Deepfakes are a serious threat to our industry; but AI can help us fight back.
In my last blog article, I discussed how deepfake fraud is a growing threat in the real estate industry and what you can do to combat it in your workplace. This time, I thought it would be helpful to take a deeper dive into some of the latest AI tools on the market that may be able to assist in these efforts. Of course, careful consideration is warranted before implementing any new solution, and it’s important to consult with your IT and security team to ensure it aligns with your business needs and data security standards. With that said, let’s dig in!
What is deepfake fraud?
Deepfake fraud has exploded in recent years, with some reporting showing an increase of over 2,000%. Scammers are using AI-generated videos and voices to impersonate real people convincingly. To combat this technology, experts have developed cutting-edge tools and techniques to recognize and stop deepfakes.
What are people doing about it?
Here are some of the latest detection methods that your agency might consider to keep deepfake fraudsters at bay. Here’s how they work.
AI-powered detection tools are designed to analyze videos and images in real time to detect whether they have been manipulated. Just a couple promising tools include:
HONOR’s AI Deepfake Detection – Launching April 2025 HONOR’s deepfake solution can be thought of as a built-in lie detector for images and videos. The technology scans media in real time and alerts users if something seems fake. This could help businesses and individuals avoid being misled by AI-generated content.[i]
Reality Defender – Real-time Deepfake Detection for Video Calls In a world of constant video meetings, it has unfortunately become possible for someone to get on a call with you and pretend to be your boss or a family member by using deepfake technology. Reality Defender combats this type of fraud by scanning facial movements, voice patterns and subtle glitches in real time. If anything is flagged, the technology alerts the user so they don’t become victims of scams.[ii]
Lightweight AI models are another tool people are deploying to deal with the rise of deepfakes and other fraudulent activity. These AI detection tools offer unique advantages to users. For one thing, they require far less computing power than other models, but they are still capable of effectively detecting deepfakes. Let’s look at a specific example:
Tiny-LaDeDa – A mini AI model with 96% accuracy Unlike traditional AI models that suck up an inordinate amount of power, Tiny-LaDeDa can sniff out deepfakes even while running on smaller devices. Despite being lightweight, it still claims to detect 96% of deepfake videos out there by analyzing tiny details in the way faces and voices are generated.[iii]
Comprehensive benchmarking frameworks
Given that deepfake technology is always evolving, cybersecurity researchers are not resting on their laurels. The industry has been developing standardized testing platforms to improve detection tools and ensure that security solutions can keep up with even the most creative of fraudsters. Let’s take a peek at some of the most notable:
DF40 – A giant deepfake training library The DF40 library can be thought of like a gym for deepfake detectors. It contains thousands of deepfake samples created using 40 different AI techniques. Researchers can train and test tools against a wide variety of fake content, which enables them to get far better at spotting new ones as they come online.[iv]
DeepfakeBench – A fair testing ground As with many cybersecurity tools, not all deepfake detectors are created equal. Additionally, some detectors are good at spotting one type of fraud but perform poorly when dealing with another. DeepfakeBench seeks to remedy this by ensuring that every detection tool is tested under the same conditions. It is an important solution for those who want to compare different products and assess which ones are the most effective.[v]
Smarter deepfake detection techniques
Sometimes, deepfake detectors can cause more problems than they solve. For example, certain tools may focus too much on “fake-looking” elements instead of checking if a person’s identity is real by cross-referencing IDs against verified data or analyzing biometric consistency. Luckily, there are many researchers currently working hard to fix this problem:
Rebalanced Deepfake Detection Protocol (RDDP) RDDP improves deepfake detection by making sure tools don’t just look for obvious digital artifacts like weird lighting or blurry patches. This prevents hackers from bypassing detection by using better-quality deepfakes.[vi]
Government and military efforts
Governments are also stepping into the fight against deepfake fraud, especially because deepfakes can pose a considerable risk to national security and election integrity.
Defense Advanced Research Projects Agency (DARPA) DARPA is an agency within Defense Department that focuses on investigating emerging technologies. As part of that effort, it is investing in AI tools that go beyond simple detection and combat deepfakes on a forensic level. The agency sees this work as a critical piece of the puzzle in dealing with everything from misinformation and identity fraud to protecting against AI-generated impersonations.[vii]
Tools for real estate transactions
While deepfake technology is advancing, so too are the tools designed to prevent all types of fraud in real estate transactions.
SecureMyTransaction® from Alliant National SecureMyTransaction (SMT) leverages AI-driven facial recognition to verify identities by comparing ID photos with selfie images, helping ensure that parties involved in a transaction are legitimate. In addition, SMT helps verify bank accounts and business entities to add multiple layers of security. By integrating these advanced fraud prevention tools into the title and escrow workflow, SMT provides an important safeguard against deepfakes and other fraud tactics. Learn more atsecuremytransaction.com.
