The latest findings from NordStellar reveal that dark web discussions surrounding cybercrime as a service are trending upward in 2026. Deepfakes as a service is proving especially popular, with posts surging 39 percent in the first five months of 2026 — already surpassing the total volume recorded in 2025, and potentially giving cybercriminals new tools for “fake boss” scams.
According to data analyzed by NordStellar, discussions about deepfakes as a service (DFaaS) are growing the fastest. The rapid growth in popularity of deepfakes as a service is likely accelerated by advancements in generative AI, which help cybercriminals in two ways — by speeding up the creation of deepfakes and making them hyper-realistic.
Ultimately, this service lowers the barrier to entry for deepfake technology, enabling threat actors to deploy highly deceptive attacks at a larger scale, regardless of their personal technical skill set.
BEC Attacks
The growing popularity of DFaaS is a key concern for businesses. Cybercriminals can leverage deepfakes not only to target individuals with sophisticated social engineering but also to amplify business email compromise (BEC), otherwise commonly known as “fake boss” scams. In these attacks, bad actors impersonate vendors, colleagues, or executives to manipulate employees.
The FBI reports that business email compromise was the second costliest cybercrime of 2025, with company losses exceeding $3 billion. This marks an 11 percent increase over $2.7 billion reported in 2024.
The real-life case covered by the World Economic Forum involving engineering firm Arup highlights the stakes: An employee was tricked into transferring $25 million after attending a video call where all other participants were AI-generated deepfakes.
Deepfakes can be used to elevate business email compromise attacks to make them even harder to spot — instead of receiving fake payment instructions in an email, employees can now be targeted via highly realistic video and voice calls impersonating partners or managers asking them to transfer funds.
As AI tools grow more sophisticated, deepfakes are evolving rapidly. It is now easier than ever to create convincing video or audio that lacks the usual telltale signs of AI generation, making it extremely challenging for users to spot the deception — especially when a sense of urgency is involved.
Cybercriminals usually deploy these attacks to obtain fake payments or confidential documents or to infiltrate the company’s network to launch a larger-scale attack. Advanced BEC attacks usually involve gathering extensive intel on the target to ensure that the attack itself contains convincing details, is context-appropriate, and is delivered at the right time — for example, when the recipient is already waiting for an incoming invoice.
Defense Strategies in the Era of AI
A deepfake-resistant cybersecurity strategy should focus on two main areas — prevention and employee education. While companies can’t control whether cybercriminals target them, robust security measures can make advanced BEC attacks much harder to execute.
The more details and access attackers obtain, the easier it is for them to craft highly realistic, targeted attacks. Monitoring the dark web for leaked company information is a critical step in preventing cybercriminals from finding credentials to breach accounts or data to use as intel.
Educating employees on BEC attacks is also vital. Attackers take advantage of their targets by creating a sense of urgency. Even if employees are aware of cybercriminals’ tactics, slowing down to double-check a request that’s coming from a person of authority can be daunting to most, especially if deadlines are tight.
Efficiency shouldn’t come at the expense of possibly exposing the company to a cyberattack, and employees should feel safe and empowered to raise red flags when something is off, and take some time to inspect the request before diving headlong.
Additionally, having a robust cybersecurity strategy in place will help mitigate the aftermath of a BEC attack if threat actors succeed in tricking employees and gain access to the company’s network. Security measures like network segmentation and multi-factor authentication can help prevent attackers from moving laterally inside the network as well as prevent them from accessing resources.
