October is Cybersecurity Awareness Month (CAM). GuidePoint Security is proud to join the national effort, championed by the US National Cybersecurity Alliance (NCA) in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA), to amplify essential cybersecurity practices under the 2025 themes: Stay Safe Online and Building a Cyber Strong America.

Artificial Intelligence (AI) has given rise to a wave of highly sophisticated cyber threats, including deepfakes. These realistic synthetic media recordings manipulate faces, voices, or bodies, enabling threat actors to impersonate individuals with alarming accuracy. Deepfakes are frequently employed in fraud, social engineering, or other attacks that can compromise personal accounts, organizational systems, and reputations. A well-executed deepfake can even result in financial loss, wider security breaches, or reputational damage.

So how do attackers create deepfakes? The answer is surprisingly simple: they leverage the content we freely share online—photos, videos, and even personal writing styles from social media, blogs, and other public sources. The more we reveal, the easier it becomes for attackers to generate convincing deepfakes.

Protecting yourself isn’t about leaving the digital world behind; it’s about being mindful of what you share and reducing the material that could be used to impersonate you or your organization.

Are you at risk of being the target of a deepfake attack?

See if you answer “yes” to any of these 10 online habits that can make you vulnerable to deepfakes and learn practical tips for balancing your online presence with security:

1. Do you tend to overshare personal photos?

The digital age lets us stay in touch like never before. Sending pictures of your adventures to friends and family over social media seems fun and harmless. And it can be—when done wisely. Sharing photos with people you don’t know, or posting them publicly on your social media page or in public groups, can increase your risk.

The Risk: Every photo you post online is potential raw material for deepfake creators. The more angles and expressions you share, the easier it is to train a realistic synthetic model. Even casual selfies can be pieced together to create convincing fake media.

Pro Tip: Choose where you share your photos wisely, and use privacy settings to avoid oversharing.

2. Do you love to post videos and live streams?

With all the social media platforms that encourage reels and livestreams, one might be inclined to believe that it’s a harmless way to have fun. However, one clear video is enough for a threat actor to create a convincing video that places you anywhere, doing and saying whatever they want.

The Risk: Videos provide attackers with motion, expression, and voice data all in one. Live streams are especially valuable because they capture your natural movements and speech patterns. The more publicly accessible your videos are, the easier it is for someone to replicate you convincingly.

Pro Tip: The same rule applies here as with photos. Limit public video content to friends and family. You can share your adventures! Just be sure you know who is watching.

3. Do you let social platforms decide privacy for you?

Social media platforms get paid based on views and clicks. The more open the content on their site, the more money they make. Their default privacy settings typically lack the security best practices that help keep you safe. If you don’t choose who sees what, you’re opening yourself up to greater risk.

The Risk: Open social media profiles make it simple for attackers to collect data quickly. Publicly visible posts, friends lists, and tagged photos allow someone to build a detailed profile without your knowledge. This information can feed deepfake algorithms and make impersonations more believable.

Pro Tip: Regularly audit privacy settings on social platforms and use the “view as” features to see what information is publicly visible. Share content only with trusted contacts.

4. Is voice text your go-to?

Mobile devices and social apps make it quick and convenient to send a voice text instead of typing. But those short, casual messages can be a goldmine for threat actors looking to build deepfake audio for vishing or impersonation attacks. Once your voice is out there, it’s easy to replicate.

The Risk: Voice messages provide deepfake algorithms with the exact audio patterns they need to mimic your speech. Even a few seconds of recorded conversation can produce convincing fake messages. The more voice content you share, the greater your exposure to potential misuse.

Pro Tip: Whenever possible, type your messages or use voice-to-text instead of recording and sending voice clips. If you must share voice messages, send them securely over encrypted channels.

5. Do callers receive a friendly, personalized voicemail message?

Times change, and so do best practices. Many of us have spent time recording the perfect voicemail greeting, making sure callers know we’ll get back to them soon. But what used to feel polished and personal now provides attackers with a clean, high-quality sample of your voice that can be used to generate deepfake audio.

The Risk: A personalized greeting gives threat actors exactly what they need: clear, isolated speech. With just a few seconds of audio, they can synthesize your voice and use it to leave fake messages or authorize fraudulent requests. Even a friendly “Sorry I missed your call” can become raw material for a convincing scam.

Pro Tip: Use your phone’s default, system-generated greeting instead of a personal one. Automated messages that simply read your number or name leave nothing for attackers to copy.

6. Is your digital footprint full of breadcrumbs?

Every social media platform you use leaves behind pieces of your identity. Your photos, videos, bios, and interactions collectively paint a detailed picture of who you are. When these accounts are connected, they create a clear trail for attackers to follow. Those digital breadcrumbs make it far easier to build convincing deepfakes or impersonations.

The Risk: Connecting your accounts across platforms makes it easier for attackers to correlate data. They can pull images, posts, and videos from multiple sources to create a more accurate deepfake. Cross-platform data increases both the quality and credibility of synthetic content.

Pro Tip: Avoid linking unnecessary accounts and limit how much personal information overlaps between platforms. Consider using pseudonyms or separate accounts for different areas of your life: personal, professional, and social.

