Deepfakes are changing cybercrime and creating a new challenge for channel partners

By Ricardo Arroyo, Principal Product Manager at WatchGuard

  • Thursday, 2nd July 2026 Posted 2 hours ago in by Sophie Milburn

Fraud has always depended on trust. For a long time, cybercriminals have been exploiting that trust through phishing emails, fake websites, business email compromise (BEC) scams and social engineering. Their goal has not really changed -  it is to persuade people to do something they otherwise would not, such as transfer money, share credentials or grant access. What has changed is how convincing the deception is. 

AI has given cybercriminals a powerful new capability. Deepfakes, such as AI-generated audio, video and images designed to imitate real people, are making impersonation attacks faster, cheaper and more convincing. This means organisations can’t assume that a familiar face, voice or message is genuine. 

For channel partners, including MSPs, MSSPs, resellers, systems integrators and security consultancies, this creates an important opportunity to help customers rethink how trust is established, verified and protected across the organisation. 

The rise of believable deception 

A deepfake is synthetic media generated or modified using AI models to convincingly replicate a real person, object or event. Advances in generative AI have made it possible to create realistic audio and video using only small amounts of publicly available source material. 

Anyone spending time on social media has likely encountered AI-generated content that can be difficult to distinguish from authentic media. While much of it is created for entertainment, the same technology can be weaponised by attackers. 

Historically, impersonation attacks needed convincing spoofed emails, insider knowledge, time spent grooming targets and repeated interaction that increased the risk of detection. Today, attackers have the ability to create convincing imitations of executives, suppliers or trusted colleagues with far less effort. The result is a significant reduction in the cost and friction of social engineering. 

Deepfakes are not a new crime category 

The cybersecurity industry often frames threats in terms of tools. Malware families, exploit kits, phishing frameworks and zero-day exploits are all given their own categories and terminology. Deepfakes are the latest example of this. Their rise has prompted discussions around regulation and whether existing legal frameworks are enough. However, the question we should be asking is whether the tool itself fundamentally changes the crime? 

Fraud is still fraud. Impersonation is still impersonation. Unauthorised access is still unauthorised access. Deepfakes are not creating new criminal intent. They are making existing forms of deception more convincing and easier to execute quickly and at scale. In that sense, they are not a new category of crime but a force multiplier for crimes that already exist. 

This distinction is important because while the technology is new, the weakness it is exploiting is not. Deepfakes can only succeed when trust is granted without verification. 

Why traditional security controls struggle 

Most deepfake-enabled attacks succeed without exploiting a single software vulnerability. There is no malware to detect, no privilege escalation to monitor and no exploit to patch. Instead, the attack path is remarkably straightforward: assume a trusted identity; create urgency or authority; trigger a legitimate human action; let the system do exactly what it was designed to do 

Funds are transferred through approved processes. Credentials are shared willingly. Access is granted by authorised users. The technology does not compromise the system because the deception convinces people to use the system exactly as intended. 

This creates a challenge because many security controls are designed to identify technical anomalies. Deepfake-enabled attacks bypass those controls by targeting human decision-making instead. 

If a finance manager receives what appears to be a video call from the CFO requesting an urgent payment, the transaction itself may appear entirely legitimate from a technical perspective. The same applies to helpdesk requests, password resets, vendor payment changes and executive approvals. 

Deepfakes expose an old weakness 

Organisations traditionally treated certain signals as inherently trustworthy. A familiar voice on the phone, a recognised face on a video call or a request from a senior executive has often been accepted as evidence of authenticity. Deepfakes have not weakened those signals, they have just exposed the fact that those signals were never strong forms of verification in the first place. 

Many approval workflows, helpdesk processes and executive exceptions were built on social assumptions rather than verifiable identity. Deepfakes have now automated the exploitation of that gap. 

This is why many deepfake incidents look closer to insider mistakes than traditional cyberattacks. The systems themselves behave exactly as intended; it is the human decision-making process that has been manipulated. 

What the channel should be doing differently 

As organisations get to grips with the implications of AI-driven deception, many will look to trusted channel partners for guidance on how to adapt their security controls and business processes. 

The most effective response is not simply deploying new detection technologies. It involves helping customers redesign trust models and business processes. 

The first priority is moving from identity by familiarity to identity by proof. Employees should not approve sensitive requests solely because they appear to come from a recognised individual. Critical actions should be supported by strong authentication, secure workflows and independent validation processes. 

The second priority is eliminating exceptions driven by urgency. Many successful attacks exploit pressure and time constraints. Deepfakes make these tactics even more persuasive because the request appears to come directly from a trusted authority figure. 

Organisations should ensure that urgent requests trigger additional verification rather than reduced scrutiny. For example, financial transactions should require multiple approvals; vendor payment changes should be independently validated; MFA resets should follow established verification procedures; and sensitive access requests should require strong authentication regardless of who appears to be making the request. 

Finally, organisations need to focus on designing processes that make secure decisions easier. Security awareness remains important, but employees should not carry the whole burden of defence. Well-designed workflows help reduce the likelihood of human error by embedding verification into routine business processes. 

The MSSPs role in strengthening trust 

Deepfakes reinforce the lesson that trust should never be based solely on appearance, familiarity or authority. For many customers, addressing that challenge will require a combination of technology, process redesign and user education. 

This creates an opportunity for channel partners, whether they provide managed services, security expertise, identity solutions or strategic consultancy, to help customers assess where business processes still rely on assumptions rather than verification. Whether that involves strengthening authentication, reviewing approval workflows or implementing more robust identity controls, the goal is the same. 

The question is not just whether a deepfake can be detected; it is whether a business process can withstand deception even when the fake appears completely convincing. Deepfakes are unsettling because they challenge a long-standing assumption that seeing and hearing are reliable forms of verification. Trust has always been a security control but it has often been implemented informally through human judgement and social familiarity. 

Organisations can no longer rely on appearance, authority and familiarity as proof of identity. They need to build verification directly into their processes so they can withstand even the most convincing forms of deception. The technology may be new, but the principle is not. Trust should never be assumed. It should always be verified. 

In an exclusive interview with Rik Ferguson, VP of Security Intelligence at Forescout, it becomes clear that effective cybersecurity now demands more...
By Tobie Morgan-Hitchcock, CEO & co-founder, SurrealDB.

Before MSPs Adopt AI, They Need a Thesis

Posted 1 day ago by Sophie Milburn
By Adam Winston, Vice President of Endpoint Security & MDR, WatchGuard
By Brett Candon, VP International at Dropzone AI
In this Q&A, Kristian Györkös, Senior Vice President and Global Head of Channel at WSO2, discusses how the rise of agentic AI is reshaping...
By Tracey Hannan-Jones, information security consulting director at UBDS Group

The infrastructure behind the UK’s AI ambitions

Posted 2 days ago by Sophie Milburn
Chris Carreiro, Chief Technology Officer at Park Place Technologies, examines how sovereign compute ambitions and accelerating AI adoption are...
By Daniel Hurel, Senior Vice President, Westcon EMEA Go-To-Market at Westcon-Comstor