Final thoughts
Scammers are increasingly using AI-powered deepfakes to target real estate transaction stakeholders—which makes them a major threat to our industry. But thankfully, new detection technologies are pushing back on these ambitious criminals. For title agencies, it is imperative to understand how these solutions work and how they may enhance your cybersecurity posture. The threat landscape is always evolving, but by staying apprised of the most cutting-edge solutions out there, you can fight fraud and keep your agency moving forward.
Vendors carry unique risks; here’s how to address them
Remember the TV show The Weakest Link? Running from 2000 to 2012, the show enjoyed quite a bit of popularity back in the day. Host Anne Robinson’s catchphrase “You are the weakest link-goodbye!” even became part of the cultural lexicon for a moment in time. A business’s cybersecurity strategy will inevitably have its own weakest link. No matter how well designed it is, no system is invulnerable to attack. For many businesses, vendor relationships are the weakest link. There are numerous reasons for that, ranging from third-party data access to weak authentication methods. Let’s explore how you can fortify these relationships and ensure you and your favorite vendors never need to say “goodbye.”
Vendors: a beneficial but potentially risky relationship
A good vendor relationship can be highly beneficial, bringing cost savings, expertise and innovation that can translate into lasting competitive advantage. However, there is no question that vendors can introduce security risks for a business. One of the most significant is the potential for data leaks. If a vendor doesn’t have good security policies but has access to a business’s critical systems, that can be a potential attack vector for criminals.
But that’s just the tip of the iceberg. Vendors may use third-party tools with security gaps, rely on weak passwords, or fail to meet title industry security standards. Lastly, in the event of a security incident, a vendor may not have a dedicated incident response plan, which could lead to a disruption for your business.
Simple, straightforward security steps can help
While these risks are no doubt significant, there are a lot of simple steps you can take to make your vendor relationship more secure. The most important one is also the most obvious. Only give your vendor access to the systems and data they need to meet the conditions of your service agreement.
Beyond access control, there are several other precautions to take. It is wise to lay out cybersecurity roles, responsibilities and expectations at the start of any vendor engagement. Clear expectations help vendors handle your data responsibly, respond to incidents, and uphold security policies.
You and your vendor should also be on the same page on how you will respond if a security breach unfortunately does occur. Planning ahead can minimize disruptions and long-term damage to your business. Of course, all this hinges on first developing a trusting dynamic with your vendor. If you don’t communicate openly and transparently, it becomes much more difficult to collaborate on security goals and grow together.
Lastly, it is always a good idea to conduct regular security check-ins with your vendors. This is a good way to remain aware of the systems and data your vendor has access to. These meetings can also be a time to quickly and efficiently communicate any changes in your cybersecurity strategy.
The role of vendor security agreements (VSAs)
One of the best ways to make sure you are taking the precautions outlined above is by putting together a comprehensive vendor service agreement (VSA) at the beginning of a new vendor engagement. VSAs are a critical tool for managing security risks in third-party relationships, including data protection protocols, compliance and responsibilities in the event of a breach. Other provisions that are often included in a VSA encompass access controls, encryption requirements and multi-factor authentication (MFA) policies.
Additionally, a good VSA should include your agency’s incident response framework. If you’re considering developing a framework, detail how quickly a vendor must notify you of a security event and clearly list what steps they must take to help fix the issue. This can be an especially important provision. Data shows that the timeline from when an average vendor discovers a security problem to when they notify their client is often quite long. But it can be reduced when there is a contractual obligation to notify.[i]
Lastly, businesses should also explicitly define in their VSA how they want to approach periodic security audits for their vendors. It is perhaps the most effective strategy for ensuring alignment with evolving cybersecurity standards.
Toward an ever more productive and profitable partnership
It is a rotten feeling when a vendor causes a security incident, and you must deliver an Anne Robinson-style dismissal. With a little extra work, however, you can secure these relationships and help prevent security incidents before they start. When your vendor partnerships are safe, an even more productive and profitable dynamic becomes possible.
You know the value of practicing dental hygiene. The same is true for your cybersecurity!
Anyone who has been to the dentist knows the drill. You are in the middle of getting your cleaning, and your hygienist starts asking about your flossing habits and the toothbrush you use. This isn’t mere chit-chat but rather a way for your dentist to gauge your overall oral hygiene. Dentists know that keeping your teeth healthy requires more than an annual cleaning. It is a daily routine, involving consistent brushing, limiting your sugar intake, and replacing your toothbrush regularly.
While it may be tempting to take a “set it and forget it” approach to cybersecurity, resisting that impulse is crucial! Just like oral health requires daily maintenance, cybersecurity needs ongoing attention to prevent vulnerabilities from developing. In this blog, we’ll draw direct comparisons between the two to highlight the importance of good cyber hygiene.
