Picture this: your phone rings, and it’s a video call from your daughter. She’s crying. She says she’s been in an accident, she’s at a police station in another city, and she needs $2,000 wired immediately before officers take her phone away. You can see her face. You can hear her voice breaking. You send the money. Minutes later, your actual daughter calls, confused about a payment request she never sent. This isn’t a hypothetical anymore. It’s a real, documented pattern playing out across the US, UK, Canada, and Australia right now, and it’s built entirely on AI voice and video cloning.
The old advice for spotting a scam, watch for bad grammar, listen for a robotic voice, doesn’t work anymore. Generative AI now writes flawless, persuasive messages in any language and can clone a convincing voice from as little as three to thirty seconds of audio, pulled from a social media video, a voicemail greeting, or a podcast appearance you forgot you ever recorded. Deepfake-as-a-service platforms now rent out this entire pipeline for under $20 a month, no technical skill required. Here’s a practical, step-by-step guide to protecting yourself and the people around you.
How These Scams Actually Work
Nearly every version of this scam follows the same basic lifecycle:
- Sample collection — a scammer harvests a few seconds of your voice or a clear photo of your face from something public: a LinkedIn video, an Instagram story, a work webinar recording, or even a voicemail greeting.
- Cloning — that sample gets fed into a generative AI tool that produces a synthetic voice or video convincing enough to fool someone who knows you.
- The urgent contact — you receive a call, voice note, or video call built around a plausible, emotionally charged scenario: a relative in trouble, a “CEO” authorizing an emergency transfer, a vendor asking to update payment details.
- Manufactured urgency — the entire interaction is designed to make you act before you’ve had time to think it through. This is the single most important thing to recognize: scammers aren’t really hacking your technology, they’re hacking your attention and your instinct to help someone you love.
- Extraction — money gets wired, a gift card code gets read aloud, or login credentials get “verified” over the phone, before anyone has a chance to confirm the request was real.
Warning Signs to Listen and Watch For
No detection method is perfect, human detection rates for high-quality deepfake video were measured at under 25% in one recent industry study, so don’t rely on your ear or eye alone. Still, current-generation fakes do leave some detectable traces:
On a voice call, listen for:
- A flat, unusually even tone with no natural breathing or pauses
- Slightly off pacing or phrasing that doesn’t quite match how the person normally talks
- Audio that sounds “too clean,” without the background noise you’d expect from a real phone call
On a video call, watch for:
- Lip movements that don’t perfectly match the words being spoken
- Unnatural blinking, a frozen expression, or skin that looks a little too smooth
- A background that stays completely static even as the person or camera moves
- Lighting on the face that doesn’t quite match the lighting in the rest of the room
The Single Best Defense: Verification, Not Detection
Trying to spot a fake in the moment is unreliable, especially under emotional pressure. The far more effective defense is having a verification habit in place before you ever get a suspicious call.
Set up a family or team “safe word.” Agree on a specific word or phrase with close family members or key colleagues, one that’s never written in a text, email, or shared on social media. If anyone calls with an urgent request, ask for the safe word before doing anything else. A cloned voice can repeat what it’s told to say, but it can’t produce a word it was never trained on.
Never trust the callback button. If a call feels off, don’t hit “redial.” Manually look up the person’s number from your own contacts and call them back directly, or reach out to someone else who’d likely be with them. Scammers can spoof caller ID and route a callback straight back to themselves.
Ask something only the real person would know. This is one of the most effective real-world defenses on record. In one widely reported 2024 case, scammers cloned the voice of a well-known company CEO and called a senior executive over WhatsApp, pushing an urgent “confidential acquisition.” The executive simply asked the caller to name a book the real CEO had recently recommended to him. The scammer had no answer, and hung up. AI can mimic a voice; it can’t improvise a shared memory.
Verify through a second channel, always. If someone asks for money, a password, or a login “verification” over a call or video, confirm it through a completely separate channel, a text to a known number, an email, or an in-person check, before acting. Legitimate requests can always survive a short delay for confirmation. Urgent, one-channel-only requests are the biggest red flag of all.
Shrink Your Digital Voice-and-Face Footprint
AI can’t clone what it can’t find. You don’t need to disappear from the internet, but a few deliberate habits meaningfully raise the cost and effort required for someone trying to clone you:
- Review privacy settings on videos and voice notes posted to social media, and avoid leaving unnecessary public voicemail greetings on business listings.
- Be mindful of podcast appearances, webinar recordings, and conference talks that stay publicly archived indefinitely.
- Use unique email aliases for different accounts where possible, so a single leaked email address can’t be used to tie your identity together across multiple platforms.
Red Flags in the Request Itself
Regardless of how convincing the voice or video sounds, pay close attention to what’s actually being asked:
- Untraceable payment methods. Gift cards, wire transfers, and cryptocurrency are the hallmark of a scam, precisely because they’re nearly impossible to reverse once sent. Legitimate banks, police, and hospitals will never demand payment this way.
- Pressure to stay on the line. Scammers often try to keep you talking so you don’t have time to hang up and verify independently.
- A request that skips your normal process. If a “CEO” or “manager” is suddenly asking you to bypass a standard approval step, that break from routine is itself a warning sign, regardless of how real the voice sounds.
Extra Layers for Businesses
Organizations face a distinct version of this threat, often aimed at finance teams rather than individuals. A few structural safeguards go a long way:
- Require out-of-band approval for any wire transfer or payment change, meaning a second, independent confirmation through a different communication channel than the one the request arrived on.
- Set a dual-authorization threshold so that no single employee can approve a large transfer alone, regardless of how convincing the request seems.
- Run periodic, realistic simulation training rather than one-off awareness sessions. Programs that measure actual behavioral change, like a declining rate of compliance with simulated fraudulent requests, tend to outperform generic annual training.
- Enable multi-factor authentication everywhere, so that even if a scammer talks someone into revealing a password, a stolen password alone isn’t enough to get in.
If You’ve Already Been Targeted
If you suspect you’ve fallen for a voice cloning or deepfake scam, speed matters more than anything else:
- Contact your bank or payment provider immediately to report the transaction and ask about reversal or freezing options.
- Report it to the relevant authorities — in the US, that means the FBI’s Internet Crime Complaint Center (IC3); most countries have an equivalent cybercrime reporting body.
- Alert anyone else who might be targeted next, since scammers frequently follow up with family members or colleagues using the same cloned voice or information.
- Change any passwords you shared and enable MFA immediately if the scam involved handing over login credentials rather than money directly.
The New Rule of Thumb
For most of history, hearing a familiar voice or seeing a familiar face was proof enough of someone’s identity. That assumption no longer holds, and pretending otherwise is exactly what these scams count on. The good news is that the defense doesn’t require new technology or technical expertise, just a habit of pausing, verifying through a second channel, and asking one question a clone can’t answer. In an era where seeing and hearing are no longer believing, a little friction is the whole point.





