Day 2 — Deepfake BEC, Vishing, and Synthetic Identity
Course: SEC5xx — Detecting and Responding to AI-Generated Adversary Content Day: 2 of 5 · ~6 hours instruction + 2.5 hour lab + breaks Prerequisite: Day 1 (Detector’s AI Stack + AI-Generated Phishing)
What Day 2 builds
Day 1 established the detector’s AI stack and applied it to AI-generated text. Day 2 applies that same stack to a fundamentally different artifact class: synthetic audio, video, and identity.
The defining property of Day 2’s threat class: the attacker’s payload is not text — it’s a deepfake voice on a Zoom call, a fabricated executive on a video conference, an AI-generated LinkedIn profile in your vendor onboarding queue. The detector’s tooling from Day 1 still applies (embeddings, RAG, hybrid retrieval) but the signal pipeline is different — and the durable controls are workflow-shaped, not artifact-shaped.
By end of Day 2, students leave with:
- A practical understanding of the Arup HK$200M anchor case and the subsequent 2024-2026 deepfake-BEC incident landscape
- A working audio deepfake detection pipeline using current open-source models
- The honest read on video deepfake detection: generation has outpaced detection, so layered workflow defenses are the durable controls
- A SIEM-grade workflow-gap detection (the “wire-transfer-changed-without-OOB-verification” pattern) that catches incidents the audio detector misses
- The IR playbook for a deepfake-suspected incident from first 30 minutes through regulatory notification
The six modules
| # | Module | Focus |
|---|---|---|
| 2.1 | Anchor case: Arup HK$200M deepfake BEC | The Feb 2024 case, follow-on incidents 2024-2026, FBI/Europol trend data |
| 2.2 | Synthetic audio detection — what’s catchable | AASIST family + successors, current open-source detectors, working Python pipeline, known evasions |
| 2.3 | Synthetic video detection — and why it’s harder | C2PA adoption in 2026, physiological liveness, why detection has fallen behind generation |
| 2.4 | The vishing kill chain | Recent incidents, the FBI/IC3 numbers, regulatory mandates for OOB verification, where to break the chain |
| 2.5 | Synthetic identity at scale | AI-generated profiles for KYC bypass, vendor fraud, executive impersonation, KYC vendor defenses |
| 2.6 | IR playbook: deepfake-suspected incident | First 30 minutes, forensic preservation, regulatory notifications, transaction reversal windows |
Lab 2
Students operate both sides in a controlled lab:
- Red half: Sandboxed Whisper + XTTS pipeline generating a voice clone against a SANS-owned synthetic CEO audio clip (no real-person likeness used)
- Blue half: Run the audio detection pipeline from Module 2.2 + the workflow-gap SIEM rule from Module 2.4
The lab is deliberately designed with a hard case: the audio detector scores the deepfake at 0.61 against a 0.7 default threshold — below alarm, but the audio is fake. Students who blindly trust the threshold miss the attack. They must demonstrate that the workflow-gap SIEM rule catches the wire transfer even when the audio detector misses — the durable control is the OOB-verification gate, not the artifact classifier.
Key references for Day 2
Verified case studies (cross-checked May 2026):
- Arup Hong Kong, Feb 2024 — HK$200M / ~$25.6M deepfake video BEC, confirmed by Hong Kong Police press conference
- WPP CEO Mark Read deepfake attempt, May 2024 — failed because target recognized out-of-band channel anomaly
- LastPass voice deepfake attempt on employee, April 2024 — failed at OOB verification
Frameworks and standards:
- C2PA (Content Authenticity Initiative) — content provenance signing standard
- MITRE ATT&CK T1566.004 — Spearphishing Voice
- FBI IC3 BEC trend reports (2024, 2025 figures)
- Sigma 2.0 correlation rules for workflow-gap detection
Tools introduced (working code in Module 2.2):
- AASIST family audio deepfake detectors
- Open-source pretrained models on Hugging Face
- C2PA verification library (c2pa-python)
- Workflow-gap Sigma rule pattern
How Day 2 changes the detector’s mental model
Day 1 framed the detector’s work as artifact analysis — given an email, classify it. Day 2 introduces the lesson that for high-impact deepfake threats, artifact analysis alone is insufficient:
- Audio deepfake generation in 2026 frequently produces output that current detectors score below alarm threshold
- Video deepfake generation has outpaced video detection; C2PA provenance signing is the only durable control, and adoption is partial
- The synthetic-identity layer (AI-generated executives on LinkedIn, fabricated vendor profiles) is detectable at the platform layer, not at the endpoint
The durable controls are workflow gaps: a wire transfer with changed payment instructions must be confirmed through a second channel the attacker doesn’t control. The absence of that confirmation event in your SIEM is your highest-fidelity detection. Day 2 makes this explicit — and arms the detection engineer with the workflow-gap detection patterns that survive when artifact detection fails.
What Days 3-5 build on this foundation
- Day 3 — LLM-authored malware, prompt-injection campaigns against enterprise copilots. Same workflow-gap thinking applied to the enterprise-LLM trust boundary.
- Day 4 — Agentic adversaries, AI supply-chain compromise. The detector’s stack from Days 1-2 + agent telemetry as a detection signal.
- Day 5 — Capstone. The Verdancy Health scenario includes a deepfake voice BEC stage that students must catch using exactly the Day 2 workflow-gap pattern.