Deepfake identity attacks are surging, and IAM teams need to respond

TL;DR: Injection attacks targeting iOS devices surged 1,151% in the second half of 2025, deepfake incidents hit executive video calls, and Southeast Asia saw a 720% spike in Q3 2025 as AI-driven impersonation industrialized across enterprise workflows, according to iProov. Identity programmes now need continuous presence verification, not static assurance checks.

NHIMG editorial — based on content published by iProov: 2026 Threat Intelligence Report on industrialized AI deception and identity verification attacks

By the numbers:

• Deepfake attacks targeting executives have affected 41% of organizations.
• 37% of cybersecurity leaders have encountered deepfake incidents during video calls.
• Southeast Asia experienced a 720% spike in attacks in Q3 2025.

Questions worth separating out

Q: How should security teams handle deepfake risk in identity verification workflows?

A: Security teams should treat deepfake risk as a verification design problem, not just a fraud exception.

Q: Why do deepfakes matter to IAM programmes if authentication already works?

A: Deepfakes matter because authentication can succeed while identity trust is still false.

Q: How do organisations know if identity verification is actually working against AI deception?

A: Look for controls that can challenge the identity claim repeatedly during the session, not only at the start.

Practitioner guidance

• Add continuous presence checks for high-risk interactions Require a second, independent verification step for video-based approvals, sensitive account changes, and payment authorisations.
• Segment identity assurance by transaction risk Do not apply the same verification depth to every workflow.
• Rehearse fraud response across identity, fraud, and IAM teams Build playbooks for suspected deepfake incidents that include account lockdown, approval reversal, evidentiary capture, and communications handling.

What's in the full report

iProov's full report covers the operational detail this post intentionally leaves for the source:

• Live threat intelligence methodology from the iProov Security Operations Center and how it detects emerging attack patterns
• The report's regional breakdowns of identity fraud activity, including where attack techniques are being tested first
• Examples of biometric and video verification failure modes that practitioners can map to their own workflows
• Standards alignment details for NIST SP 800-63-4, CEN/TS 18099, and FIDO Face Verification Certification

👉 Read iProov's 2026 Threat Intelligence Report on AI-driven identity deception →

Deepfake identity attacks are surging, and IAM teams need to respond?

Explore further

View Full Forum →  |  NHI Foundation Course →