A new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, instances of deepfaked selfies have increased by 58% over the past year.
“This rise in deepfakes is part of a broader trend of increasingly sophisticated attacks driven by injection attacks, which surged 40% year-over-year,” Entrust says.
“Injection attacks enable fraudsters to bypass live capture processes by feeding manipulated images or videos directly into verification systems. When combined with deepfakes, these sophisticated techniques can convincingly mimic users and live capture experiences, making detection difficult without robust, multi-layered fraud prevention.”
The report highlights how these attacks assist in social engineering tactics, particularly during employee onboarding processes.
“Fraud prevention systems are stronger than ever, but people remain the most vulnerable link in the chain,” the researchers write. “In 2025, indicators suggest that social engineering and coercion pose an increasing threat to identity verification during the onboarding process.
“Unlike technical fraud, these attacks manipulate victims into using their own real identity credentials. From phishing emails to romance scams and fake executives, fraudsters exploit human trust in ways that are extremely difficult for technology to block. Coercion attacks are uniquely difficult to detect because victims use their own genuine documents and biometrics – only under pressure or instruction from someone else.”
The researchers are tracking dozens of organized criminal groups that operate like professional businesses to carry out fraud. Unskilled crooks can also buy platforms designed to automate their attacks.
“Attackers can now purchase ready-made kits, credential dumps, and AI-powered deepfake tools directly through encrypted messaging channels and dark web forums,” the researchers write. “These platforms have made professional-grade fraud available to anyone with minimal technical skill, fueling a surge in volume and sophistication.”
AI-powered security awareness training can empower your employees to thwart evolving social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Entrust has the story.