MFA and Password Management = Daily Brushing and Flossing
Dentists will say that the first line of defense against dental problems is consistent, at-home brushing and flossing. Without a good routine in place, problems can quickly emerge. In the short term, this can include plaque build-up and gum inflammation. If neglect continues, tooth decay, cavities, chronic pain, and even systemic health issues can develop.
Weak password strategies and a lack of multi-factor authentication (MFA) often lead to similar outcomes for cybersecurity. Just like plaque builds up over time, the threat of phishing attacks or credential hacking increases without stringent protections. Eventually, the consequences can become severe, including stolen credentials, ransomware attacks, and operational disruptions. These issues can ultimately lead to reputational damage, economic fallout, and even legal penalties.
Just as brushing and flossing protect your teeth, using MFA and strong passwords can prevent cybersecurity issues before they arise.
Avoiding Suspicious Emails and Links = Reducing Sugary Food
Keeping your teeth pearly white also requires making smart choices, such as cutting back on sugar. When people indulge too much in sweet treats, it often leads to tooth decay and other issues like bad breath, gum disease, and even an increased risk of heart disease.
Similarly, failing to exercise caution with emails and links can expose your agency to cyber threats. A small lapse here and there may not seem like a big issue. But just as excessive sugar consumption eventually leads to cavities, frequent mistakes in identifying phishing attempts can quickly spiral into a security crisis.
The best way to prevent this is by changing the behaviors that create risk in the first place. Just like education on the dangers of sugar helps people make healthier dietary choices, cybersecurity training and vigilance can help your team operate more safely online.
Software and System Updates = Replacing Your Toothbrush
Good oral hygiene is not just about daily habits; it also depends on using the right tools. Experts routinely advise replacing your toothbrush every few months to maintain optimal dental health.
Like an old toothbrush that has lost its effectiveness, outdated security software may fail to detect emerging threats. Worse still, it can slow down your systems, hinder productivity, and even put your business at greater risk.
The lesson is clear: keeping your software up to date is just as critical for cybersecurity as keeping your toothbrush fresh is for dental health.
Good Hygiene: The Best Thing for Your Teeth and Your Tech!
Practicing cyber hygiene outside of an annual checkup is essential for the long-term health of both your technology stack and your business. Just as strong oral health depends on brushing, diet, and fresh tools, maintaining cybersecurity requires strong passwords, robust email security, and consistent software updates. Neglecting these steps can result in serious consequences—whether that be rotten teeth or IT system vulnerabilities. By taking these simple precautions, you can keep both your smile and your cybersecurity in top shape.
From Sci-Fi to Real Life: The Evolution of Deepfake Technology
Once upon a time, the idea of digitally swapping faces or creating hyper-realistic videos of people saying things they never actually said was confined to Hollywood blockbusters. Think of movies where actors were digitally de-aged or deceased celebrities made surprising cameos. However, in 2017, a new term hit the internet: “deepfake.” It was a blend of “deep learning” and “fake,” originally coined when a Reddit user used AI to swap celebrities’ faces in videos.
Since then, deepfake technology has evolved at warp speed. While some use it for harmless fun—like making historical figures “sing” pop songs—others have taken a more sinister route. Today, deepfakes are used in political disinformation, identity fraud, and cybercrime, including the more recent entrée into the fraudulent diversion of funds and properties in real estate transactions.
The Rise of Deepfake Fraud in Real Estate
Deepfake fraud has been making headlines in unexpected ways, and real estate is one of the latest industries to be hit. In the past two years, fraudsters have harnessed AI-powered deepfake technology to pose as property owners, financial executives, and even notary publics.
Take, for example, a case from 2023 where a scammer used a deepfake voice to impersonate a real estate attorney in a communication with a client. The unsuspecting buyer was convinced that he was talking to his legitimate attorney and wired a six-figure down payment—straight into the scammer’s account.
Another shocking case involved a fraudster using a deepfake video to pose as a property owner looking to sell a luxury home. The scammer managed to fool not only the buyer, but also the title company, leading to the fraudulent sale of a multimillion-dollar estate.
Of course, there was also the fraudulent attempt to force a foreclosure sale of Graceland, Elvis Presley’s home, which made headlines in 2024.
How to Combat Deepfake Fraud in Real Estate
With deepfake technology becoming more advanced, spotting fakes is harder than ever. But that doesn’t mean we’re powerless. Here are some strategies to avoid falling victim:
Double-Verify Identities Don’t rely solely on phone calls, video calls, or emails. Always confirm identities through multiple channels—such as in-person meetings, official documentation, and voice confirmation through previously established phone numbers.
