- NordStellar found 924 dark‑web posts about deepfakes‑as‑a‑service (DFaaS) Jan–May 2026, up 39% year‑on‑year
- Rising interest driven by generative AI advances, enabling hyper‑realistic “fake boss” scams and lowering barriers for attackers
- Experts urge prevention through employee education and monitoring for leaked company data to reduce risk of targeted deepfake attacks
The interest in deepfakes-as-a-service (DFaaS) among criminals is growing, and the cybersecurity community is worried it might fuel the next wave of “fake boss” scams.
This is according to a new report from threat exposure management platform, NordStellar. Analyzing discussions on the dark web, the researchers found that between January and May this year, there were 924 posts about DFaaS, up 39% compared to the same period last year, when there were 663 similar posts.
“The rapid growth in popularity of deepfakes as a service is likely accelerated by advancements in generative AI, which help cybercriminals in two ways — by speeding up the creation of deepfakes and making them hyper-realistic,” says Vakaris Noreika, cybersecurity expert at NordStellar. “Ultimately, this service lowers the barrier to entry for deepfake technology, enabling threat actors to deploy highly deceptive attacks at a larger scale, regardless of their personal technical skill set.”
How to defend against convincing deepfake attacks?
Experts are worried the rising interest might result in more “fake boss” scams which, at that, would be even more difficult to spot. Business Email Compromise (BEC), a “fake boss” scam that primarily uses written emails, has for years been among the most lucrative tactics in the criminal underworld. According to the FBI, BEC was the second costliest tactic last year, with company losses exceeding $3 billion (up 11% compared to 2024).
Defending against highly convincing deepfake images and videos might not be easy, but it certainly isn’t…
