This attack has already happened in the wild apparently. I was speaking with a big company CISO a week ago who has just updated the runbook for their helpdesk to specifically introduce steps to mitigate it.
Apparently the state of the hack right now is attackers are only generally able to convincingly fake a short section of video (because they will have limited source material of the person they are spoofing) so will call say a helpdesk on zoom with the faked video playing and say they are experiencing connection issues so are turning the video off. From then onwards they just fake audio which is a lot easier.
The workaround/mitigation is for the service desk employee to insist at one or more random points in the call that the video has to go back on in order to do various additional authentication steps with video live. If the attacker has only built a short/shallow fake it will be very difficult for them to pass this.
Apparently the state of the hack right now is attackers are only generally able to convincingly fake a short section of video (because they will have limited source material of the person they are spoofing) so will call say a helpdesk on zoom with the faked video playing and say they are experiencing connection issues so are turning the video off. From then onwards they just fake audio which is a lot easier.
The workaround/mitigation is for the service desk employee to insist at one or more random points in the call that the video has to go back on in order to do various additional authentication steps with video live. If the attacker has only built a short/shallow fake it will be very difficult for them to pass this.