Deepfake Video Call Scams
Live deepfake video used to impersonate executives or loved ones and authorise transfers.
Last reviewed: 1 June 2026
What this scam is
Deepfake video call scams use real-time AI face and voice synthesis to impersonate a known, trusted person during a live video call. The technology overlays a fabricated facial image and cloned voice onto the scammer's actual camera feed, so that the recipient of the call sees and hears someone who looks and sounds like an executive, colleague, family member, or other trusted figure.
This represents a critical escalation in fraud capability because video calls were previously relied upon as a strong verification method. The cultural assumption that 'I can see and hear them — it must be them' is deeply embedded in both personal and professional behaviour. Deepfake video call fraud directly exploits that assumption.
In corporate variants, finance staff, accountants, or executives are directed by an apparently present and speaking CEO, CFO, or external auditor to execute an urgent, confidential bank transfer. In personal variants, a family member appears on a video call in distress requesting emergency funds. In both cases, the visual 'proof' of identity removes the hesitation that a voice call alone might not overcome.
How it works
Preparation involves gathering sufficient source material on the impersonation target: video and audio from public appearances, interviews, social media, or internal company content such as recorded meetings or presentations. This material trains a real-time synthesis model that can animate the target's face and produce new speech from text typed or spoken by the scammer.
The call is placed through a standard video-conferencing platform or messaging app. The scammer activates the deepfake layer through a virtual camera application that intercepts the video feed before it reaches the conferencing software. The recipient's screen shows the deepfake face in a standard video window with no visible indication that it is synthetic.
The call script is crafted for maximum compliance: it establishes urgency, invokes authority, and stresses confidentiality. In business settings, the 'executive' explains that a deal, acquisition, or regulatory payment must be completed within hours and must not be discussed with other staff until it is done — both conditions serve to bypass existing approval processes. The scammer maintains the impersonation long enough to obtain a commitment to pay, then ends the call.
A follow-up email from a spoofed address reinforces the instruction and provides payment details. The combination of apparent video presence and written confirmation is designed to satisfy whatever verification impulse a target might have.
Why this scam works
Video has been treated as a gold standard for identity verification precisely because it combines visual recognition, voice recognition, and real-time interaction in a way that seemed impossible to fake at scale. This mental model has not yet updated across most organisations and families, even as the technology to fake it has become commercially available.
The authority gradient in workplace settings is a powerful amplifier. An instruction from an apparent CEO or CFO carries enormous social weight, and disagreeing with or questioning such an instruction — even to perform a routine verification step — feels like career risk. Scammers design the call to exploit this power dynamic directly, framing verification requests as a sign of distrust or as a threat to the deal's confidentiality.
Time pressure prevents the kind of reflection that would ordinarily trigger scepticism. The combination of urgency, apparent video proof, and authority from a recognised figure creates conditions in which almost any instruction can be executed without the normal layers of scrutiny.
A typical pattern
A finance team member receives a video call invitation from what appears to be a senior colleague and an external adviser. Both participants appear on camera and voice. The senior figure explains that a confidential acquisition is in its final hours and requires an urgent transfer to a holding account, stressing that the transaction must not go through standard approval channels due to regulatory sensitivity. The finance team member executes the transfer. The genuine senior colleague, when later reached, has no knowledge of any such call or instruction.
Common red flags
- Urgent payment instruction given directly on a video call, especially with secrecy attached
- Subtle visual artefacts: unnatural blinking, occasional facial boundary blur, inconsistent lighting
- Reluctance to switch to a different conferencing platform or perform an unexpected physical action
- Caller becomes impatient or presses harder when you suggest verifying through standard channels
- Instructions to keep the transaction confidential from other colleagues or the finance team
- Combination of video 'proof' plus a follow-up email from a slightly different address confirming details
- Call initiated via an unusual platform or personal account rather than standard business channels
- Request to bypass standard approval procedures because of time sensitivity
- Payment destination is a new, unfamiliar account not in your existing payment records
- Subject matter involves a sensitive deal, acquisition, or compliance matter used to justify secrecy
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
(On video, 'CEO') I need you to process this transfer to [account] now — it's confidential, don't discuss it with anyone.
