+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is Deepfake Phishing?

Deepfake phishing is a phishing attack that uses synthetic or manipulated video, audio, images, or profiles to make a deceptive request feel authentic.

Learn More
Glossary Index AI & Emerging Threats
Short definition

Deepfake phishing uses fake media as part of a phishing campaign. The media may imitate an executive, coworker, vendor, customer, recruiter, or support agent to influence a click, payment, login, approval, or data disclosure.

At a glance: Deepfake phishing is a specific form of deepfake scam focused on phishing-style requests and user actions.

Deepfake Phishing Meaning

Deepfake phishing sits inside the broader category of deepfake scams. The difference is the goal and delivery: deepfake phishing uses fake media to support a request that asks the target to click, sign in, share data, approve access, or move money.

The fake media may arrive before the phishing message, inside the message, or during a follow-up call or video meeting. It acts as evidence in the attacker's story: this person is real, this message is legitimate, and the requested action should happen now.

Deepfake phishing is a strong fit for phishing simulation because employees need to learn that convincing media does not replace trusted verification.

How Deepfake Phishing Works

Deepfake phishing combines phishing delivery with fake or manipulated media.

  1. The attacker selects a trusted identity. This may be an executive, vendor, employee, customer, recruiter, or support contact.
  2. Synthetic media supports the identity. A fake voice note, profile photo, video clip, or meeting appearance reinforces the story.
  3. A phishing request is made. The target is asked to click, sign in, approve, pay, download, or disclose information.
  4. Pressure reduces verification. The attacker may ask for secrecy, speed, or an exception to normal process.
  5. The action creates compromise. Credentials, data, funds, or access can be stolen after the user acts.

Common Deepfake Phishing Examples

Deepfake phishing often targets workflows where identity drives trust.

  • Fake executive video: A message includes a synthetic clip asking finance to process a confidential transfer.
  • Voice-supported login lure: A fake manager voice tells an employee to open a link and sign in.
  • Synthetic vendor profile: A fake representative uses a generated image and polished messages to request payment changes.
  • Recruiting phishing: A fabricated recruiter or candidate profile sends a malicious document or portal link.
  • Support impersonation: A fake support agent uses media and chat to convince a user to reset access.

Why Deepfake Phishing Matters

Deepfake phishing matters because it attacks recognition. When a face, voice, or profile looks familiar, users may trust a request before checking the action itself.

Organizations can reduce that risk by teaching users to separate identity signals from authorization. PhishingBox supports that through security awareness training and realistic phishing tests.

How to Reduce Deepfake Phishing Risk

Reducing deepfake phishing risk means verifying sensitive actions through trusted workflows.

  • Verify through known channels. Use approved numbers, internal directories, ticketing systems, or in-person checks for high-risk requests.
  • Separate media from approval. A video, voice note, or profile should not authorize a payment, reset, or disclosure by itself.
  • Watch for urgency. Secrecy, pressure, and blocked callbacks are warning signs.
  • Protect executive media. High-visibility staff should understand that public audio and video can be reused.
  • Report suspicious media. Save links, files, numbers, timestamps, and screenshots when reporting.

Related Deepfake Phishing Terms

Deepfake phishing is best understood alongside fake media scams and AI impersonation.

  • Deepfake Scams covers the broader use of fake media for fraud and manipulation.
  • AI Phishing explains phishing messages created or improved with AI.
  • AI Impersonation focuses on AI-assisted fake identities across channels.

Deepfake Phishing Takeaway

Deepfake phishing is not dangerous because media is impressive. It is dangerous because media can make a risky request feel approved.

When the action matters, verify the process instead of trusting the face, voice, or profile.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Deepfake Phishing

Quick answers about fake media in phishing, deepfake scams, business targets, and verification.

What is deepfake phishing?

Deepfake phishing is phishing that uses synthetic or manipulated media to make a deceptive request feel authentic.

How is deepfake phishing different from deepfake scams?

Deepfake scams are broader. Deepfake phishing specifically uses fake media to support a phishing-style request such as clicking, logging in, paying, or sharing data.

Can deepfake phishing happen without video?

Yes. It can use audio, profile images, screenshots, voice notes, or other synthetic media.

How should employees respond to a deepfake phishing request?

They should pause, avoid acting through the provided link or channel, verify through trusted workflows, and report the media and message.