WhiteMail
ブログに戻る
·WhiteMail Security Team#trends#deepfake#social-engineering

Trend — deepfakes and multichannel social engineering: email no longer arrives alone

A clear trend over the past months: high-value social engineering is no longer a single email. It is a coordinated sequence across channels, increasingly with AI-generated audio and video stitched in.

What the multichannel attack looks like

The email still tends to be the anchor, but it now comes with reinforcement:

  • An email arrives requesting an urgent transfer or a sensitive change.
  • A phone call follows — sometimes in a cloned voice of the executive named in the email — confirming "yes, please go ahead."
  • A chat message (SMS, or a messaging app) nudges again, adding time pressure.
  • In the most elaborate cases, a video call with a synthetic likeness of a known leader.

Each channel lends credibility to the others. The email feels real because the call confirmed it; the call feels real because it referenced the email. Trust is not borrowed from one source — it is synthesized across several.

Why this beats traditional defenses

Most controls are scoped to one channel. The email gateway never hears the phone call. The phone system never sees the email. The human in the middle experiences a single, coherent, multi-touch story — exactly the experience the controls are blind to.

AI lowered the cost of the convincing pieces. Cloning a voice from a few seconds of public audio, or generating a passable video likeness, is no longer exotic. The bottleneck used to be production effort; it is now mostly orchestration.

What you can do

  • Anchor verification to a process, not a channel. High-impact actions (payments, credential resets, banking changes) should require confirmation through a pre-agreed path, regardless of how many channels are "confirming" the request.
  • Treat voice and video as spoofable. A familiar voice or face is no longer proof of identity. Urgency plus a perfect likeness is a reason for more caution, not less.
  • Make it culturally safe to pause and verify an executive request. The attack depends on people being too rushed, or too deferential, to check.

The email is still where the paper trail begins, and reading its intent in context is still the highest-leverage point to break the chain. That is the part WhiteMail focuses on — investigating the message before the rest of the sequence can do its work.


Have the email half of one of these? Paste it into the Analyze console and see what its intent looks like in isolation.