'Deepfake as a service' sees 39% rise in dark web conversations, and experts fear it will fuel next wave of 'fake boss' scams

NordStellar found 924 dark web posts about deepfakes as a service (DFaaS) between January and May 2026, a 39% year-over-year increase.
Growing interest driven by advances in generative AI, which enable hyper-realistic “fake boss” scams and lower barriers for attackers.
Experts urge prevention by educating employees and monitoring leaked company data to reduce the risk of targeted deepfake attacks.

Criminal interest in deepfakes as a service (DFaaS) is growing, and the cybersecurity community is concerned it could fuel the next wave of “fake boss” scams.

This is according to a new report from threat exposure management platform, NordStellar. Analyzing discussions on the dark web, researchers found that between January and May of this year, there were 924 posts about DFaaS, up 39% compared to the same period last year, when there were 663 similar posts.

“The rapid growth in popularity of deepfakes as a service is likely to be accelerated by advances in generative AI, which help cybercriminals in two ways: by speeding up the creation of deepfakes and by making them hyper-realistic,” says Vakaris Noreika, cybersecurity expert at NordStellar. “Ultimately, this service lowers the barrier to entry for deepfake technology, allowing threat actors to deploy highly deceptive attacks on a larger scale, regardless of their personal technical skills.”

How to defend against convincing deepfake attacks?

Experts worry that the growing interest could lead to more “fake boss” scams that would also be even harder to detect. Business Email Compromise (BEC), a “fake boss” scam that primarily uses written emails, has been among the criminal world’s most lucrative tactics for years. According to the FBI, BEC was the second most costly tactic last year, with losses for companies exceeding $3 billion (an increase of 11% compared to 2024).

Defending yourself against very convincing deepfake images and videos may not be easy, but it is certainly not impossible. Noreika suggests that companies should focus on prevention and educating employees, since they cannot control whether criminals target them or not.

“The more details and access attackers get, the easier it will be for them to design highly realistic, targeted attacks,” says Noreika. “Monitoring the dark web for leaked business information is a critical step in preventing cybercriminals from finding credentials to breach accounts or data to use as information.”