‘Deepfake as a service’ sees 39% rise in dark web conversations – and experts fear it will fuel next wave of ‘fake boss’ scams

NordStellar found 924 deepfakes-as-a-service (DFaaS) dark web posts January-May 2026, up 39% year-over-year
Growing interest driven by generative AI advances enabling hyper-realistic “fake boss” scams and lowering barriers for attackers
Experts call for prevention through employee training and monitoring of leaked corporate data to reduce the risk of targeted deepfake attacks

Interest in deepfakes-as-a-service (DFaaS) among criminals is growing, and the cybersecurity community is concerned that it could fuel the next wave of “fake boss” scams.

This is according to a new report from threat exposure management platform, NordStellar. Analyzing discussions on the dark web, the researchers found that between January and May of this year, there were 924 posts about DFaaS, a 39% increase over the same period last year, when there were 663 similar posts.

“The rapid growth in popularity of deepfakes as a service is likely accelerated by advances in generative AI, which helps cybercriminals in two ways – by speeding up the creation of deepfakes and making them hyper-realistic,” said Vakaris Noreika, cybersecurity expert at NordStellar. “Ultimately, this service lowers the barrier to access to deepfake technology, enabling threat actors to deploy highly deceptive attacks at scale, regardless of their personal technical skills.”

How to defend against convincing deepfake attacks?

Experts are concerned that the increased interest could result in more “fake boss” scams, which would then be even harder to spot. Business Email Compromise (BEC), a “fake boss” scam that primarily uses written emails, has for years been among the most lucrative tactics in the criminal underworld. According to the FBI, BEC was the second costliest tactic last year, costing companies over $3 billion (up 11% from 2024).

Defending against highly convincing deepfake photos and videos may not be easy, but it’s certainly not impossible. Noreika suggests that companies should focus on prevention and employee training, since they cannot control whether or not bad guys attack them.

“The more detail and access attackers get, the easier it is for them to make very realistic, targeted attacks,” says Noreika. “Monitoring the dark web for leaked corporate information is a critical step in preventing cybercriminals from finding credentials to breach accounts or data to use as intelligence.”