Deepfakes, Phishing and CA’s Role in Strengthening Cyber Resilience

India Faces Rising Threat of AI-Powered Cybercrime: Deepfakes, Synthetic Fraud, and the Urgent Need for Preparedness

A recent survey conducted with nearly 1,800 security practitioners and business leaders across seven countries, including more than 200 from India, reveals a worrying trend: India is increasingly becoming a hotspot for sophisticated cyber-attacks fueled by artificial intelligence (AI). Daily reports of incidents highlight the growing scale of the problem—for instance, Nagpur alone reported 19 cases in a single day, raising alarm among citizens and businesses alike.

The convergence of rapid digital adoption, generative AI tools, and legacy system vulnerabilities is creating fertile ground for threats such as AI-powered phishing, deepfake impersonation, and synthetic fraud. In this article, we explore why India is highly exposed, how these threats are evolving, and what organizations and individuals must do to respond.

With nearly a billion internet users, India’s digital economy—from e-commerce to mobile banking to cloud-based business services—has grown rapidly. Cybercriminals see enormous opportunities in this expansive digital ecosystem. Generative AI enables the creation of hyper-realistic audio, video, and images that are nearly indistinguishable from authentic material. Fraudsters can now impersonate CEOs, CFOs, auditors, or government officials during virtual meetings or via video messages to manipulate employees into transferring funds or revealing confidential data.

In early reported cases, attackers used deepfake voices to mimic senior executives, authorizing fraudulent bank transfers worth millions. As AI technology becomes more accessible, these “synthetic frauds” are no longer limited to highly sophisticated cybercriminals—they are increasingly within the reach of smaller groups and individual actors.

Indian organizations are increasingly adopting generative AI tools, but many lack formal governance or robust security protocols around their usage. The frequency of digital financial transactions, widespread smartphone adoption, and growth of online shopping further expand the potential attack surface. Reports indicate that AI is being used to automate phishing campaigns, craft deepfake voices and videos, impersonate brands or individuals, and make attacks far more convincing.

AI-driven attacks are not only faster—they are smarter and more believable. For example:

• Attackers can leverage large datasets to craft highly personalized messages using names, recent events, and behavioral patterns, boosting click-through rates.

• Generative models can mimic a person’s voice (e.g., a CEO’s voicemail) or create realistic videos of trusted figures, facilitating social engineering.

• Fake websites, apps, and mobile interfaces can be quickly generated to mimic brands, government portals, or financial services, luring users into entering credentials or making payments.

• Enterprise AI systems can be targeted through poisoned data or exploited weaknesses, enabling misinformation campaigns or internal attacks.

The consequences are severe: financial losses, identity theft, voice-clone scams, emotional trauma, reputational damage, regulatory fines, and increased insurance premiums. Reports suggest many victims do not come forward. Companies impacted by deepfakes have reportedly seen average shareholder-value declines of around 27%.

Given the scale and complexity of these threats, responses must be layered and coordinated. Key measures include:

• Strengthening access controls, identity management, and least-privilege policies.

• Raising awareness beyond basic phishing—training employees to recognize deepfakes, AI-manipulated media, and voice scams.

• Continuous monitoring for unusual activity, including voice-auth anomalies, impersonation attempts, and prompt-injection attacks.

• Conducting table-top exercises, implementing cyber-insurance, and maintaining robust backup and recovery plans.

Currently, only a few organizations in India report high confidence in their cyber readiness. The threat landscape is evolving rapidly, and staying ahead requires continuous vigilance, investment, and adaptation.

As generative technologies become more sophisticated, the line between authentic and fabricated data continues to blur, posing existential risks to financial trust. The audit profession, in particular, stands at a crossroads: it must shift from reactive verification to proactive, AI-augmented assurance. By investing in advanced analytics, forensic innovation, and ethical governance, auditors can restore confidence in an era where even “evidence” may be artificially engineered.

The rising storm of AI-powered frauds is already on the horizon. Whether the financial world weathers it—or succumbs—will depend on how swiftly it adapts.