Bonus Tip: Be sure to pop your name into your favorite search engine occasionally to see what comes up. You’d be surprised how many breadcrumbs the crawlers create without your realization.

7. Are you always up for the latest viral challenge?

Jumping on the latest online challenge or viral trend can be fun, and it’s a quick way to gather likes and comments. But many of these trends require selfies, videos, or filters that capture your face from multiple angles. What feels like harmless participation can actually provide attackers with high-quality footage. You never know… these challenges could even be initiated by threat actor groups.

The Risk: Viral challenges and online trends often require videos or selfies that expose identifiable features. Attackers can harvest this content to build realistic deepfakes or impersonations. The more publicly available video content you share, the easier it is to misuse.

Pro Tip: Participate cautiously and skip trends that require close-up facial videos or voice recordings. If you want to join in, consider creative alternatives that don’t expose identifiable features, or share sparingly on your friends and family accounts.

8. Do you reuse passwords across your social accounts?

It’s tempting to use the same password everywhere, especially when you’re juggling multiple logins. But that convenience can come at a steep cost. If one account is compromised, attackers can often access the rest, giving them a direct path to your photos, videos, and private messages.

The Risk: Weak or reused passwords make it easy for attackers to breach multiple accounts at once. Once inside, it doesn’t matter how locked down your security settings are or how protected you kept you data. They can collect personal content and build realistic deepfakes before you even realize you were breached. Poor password hygiene makes it far easier for threat actors to operate undetected.

Pro Tip: Use strong, unique passwords for every account and enable multi-factor authentication (MFA) wherever possible. A password manager can make this simple, and it will help you stay one step ahead of would-be impersonators.

9. Is your ‘About Me’ section fully detailed?

Deepfakes aren’t just about mimicking your face, voice, or gestures; they also thrive on context. Every small detail you share online can be used to make a fake message or video seem more believable. From hobbies to work history to favorite pizza toppings, those seemingly harmless tidbits you share online help attackers craft convincing scenarios that could even fool your best friend.

The Risk: Sharing details like birthdays, anniversaries, work history, or even tattoos and pet names can make deepfakes more convincing. Attackers can use this information to enrich the social engineering aspects of their attacks. Even minor personal details can increase trust in fraudulent messages or media, making it easier to manipulate or deceive others.

Pro Tip: Limit sharing sensitive information publicly. Be selective about what personal details appear in bios, profiles, or “About Me” sections, and consider what an attacker could do with each piece of data.

Bonus Tip: Never answer viral “about me” public posts and quizzes. You might think it’s fun to share the details of your first concert, your favorite flavor of ice cream, or the name of your first love in an online quiz, but that could be the one detail that stands between a hacker’s success and failure.

10. Do you automatically trust apps when they ask for access?

Many apps request permissions to your camera, microphone, location, contacts, and more. While it may seem harmless, most apps don’t need full access to function properly. If a hacker compromises your device, those overly broad permissions can be exploited to record your face and voice, track your movements, and identify people connected to you. Not only can they create a deepfake using your likeness, they can target those you know, making their job that much easier.

The Risk: Apps that request camera, microphone, or storage access can collect high-quality media without your knowledge. Malicious or poorly secured platforms may store or share this data with third parties. Any unnecessary access increases the likelihood that your likeness could be misused.

Pro Tip: Regularly review app permissions and grant access only to trusted apps. Limit microphone, camera, location, and contact access to “Only while using the app,” and enable multi-factor authentication (MFA) to ensure secure access each time. Additionally, remove old or unused apps to reduce your exposure.

Check Your Answers

This isn’t a test meant to rank or shame. It’s a reflection tool to help you understand where your digital footprint might be vulnerable.

If you answered “Yes” to one or more questions: Take it as an opportunity to secure yourself. Review your privacy settings, strengthen passwords, limit app permissions, and carefully choose what personal or professional information you share online. Each small step reduces the material available for deepfake attacks. This protects both you and your organization.

If you didn’t answer “Yes” to any questions: Congratulations! You already have good digital habits! But remember, vigilance is key. Threats evolve, and staying aware of new risks is critical to keeping your digital presence and your organization safe.

Take Action: Strengthen Your Cyber Resilience in an AI-Driven World

The rise of AI has accelerated the sophistication of threats, including deepfakes, identity-based attacks, and social engineering. While cybersecurity awareness is each person’s responsibility, organizations must adapt quickly to protect both employees and critical assets from AI-driven risks.

GuidePoint Security’s recent webinar, The Brick House: Strengthening Cyber Resilience, offers actionable strategies for navigating this evolving landscape. Learn how to fortify your security posture, implement best practices, and prepare your organization to withstand advanced AI-enabled attacks.

Don’t wait for a threat to become a crisis. Arm yourself with the knowledge and tools to stay ahead in the AI-driven era.

This October, take a moment to reflect: Are you and your employees practicing the Core 4 every day? Small steps, done consistently, can stop big threats. Cybersecurity is everyone’s job, and together, we can all do our part to stay safe online.