man deepfake-red-flags
Deepfake Red Flags
A focused guide to spotting AI-generated video and voice, and the scams that ride them.
$25.6M stolen in a single deepfake video call (Arup) (CNN / FT, 2024).
By the numbers
- $25.6M stolen in a single deepfake video call (Arup) (CNN / FT, 2024)
- 0.1% of people correctly spotted every deepfake in a test (iProov, 2025)
- $40B projected US AI-enabled fraud by 2027, from $12.3B in 2023 (Deloitte, 2024)
Signs the video or voice is synthetic
- Audio and video that drift. Lip-sync that lags, odd blinking, flat lighting, or a voice that sounds slightly off.
- Camera or mic problems on cue. They will not turn on a clear camera, or quality drops the moment you ask a hard question.
Requests that should make you stop
- Urgency on a live call. A senior leader on video pressing for an immediate, secret transfer or login.
- A request that skips process. Approve now, the usual approver is away, keep this between us.
- New payment details by voice or video. Bank or wallet changes pushed in a call, never entered in the system of record.
- Pressure not to verify. Discouraging a callback, a second approver, or an in-person check.
- Context that does not fit. An executive contacting you directly for something they would normally delegate.
Where deepfakes show up
- Live video calls with 'leadership'. An urgent meeting where a senior face asks you to pay or hand over access.
- Voice notes and phone calls. A cloned voice of a relative or a boss, usually inside a manufactured crisis.
- Investment and celebrity ads. A known figure 'endorsing' a platform or a giveaway in a polished clip.
Do and don't
Do
- Treat any urgent money or access request as unverified until you confirm it live.
- Call the real person back on a number you already have.
- Ask a question only the real person could answer.
- Confirm payments in your finance system of record, not over a call.
- Agree on a private code word with family and your finance team.
Don't
- Do not trust a face or a voice alone. Both can be faked from seconds of public media.
- Do not act on a transfer or login request made only over video or audio.
- Do not let 'keep this secret' or 'the approver is away' bypass your process.
- Do not assume a live camera proves the person is real.
The one move
The one move that beats a deepfake: hang up and verify on a channel you chose. Call the person back on a known number, confirm in your finance system, or check in person. A real executive will not punish a callback. An attacker cannot survive one.
If it happens
- Pause the request and end the call if you can.
- Verify with the real person on a channel you chose.
- If money already moved, call your bank to recall the wire immediately.
- Report it to ic3.gov and tell your security or finance team.
Go deeper
For the bigger picture, read what is social engineering and how to spot a phishing email. See these warning signs in real cases in the weekly briefings.
Frequently asked questions
// guides/deepfake-red-flags --helpWhat are the red flags of deepfake red flags?
Watch for audio and video that drift, camera or mic problems on cue, urgency on a live call, a request that skips process, plus any pressure to act fast, skip a check, or keep it secret.
What is the one move that stops it?
The one move that beats a deepfake: hang up and verify on a channel you chose. Call the person back on a known number, confirm in your finance system, or check in person. A real executive will not punish a callback. An attacker cannot survive one.
What should I do if it already happened?
Pause the request and end the call if you can. Verify with the real person on a channel you chose. If money already moved, call your bank to recall the wire immediately. Report it to ic3.gov and tell your security or finance team.