Unmasking Cybercrime Strengthening Digital Identity Verification against Deepfakes 2026

The risks arising from face swapping span multiple levels – individual, organizational and systemic – introducing the risk of both financial8 and reputational harm. • Individual level: Personal identities can be exploited through face-swapped media for fraudulent activities such as unauthorized account openings, illicit loan applications and non-consensual financial transactions.9 Furthermore, manipulated media can be weaponized to damage reputations by depicting individuals engaging in activities they did not undertake. • Organizational level: Corporations face heightened risks from face-swapping attacks, particularly in processes dependent on digital identity verification, such as recruitment and remote onboarding. Attackers may bypass know-your-customer (KYC) procedures, impersonate employees or executives to exfiltrate sensitive data, or deceive individuals into authorizing fraudulent wire transfers. The credibility of business operations and the reliability of digital infrastructure are directly threatened by such attacks. • Systemic and societal level: At broader scales, as trust forms the cornerstone of digital commerce and regulatory compliance, the proliferation of face-swapping attacks could undermine trust in digital ecosystems, erode public confidence in online transactions and enable large-scale data breaches, destabilizing foundational systems on which economies and societies rely.The risks posed by face swapping KYC verification is a critical process that organizations use to authenticate the identity of new customers and assess potential risks associated with them. KYC implementations commonly combine at least: • Document verification: collection and automated validation of government-issued identity documents (passport, ID card, driver’s licence) • Biometric verification: comparison of a live biometric sample (commonly a facial image or short video) against the identity documentNowadays, many organizations offer digital KYC processes, allowing customers to authenticate their identity online without physical presence. While digital KYC brings convenience, it also presents hidden risks10 as it creates more opportunities for attackers to enter an organization’s systems, particularly when identity verification relies solely on automated or unsupervised checks.11KYC and its inherent risks The main purpose of this research is to examine face- swapping attacks targeting KYC processes that rely on face verification systems. The study comprehensively evaluated the tactics, techniques and procedures (TTPs) employed by threat actors, as well as commonly used face-swapping tools. Looking beyond the present threat environment, this research provides a forward-looking threat analysis to predict potential developments in face-swapping attacks over the next one to three years. It offers recommendations to relevant stakeholders in strengthening defences against the misuse of face-swapping technologies. Additionally, the paper includes a set of actionable recommendations that organizations should consider and implement to safeguard against face- swapping attacks targeting KYC verification processes.Purpose and scope of this research Unmasking Cybercrime 5