It took 10 minutes and a free online tool to deepfake Jim's voice, with no expertise and no cost involved.

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined again by Alexandra Jorissen from identifAI, alongside Lorenzo Zoffoli, a cybersecurity professional with 12 years of experience. Following the huge response to our first deepfakes episode, which set a bit of a channel record with the number of views, we go further into the technology, the threats and what organisations can actually do about it.

The episode opens with a deepfake of Jim's voice, created by Lorenzo using a free online tool and 5 seconds of audio from our YouTube channel. It took 10 and cost nothing. That sets the tone for a conversation that goes well beyond what was covered in the first episode, into the industrialisation and scalability of deepfake attacks, the personalisation that makes them almost impossible to spot and why visual and audio content can no longer be treated as proof of truth.

From a Dutch bank discovering 46 fraudulent accounts opened by one person using deepfakes, to personalised attacks targeting family members and high net worth individuals, the threat has moved well beyond the boardroom. This episode gets into what organisations can actually do about it, from how detection technology works and where it fits in a security stack, to why verifying identity in digital spaces needs to become as normal as challenging someone without a badge in a physical office.

Three key talking points:

• The industrialisation of deepfake attacks: Creating a convincing deepfake used to take time, expertise and significant effort. That barrier has almost disappeared. Attacks can now be generated, refined and reused across hundreds of targets at speed and at almost no cost, using nothing more than publicly available social media content and free online tools.
• It's not just organisations at risk anymore: The first episode focused on corporate threats like fake board meetings and expense fraud. This one goes further into the personal risk, from deepfaked voice messages impersonating family members to compromising images generated from a single photograph. The technology doesn't care whether the target is a CISO or someone's mum.
• Why detection is now part of defence in depth: Deepfake detection needs to sit alongside email security, EDR and the rest of the standard security stack. This episode gets into how detection works at a pixel and byte level, why results are probabilistic rather than binary and what happens if smaller organisations are priced out of access.

If you caught the first episode, this one goes further. If you didn't, take a look! Either way, deepfakes aren't just on their way. They're already here.

On why the real problem is what we're not catching:

“We need to put doubt in any digital media we handle and get used to trying to verify if content coming from unknown sources can be manipulated or completely generated by AI tools.”

Lorenzo Zoffoli

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

In this episode, we covered the following topics:

• The Industrialisation of Deepfake Attacks Understand why deepfake attacks are no longer handcrafted for single targets but can be generated, refined and deployed at scale across hundreds of victims simultaneously.
• 46 Fake Bank Accounts at a Major Dutch Bank How one person used deepfakes to open 46 fraudulent accounts at ABN AMRO and why it was only caught because of a fluke.
• Personalised Social Engineering at Scale Discover how AI-driven attacks are now tailored to individual targets using publicly available data, making phishing attempts feel familiar, urgent and highly credible.
• The Personal Risk: Family, VIPs and Romance Scams Explore the extent to which deepfake threats extend beyond corporate targets, from cloned voice messages impersonating family members to compromising images generated from a single photograph.
• Why Seeing Is No Longer Believing Find out why visual and audio content can no longer be treated as proof of truth and why human senses alone are no longer enough to detect manipulation.
• How Deepfake Detection Actually Works We discuss how detection tools analyse images and video, why results are expressed as probabilities rather than certainties and why organisations need to determine their own thresholds for action.
• Liveness Checks Are Already Being Bypassed Find out why the "turn your head left, turn your head right" verification that banks and identity platforms rely on is already being beaten by newer deepfake models.
• Normalising Verification in Digital Spaces Explore why challenging a suspicious video call or email needs to become as normal as stopping someone without a badge in a physical office.
• Deepfake Detection as Part of Defence in Depth Understand why deepfake detection now needs to sit alongside email security, EDR and the rest of the standard security stack.

Resources Mentioned

• identifAI
• ABN AMRO deepfake bank account fraud
• Mobile World Congress Barcelona
• Nanobanana (image generation tool referenced for realism)
• Will Smith spaghetti meme (referenced for AI quality progression)
• Google badge policy (referenced by Alex as example of normalised verification)

Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

LinkedIn: Razorthorn Security

YouTube: Razorthorn Security

TikTok: Razorwire Podcast

Instagram: Razorwire Podcast

Twitter: @RazorThornLTD

Website: www.razorthorn.com

All rights reserved. © Razorthorn Security LTD 2025