The camera never lies. Except, of course, when it does.
In the mid 2020s, as AI technology accelerates faster than most people can keep up, there’s an increasing need to employ a sceptical approach to… well, everything.
That includes, quite astonishingly for many, videos of colleagues and friends apparently talking to us in real time. Deepfake videos are now a precision and highly effective tool in the cyber criminal’s armoury – and deepfake detection is vital.
This post provides deepfake protection advice from Intersys MD Matthew Geyman, to help you recognise and avoid scams. It also offers a guide to Microsoft Teams tools for repelling deepfakes, from Intersys’ Head of Security Jake Ives.
What are deepfakes and how big a problem are they?
Deepfakes are AI-generated synthetic media that convincingly mimic the likeness, voice or actions of real people in videos, photos or audio recordings. According to the UK government, in 2025 the number of deepfake videos circulating online is expected to pass eight million. Originally linked to pornography, deepfakes are increasingly a cyber criminal tool and high-net-worth businesses are prime targets. While the technology is cutting-edge, the methodology is as old as, if not the hills, then at least online banking: impersonate a trusted figure and authorise a high-value transfer.
Ah, but you wouldn’t fall for this, would you?
Would you?
In 2024, a finance worker in a multinational business was sceptical of an email purporting to be from his CFO. It spoke of a ‘secret transfer’ and he assumed it was a phishing email.
However, when he saw people he knew attending a follow-up call, he put aside his doubt and joined the video chat. Several of his colleagues were in attendance and he was convinced to pay out $25m. But, of course, all of his ‘colleagues’ were deepfakes and the $25m went to fraudsters.
Examples like this abound. However, we mention this one because the victim was already sceptical, but was still, finally, convinced. Such is the deceptive power of deepfakes and the increasing difficulty of deepfake detection.
Deepfake detection and awareness: how to fight back
Intersys MD Matthew Geyman recommends the following deepfake protection methods. He says, ‘These three principles can significantly reduce your vulnerability to deepfakes.’
1. Use ‘MFA for People’. Ensure no one person can make large transfers alone and that company procedures mandate every payment request must be authorised by a second individual. Says Matthew, ‘This is an organisational principle that goes beyond concerns about deepfakes, but it’s an extremely good safeguard. The need for a deepfake to convince multiple people lowers the chances of success.’
2 ‘Break the fake’. Any doubts? Ask participants to wave their hands across their face three times, once slowly, then at medium speed, then fast. Also, ask them to turn their head sideways, both ways, quickly. Current algorithms struggle to keep up with some motions, so this deepfake detection method may result in odd video effects, for instance pixelation or distorted faces. As the tech improves, however, this method may become less reliable.
3. Take control of meetings. For sensitive meetings, for instance those that involve finance discussions, insist on scheduling it at your end. Where this isn’t possible and someone else has arranged the meeting, tell them you will end the call and redial. This may weed out deepfake scammers relying on pre-rendered video. As an additional measure, you can also pre-screen attendees via trusted channels like WhatsApp, iMessage and Signal.
Says Matthew, ‘The above deepfake detection and protection measures will work only if your organisational culture does not stigmatise challenging colleagues. While it might seem toe-curling to ask a CEO to wave his hands, losing £25m is going to be considerably more embarrassing. Embrace these checks.’
And from Matthew, a note of caution, ‘The tech is improving all the time, so these hints may not apply for long. However, right now they can help.’
Using Microsoft Teams to repel deepfakes
Jake Ives, Head of Security at Intersys, recommends the Microsoft Teams measures below to help improve deepfake detection and eliminate deepfake fraud. While we haven’t provided an exhaustive step-by-step guide to using Teams for each measure, we have highlighted the key settings you should configure. You should be able to easily fill in any gaps in your knowledge with an internet or AI search.
Use Teams Premium email verification features
Microsoft Teams Premium offers enhanced meeting security, above and beyond those checks available in standard versions. Among these are email verification for external participants, which require them to verify their identities before joining using a code.
Use Teams’ CAPTCHA verification
With Teams’ standard functionality you can mandate verification checks for anonymous or unverified users, and people from suspect organisations. While not as advanced as Teams Premium verification, it does include a CAPTCHA text or audio challenge, to weed out web bots.
Make the lobby mandatory for external participants
Ensure people outside your organisation cannot bypass the lobby.
If you’re not an admin, you’ll need to ask your Teams administrator to make this change for you.
Deny access to all personal and trial accounts
Security requirements for personal accounts are not as robust as those for business accounts and are often exploited. Deny all access.
Also, it’s very simple to create a trial Teams tenant – and this is often abused by threat actors. Deny all access.
Become a Zero Trust organisation
This is the safest and most recommended approach for deepfake prevention. Lock down Teams communication to specific approved domains for meetings, calls and messages.
You can do this by maintaining a list of domains / customers that your users can communicate with over Teams.
Turn the below setting ‘Off’ to prevent interactions with anonymous users.
Beyond Teams – further cautionary measures
Enforce Verified ID controls in Entra ID
If you are giving an external party access to highly sensitive information in SharePoint or OneDrive, you could consider enforcing Verified ID controls in Entra ID. This is a product from the Microsoft Entra Suite.
Check email / domain addresses in a WHOIS database
When communicating with users outside your organisation, it’s important to check the email address. Use a WHOIS database, a publicly accessible directory that contains information about domain name registrations, to confirm that the domain hasn’t recently been registered. If it has – beware.
WHOIS databases can also help detect deceptive homoglyph email addresses (ones using similar but different characters than authentic addresses) by displaying those addresses in a format that reveals their true nature.
Deepfake detection: final thoughts
Says Matthew Geyman, ‘Ultimately, technology alone won’t save us. Yes, we need better detection tools, smarter AI and stronger controls such as robust conditional access policies – but without a security-first culture, it all crumbles. We need workplaces where curiosity and caution are not only allowed, but expected.
‘In the fight against deepfakes, “Trust, but verify” – a culture of continuous verification – is more than a Cold War relic. It’s a principle for the digital age that should be embedded in every organisation’s people, processes and technology stack.’
Find out more about Intersys’ premium Cyber Security as a Service.