Home / Learn / Deepfake video calls
Field note · Everyday AI
Published July 4, 2026 · Vita Indarra
Short answer: a live video call used to be the gold standard of "it's really them." It isn't anymore. Real-time face and voice swaps run on ordinary hardware, and criminals have already used them to fake entire meetings. The visual tricks (profile turns, a hand in front of the face) still catch weak fakes — but they're eroding. The defense that doesn't expire is out-of-band verification: hang up and call back on a number you already have, use a pre-agreed code word, and never move money or secrets on the strength of any single live call.
For a decade, the advice for "is this message really from my boss / my bank / my daughter?" ended the same way: get them on a video call. Text can be spoofed, email can be hacked, a voice can be cloned — but if you can see them talking, that settled it.
That advice quietly expired. The same family of tools that generates convincing fake photos now runs in real time: a scammer's face and voice replaced, frame by frame, with someone you trust, while they improvise answers live. This isn't a lab demo. It's commodity software, and it has already been pointed at ordinary families and mid-sized companies — one industry analysis of 2026 fraud puts deepfakes at roughly one in ten fraud attempts, and a widely cited forecast has a third of enterprises abandoning face-and-voice verification as unreliable on its own.
In early 2024, a finance employee at Arup — the global engineering firm behind the Sydney Opera House — got an email about a confidential transaction. Suspicious, he did the careful thing: he asked for a video call. The call happened. The chief financial officer was there. Colleagues he recognized were there. Reassured, he authorized fifteen transfers totaling about HK$200 million — roughly US$25 million.
Every other person on that call was a deepfake.
Read that case the way an engineer would: the victim wasn't lazy or gullible. He escalated to what he believed was the strongest verification available — and the fraud was built to pass exactly that check. When the check you trust most is the one the attacker controls, more caution inside the same channel doesn't help. You have to leave the channel.
Weaker real-time fakes still break in visible ways. If you're suspicious mid-call, you can ask for things live models handle badly:
Two honest caveats. First, every one of these tells is eroding — each generation of tools handles occlusion and angles better, and a check that works in July may be beaten by December. Second, a calm scammer simply deflects: "my camera's glitchy, let's keep this quick." The tricks are a bonus layer. They are never the verdict — the same lesson as spotting AI photos: your eyes are in an arms race they will eventually lose.
The way out isn't better fake-spotting. It's refusing to let any single live channel — however real it looks — authorize anything that matters.
Notice the shape of all four: they move trust from the channel to a procedure the attacker can't be inside of. That's the whole trick. Urgency plus secrecy plus a single channel is the anatomy of this fraud; break any one of the three and it dies.
Don't go quiet out of embarrassment — speed matters more than dignity here. Contact your bank immediately (transfers can sometimes be recalled in the first hours), report to your local fraud authority (in the US, the FTC and IC3), and tell the real person whose face was used. Being targeted by a fake built to beat your best check isn't a failure of intelligence. Acting alone, inside the channel, is the only part you control.
Yes — real-time face and voice swap is commodity software now, and it has been used in live multi-person meetings, most famously the 2024 Arup case (~US$25M).
Against weaker fakes, sometimes. They're eroding with every tool generation, and a scammer can deflect the request. Use them as a bonus check, never the decision.
Leave the channel: call back on a number you already have, require a pre-agreed code word, and never let one live call authorize money or credentials.
One rule: payments and payment-detail changes need a second, independent confirmation — a callback or a second approver. It works even when the fake is undetectable.
Go deeper
The callback rule, the code word, and the anatomy of machine-made deception — with the real, dated cases including Arup and the voice-clone kidnapping testimony — are from Don't Trust the Robot: the everyday reader's survival guide to AI you can't take at its word. No jargon, no doom — the habits that hold even as the fakes improve. Live on Amazon.