Deepfake-enabled fraud, driven by artificial intelligence, is becoming a significant threat to financial institutions, customers, and transaction systems, according to a recent report by Seqrite, the cybersecurity arm of Quick Heal Technologies Limited. These attacks involve AI-generated impersonations using synthetic voice, video, and identity manipulation to bypass traditional security checks. Attackers can convincingly mimic individuals like executives or customers, leading to fraudulent activities such as unauthorized transactions and account takeovers.
The report highlighted that these fraudulent activities are especially effective in environments prioritizing transaction speed over thorough verification processes. Between October 2024 and September 2025, there were over 265.52 million detections on more than 8 million endpoints, averaging 505 detections per minute. Trojans and file infectors were the most commonly detected threats, with campaigns often relying on social engineering tactics for compromise.
Financial institutions, known for trust-based interactions, are particularly vulnerable to deepfake-based fraud, which infiltrates legitimate communication channels like calls and video verifications. This makes detecting such fraud more challenging. Under the Digital Personal Data Protection (DPDP) Act of 2023, financial institutions are mandated to protect personal data and ensure secure digital interactions to prevent breaches and identity misuse.
To combat these evolving threats, the report recommended a shift from static identity verification to dynamic, behavior-based validation. It emphasized the importance of implementing multi-layered authentication, anomaly detection in transaction flows, and monitoring communication channels for signs of manipulation. The report also warned that future threats are likely to be more advanced, AI-driven, and capable of circumventing traditional security measures.