Use Multi-Factor Authentication (MFA) When transferring funds or signing critical documents, consider requiring MFA. This adds an extra layer of security beyond just visual or voice verification.
Scrutinize Video Calls and Emails If something feels off—like unnatural blinking, delayed audio sync, or robotic speech patterns—be skeptical. Deepfake videos often have subtle imperfections that can give them away.
Conduct Due Diligence If a new client or seller suddenly appears with urgent demands, do your due diligence. Check property records, verify business affiliations, and ensure everything aligns with known facts.
Leverage AI Detection Tools Just as AI is being used to create deepfakes, it’s also being used to detect them. Some AI-driven tools analyze facial movements, voice anomalies, and inconsistencies in digital assets to help identify fraudulent activity. In the real estate sphere, SecureMyTransaction®, developed by Alliant National, applies AI facial-recognition technology to verify identity documents such as driver’s licenses and passports.
The Bottom Line
Deepfake technology is no longer a futuristic concern—it’s here, and it’s changing the way fraudsters operate. By staying vigilant and implementing multi-layered verification methods, you can ensure that your next property transaction doesn’t turn into a deepfake disaster.
See Alliant National’s most recent Title Tip, which was inspired by a real-life attempt to commit wire fraud using deepfake technology.
Like many people, I often find myself in a reflective mood at the start of the new year. The days are getting longer, and the prospect of renewal is in the air. One area that I naturally like to focus on during this period is cybersecurity. As someone who has been in this field for a long time, I know that achieving success and keeping fraudsters at bay requires constant vigilance, as well as a dedication to continual improvement of your cybersecurity strategy. Let’s discuss some resolutions you can make for the new year. Hopefully, you’ll find them helpful for strengthening your own security posture in the months ahead.
Resolution #1: Protect your emails
Reacclimating to work after the holidays can make reviewing your cybersecurity posture feel even more overwhelming. Focusing on specific cybersecurity vulnerabilities, however, can make the project much more manageable. Of all the ways that criminals can attack your agency, email is one of the most common. Phishing and business email compromise are two particularly insidious schemes that have long threatened the title insurance industry. A good starting resolution for 2025 is to ensure your organization’s email communications are secured.
Resolution #2: Don’t wait to deploy multi-factor authentication
In one of my most recent blogs, I wrote about the importance of multi-factor authentication (MFA) and how these technologies are becoming ever easier to manage and deploy. Modern MFA technologies offer invaluable benefits for title agencies, enhancing digital security without compromising productivity. This blog provides helpful insights into how MFA can support your agency’s operations while keeping threats at bay. At Alliant National, we have embraced MFA technology across our operations, and other industry professionals may find it worthwhile to integrate it into their security suite as a valuable enhancement.
Resolution #3: Implement Zero Trust architecture
U.S. President Ronald Reagan once famously said, “Trust, but verify.” While this was perhaps good advice for Cold War relations, when it comes to digital security, you must never trust and always verify. One of the best ways to do this is with Zero Trust architecture. Zero Trust protects sensitive client information by making sure access is restricted only to those who truly need it. On top of that, Zero Trust is essential for compliance, which is a big benefit for a heavily regulated industry like title insurance. It is for these reasons that Zero Trust architecture is an important resolution for any title agency to adopt in 2025.
Resolution #4: Automate your backups
Sometimes, despite our best efforts, a catastrophic cyber event will still occur. When that happens, you want to be sure that your most important files, data and systems can be recovered and restored as fast as possible. Establishing reliable and effective backup procedures ensures your organization can bounce back quickly. They minimize downtime, prevent data loss and maintain customer trust. Leveraging a multi-tiered backup strategy that combines on-premise servers and secure cloud environments is the best way to make sure your bases are covered. With this approach, you can turn a potential disaster into a manageable situation, making automated backups a valuable addition to your resolution list.
Resolution #5: Consider your contingencies
Given the risks, it is never a bad idea to invest in additional protections for your agency and clients. One of the best ways to do this is by considering a fraud prevention tool like Alliant National’s own SecureMyTransaction, which vets transaction stakeholder ID documents with cutting-edge AI technology. Another strategy would involve obtaining cyber insurance to protect yourself from breaches and advanced cyberattacks like ransomware. Each provides critical safeguards for your agency’s operations, allowing you to focus on ensuring transactions go off without a hitch.
Make your resolutions count in 2025
They say the best laid plans of mice and men often go awry, and despite our best efforts, the promises we make at the beginning of the year can quickly fall by the wayside. Thankfully, resolutions are a bit easier to stick to if they involve cybersecurity, as the consequences of not doing so can be severe. I hope these resolutions can provide you with some good guidance for setting cybersecurity priorities for your own organization. When your security strategy is well-organized, you can operate more effectively on behalf of your clients and strengthen your market position in the process.
