Cambridge thesis presentation

The impact of Deepfakes

Deepfakes have moved from a technical curiosity to a practical fraud tool. The core risk is not only that media can be fabricated, but that trust, evidence, and identity can be attacked at scale.

Read the thesis Explore the evidence See defenses

Thesis title page for The impact of Deepfakes on a wooden desk — Thesis: **The impact of Deepfakes**, a study of deepfake fraud and its effects.

Thesis viewer

Read the thesis manuscript

Browse The impact of Deepfakes through its abstract, chapters, conclusion, and selected references.

Abstract

This dissertation examines the impact of deepfakes on fraud, institutional trust, and evidentiary confidence. It argues that deepfakes should not be understood simply as manipulated videos, but as a class of synthetic identity technologies that change the economics of deception. By reducing the cost of impersonation and increasing the apparent intimacy of fraudulent communication, deepfakes alter how victims interpret urgency, authority, and authenticity.

The study combines technical analysis of generative models with case-based examination of voice cloning, executive impersonation, non-consensual synthetic imagery, and political disinformation. It finds that the most consequential harms arise not from perfect fakes, but from plausible fakes deployed in moments where verification is inconvenient. The work therefore proposes a shift from content-only detection to process-based resilience: provenance, out-of-band verification, payment controls, and institutional literacy.

Keywords: deepfakes, synthetic media, fraud, identity, provenance, trust.

1. Introduction

The term deepfake describes media produced or altered by machine-learning systems so that a person appears to say or do something that did not occur. Early public discussion focused on face-swapping videos, but the contemporary threat landscape is wider: cloned voices, real-time video avatars, synthetic identification documents, and generated images now form a connected ecology of synthetic identity.

The central claim of this thesis is that deepfakes matter because they detach identity from reliable human presence. A voice on the telephone, a face in a video call, or an image attached to a profile was once treated as weak but useful evidence of personhood. Deepfakes exploit that habit. They do not need to survive forensic analysis indefinitely; they need only to be credible long enough for money to move, consent to be extracted, or a reputation to be damaged.

Three research questions guide the analysis. First, how do generative systems make impersonation cheaper and more scalable? Second, why are deepfakes effective in fraud contexts even when visual imperfections remain? Third, what forms of governance and organizational design reduce harm without treating detection as a complete solution?

Deepfake harm is rarely a purely technical failure. It is a failure of social process under conditions of uncertainty.

2. Technical Background

Deepfakes are enabled by generative models that learn statistical regularities from large datasets and then synthesize new outputs. Autoencoders, generative adversarial networks, diffusion models, neural vocoders, and transformer-based architectures all contribute to the present deepfake ecosystem. Although these systems differ architecturally, their social effect is similar: they transform biometric cues into editable media.

Face-based systems map expressions, pose, and lighting from a source actor to a target identity. Voice systems learn phonetic and timbral features from a sample of speech, then generate new utterances in the target voice. Real-time systems combine these techniques with low-latency rendering, allowing impersonation during live calls. The threshold for abuse has fallen because models are increasingly available as consumer tools rather than specialist research artifacts.

Detection research typically searches for artifacts: irregular eye movement, inconsistent shadows, compression traces, temporal flicker, or spectral anomalies in audio. However, detection is adversarial. A classifier trained on yesterday's artifacts may fail against tomorrow's generator. For this reason, detection should be treated as one layer in a broader system rather than the foundation of trust.

Generation lowers the cost of creating persuasive identity signals.
Distribution platforms lower the cost of targeting and amplification.
Verification gaps convert plausible media into financial or reputational harm.

3. Fraud, Identity, and Trust

Fraud depends on a believable story. Deepfakes strengthen that story by adding sensory evidence to social engineering. A fraudulent email can be ignored; a voice that resembles a colleague, parent, or senior executive can produce urgency before deliberation begins. The psychological mechanism is not perfect deception but pressured interpretation.

Business email compromise illustrates the shift. Traditional attacks rely on compromised accounts, spoofed domains, and procedural ambiguity. Synthetic media adds a performative layer: the attacker can simulate the authority figure whose instruction is being invoked. In a video meeting, multiple synthetic participants may create the illusion of consensus, making refusal feel socially costly.

This chapter treats deepfake fraud as an attack on institutional routine. Payment approvals, password resets, hiring checks, and customer onboarding all use identity shortcuts because organizations need speed. Deepfakes weaponize those shortcuts. A resilient response must therefore redesign the moments at which trust is granted.

