Unmasking Cybercrime Strengthening Digital Identity Verification against Deepfakes 2026

Flowchart of deepfake-based KYC attacks Document misuse or forgingStolen or AI-generated identity documents are prepared. Step 1Face swappingFace-swapping tools are used to generate high-quality face- swapped media (image or video) to match submitted documents. Step 2Camera feed substitutionCamera injection tools are used to feed synthetic video into live biometric checks. Step 3Device and network obfuscationFIGURE 2 Deepfake-based KYC attackHow the attack works: methodology and TTPs Deepfakes facilitate theft, money-laundering and the creation of fake financial services accounts. The principal objectives of deepfake-facilitated KYC attacks are to onboard accounts that are not legitimately controlled by the applicant for malicious purposes such as loan fraud, money laundering, payout collection or other forms of financial abuse. Their workflow typically encompasses: 1) stolen or AI-generated identity documents; 2) high- quality face swap media to match submitted documents; 3) camera injection tools that feed synthetic video into live biometric checks.12 The combined effect is scalable account creation that bypasses both document and biometric KYC controls and weakens device-based signals used for fraud detection.13Objective and flowchart of deepfake-based KYC attacks02 Source Cybercrime Atlas. Unmasking Cybercrime 6