as the police, and at product level – perhaps Facebook) to suppress viral distribution of content which is declared to be fake.”
How can you protect yourself?
Meanwhile, cybersecurity specialist Tomasz Andrzej Nidecki told Times of Malta that users can take certain preventative measures to avoid falling victim to similar scams.
“Never enter personal data or log in on a site that you visited via a link that you received from an unknown source and never give away any kind of codes received by email or SMS to anyone, no matter what.
“Always double-check every request you receive. If a friend on Facebook asks you to help recover their account, check that they are really the person they claim to be by contacting them using a different communication medium or asking them a question that only they would know the reply to.”
Nidecki also emphasised that users should never use the same or similar passwords for different platforms and avoid using passwords that include data such as family members’ names or dates of birth. Users should always turn on two-factor authentication, wherever possible, Nidecki says.