Fraud vector	Deepfake role	Defensive control
Executive payment request	Voice or video authority cue	Dual approval and callback
Account recovery	Synthetic selfie or voice	Device history and risk scoring
Public disinformation	Fabricated event evidence	Provenance and rapid correction

4. Governance and Evidence

Governance of deepfakes is difficult because synthetic media has legitimate uses: accessibility, dubbing, satire, film production, privacy-preserving avatars, and education. A useful framework must distinguish consent-based synthesis from deceptive impersonation and must account for context. The same technique may be harmless in a labelled film scene and harmful in an unlabelled political advert or payment instruction.

Legal and regulatory responses increasingly focus on impersonation, non-consensual intimate imagery, election interference, and disclosure. Yet law is slow compared with model diffusion. Platforms and institutions therefore carry practical responsibility: labelling synthetic content, preserving provenance metadata, authenticating official media, and offering rapid appeal mechanisms for victims.

The evidentiary problem is two-sided. False media can be believed, but true media can also be dismissed as fake. This second problem, sometimes called the liar's dividend, means that deepfakes weaken the background assumption that recordings settle disputes. Provenance systems such as signed capture, content credentials, and chain-of-custody logs are valuable because they support authenticity before controversy arises.

The most robust governance model combines consent rules, disclosure duties, platform enforcement, and institutional verification practices.

Conclusion

Deepfakes do not make truth impossible, but they make trust more expensive. Their impact lies in the compression of time between fabrication and consequence. A synthetic voice may need only thirty seconds to authorize a transfer. A fabricated image may need only one evening to damage a reputation. A false video may need only one news cycle to polarize an audience.

The thesis has argued for a shift from a media-forensics mindset to a resilience mindset. Detection remains important, but it cannot carry the entire burden of authenticity. The more durable response is procedural: trusted channels, provenance, delayed high-risk decisions, multi-party authorization, and public education that normalizes verification without normalizing cynicism.

Deepfakes reveal that identity has always been partly infrastructural. We trust people not merely because we see or hear them, but because institutions, habits, and records support that recognition. The task ahead is to rebuild those supports for a world in which media can be generated on demand.

Central argument

Synthetic media changes the economics of deception.

A convincing fake voice, face, or video used to require specialist labor. Generative AI lowers the cost, speeds up production, and lets fraudsters personalize attacks. That matters because scams succeed when victims feel urgency, social pressure, or institutional authority.

Deepfakes therefore sit at the intersection of cybersecurity, law, platform governance, and media literacy. The question is less whether a fake can be spotted perfectly, and more how institutions reduce harm when verification is uncertain.

Current signals

Deepfakes are part of a broader fraud surge

$16.6B

reported internet-crime losses in 2024

The FBI IC3 recorded a 33% increase in reported losses compared with 2023.

$13.7B

cyber-enabled fraud losses

Cyber-enabled fraud accounted for 83% of all losses reported to IC3 in 2024.

$2.77B

business email compromise losses

Executive impersonation and payment redirection remain high-value targets for synthetic media.

2024

AI voices in robocalls banned

The FCC ruled that AI-generated voices in robocalls are illegal under the TCPA.

What changes

The main effects of deepfakes

Fraud becomes more personal

Voice clones and video impersonations make scams feel socially plausible. A fake manager, parent, bank agent, or public official can create pressure that bypasses ordinary skepticism.

Evidence becomes easier to contest

Even genuine recordings can be dismissed as fake. This “liar’s dividend” weakens public accountability because proof must now carry more authentication context.

Reputation attacks scale quickly

Synthetic intimate imagery, fake confessions, fabricated news clips, and manipulated workplace recordings can cause harm before a correction reaches the same audience.

Security shifts from content to process

Detection tools help, but resilient organizations also need payment controls, trusted callback channels, provenance records, and rehearsed escalation paths.

Case study

The fake video-call executive

In 2024, police in Hong Kong described a case where a finance worker was deceived during a video call with deepfake versions of colleagues and transferred about US$25 million. The case is a warning: the most dangerous deepfakes often appear inside ordinary workflows.

Warning signs

Unexpected payment urgency
Requests to bypass policy
Pressure to keep the task secret
Refusal to verify through a known channel

Practical response

How to reduce harm

Verify identity out-of-band

Use a known phone number, secure chat, or pre-agreed phrase before approving sensitive actions.

Separate authority from execution

Require dual approval for transfers, credential changes, publication, and disciplinary action.

Attach provenance to media

Cryptographic provenance, metadata, and chain-of-custody records make authentic material easier to defend.

Train for uncertainty

Staff and students need scripts for pausing, escalating, and verifying rather than simply “spotting fakes.”