According to a 2024 EDUCAUSE report, deepfakes are evolving into a direct cybersecurity threat because AI is enabling more sophisticated, believable and personalized attacks targeting specific people with access to money or sensitive systems.
Threat actors can now leverage AI to create advanced social engineering campaigns through cloned voices, deepfakes, tailored phishing attempts and automated large-scale attacks.
“The social engineering attempts that were easy to catch because they felt ‘off’ are now much harder to detect,” says Isaac Galvan, community program director of cybersecurity and privacy at EDUCAUSE.
Higher education institutions face a particularly difficult challenge because of their scale and openness. Large student populations, decentralized IT operations, collaborative research environments and widespread access to AI tools create multiple avenues for abuse.
Unlike more tightly controlled K–12 environments, universities operate as highly distributed ecosystems where students are not only potential victims but, in some cases, technically capable perpetrators themselves.
Practical Controls for Evolving Deepfakes
Galvan explains that because attackers can generate voices that are indistinguishable from the real thing, instituting procedures for verifying sensitive actions requested over voice communications is crucial.
DISCOVER: Continuous threat exposure management keeps higher ed protected.
“Establish out-of-band verification for password changes, money transfers and requests for access,” he says. “The threat isn’t limited to impersonating known people within the institution, like the CEO or president.”
Galvan explains that criminals can use AI tools to generate fake student identities to fraudulently enroll and collect financial aid, then disappear.
“The verification challenge in higher ed cuts both ways: You need processes that work when you don’t know who you’re dealing with, not just when someone claims to be your CEO,” he says.
Andras Cser, vice president and principal analyst at Forrester, says universities are adopting layered identity and authentication controls as AI-generated impersonation and voice cloning attacks become more common.
Institutions are combining traditional multifactor authentication technologies with more advanced identity verification and behavioral monitoring tools designed to detect fraudulent activity before attackers can gain access to systems or financial workflows.
Cser says many organizations are strengthening authentication through mobile app-based multifactor authentication, contextual authentication and centralized identity platforms — such as Microsoft Entra — and deploying dedicated deepfake detection technologies alongside physical identity verification platforms.
LEARN MORE: Artificial intelligence in higher ed introduces new risks.
“Behavioral biometrics and device reputation technologies are also becoming part of the defense strategy,” he says, adding universities are leveraging tools to identify anomalous behavior patterns and reduce the risk of AI-driven impersonation attacks.
Verification Culture and Awareness Training Teaches Users to Spot Impersonators
Ed Skoudis, president of the SANS Technology Institute, says universities need to focus first on building what he describes as a “verification culture” as AI-generated impersonation attacks become more sophisticated.
Rather than trusting voice messages, videos or emails at face value, Skoudis says, students, faculty and staff should be trained to confirm unusual requests through secondary communication channels.
“Don’t trust everything you see,” he says. “If something looks a little off, make a phone call to the person that you know or send them a text.”
He says higher education institutions should also incorporate deepfake awareness into student orientation and cybersecurity education programs.