(On video call) This acquisition must close by end of day. Process [amount] to the holding account — the legal team will follow up.
('Family member' on video) I'm in trouble abroad. I need [amount] sent urgently. I can't explain on the phone — just please do it.
(In follow-up email) As discussed on our call, please process the transfer to [account details]. Do not use internal channels for this.
(On video) Our external compliance team has flagged an issue. You'll need to move [amount] to a safe account immediately.
(On video) Don't tell [colleague] — this is part of a surprise acquisition and the deal leaks if it goes through normal approval.
Common variations
- CFO or CEO impersonation directing a large wire transfer from a finance team member
- Fake external auditor or lawyer on a joint call with an apparently real internal executive
- Family member impersonation requesting emergency funds over a messaging app video call
- Fake job interview in which a deepfake 'employee' is used to build trust before stealing data
- Executive impersonation used to direct a colleague to change payroll or supplier bank details
- Fake IT support video call used to persuade staff to grant remote system access
How to verify before you act
Treat video presence as no longer sufficient to authorise financial transactions. Any payment instruction received over video — regardless of who appears to be giving it — must be verified through a separate, independently established channel before it is executed.
For business settings, establish a written policy: any payment request over a specified threshold requires a callback to the requester using a number from your internal directory, not a number provided during the call. No legitimate executive will object to a thirty-second verification callback. Any resistance to standard verification is itself a major red flag.
During a suspicious call, attempt to introduce a physical or spontaneous test: ask the caller to perform an unexpected action, reference a recent internal event or shared private detail that a scammer would not know, or suggest switching to a different platform. Deepfake systems have latency and can struggle with unexpected prompts.
For family calls, the same safe-word protocol used for voice scams applies: agree a private word in advance that a family member will use to confirm they are genuinely in difficulty. The safe word should be asked for casually mid-conversation to avoid alerting a potential scammer.
Payment methods used
- Bank transfer
- Crypto
Who is usually targeted
- Finance/admin staff
- Executives
- Families
What to do immediately
- Do not execute any payment or change any account details based on the video call alone
- Call the apparent caller back on a number from your independently verified internal directory
- If a payment has already been made, contact your bank immediately to attempt a recall
- Report the incident to your organisation's security and compliance team
- Preserve all evidence before deleting or overwriting anything
- Report to your national fraud authority and, if a business, consider reporting to your sector regulator
- Issue an internal alert so colleagues are aware and on guard for similar attempts
How to prevent it
- Establish and enforce a policy that no financial transaction is authorised on the basis of a video call alone
- Implement mandatory out-of-band verification for all outbound transfers using independently verified contact details
- Train finance and administrative staff specifically on real-time deepfake video technology
- Agree a private safe-word with close family members for use in suspected emergency situations
- Introduce a spontaneous question or physical action request during any suspicious video call
- Use dual-authorisation controls so no single staff member can execute a large transfer alone
- Be especially sceptical of calls that involve urgency, secrecy, and a request to bypass normal procedures simultaneously
- Review and strengthen payment authorisation procedures as a routine governance measure
Evidence to preserve
- A recording of the call if your platform supports it (check legal requirements before recording)
- Call records including time, duration, and the account or number used to initiate
- The invitation link, email, or message through which the call was arranged
- Follow-up emails or messages received after the call, including full email headers
- Bank transaction records and any payment authorisation documentation
- Notes made immediately after the call about what was said, requested, and by whom
- Any documents or information shared during or after the call
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
If I saw them on video, isn't it safe?
Not anymore. Real-time deepfakes can impersonate people convincingly on video. Treat video presence as evidence of interest, not proof of identity. Always verify payment instructions through a separate, independently established channel regardless of video proof.
How can I tell if a video is deepfake in real time?
Technical detection during a live call is unreliable. Instead, use procedural controls: ask an unexpected question or request a physical action, try switching platforms, and always require an out-of-band callback before executing any financial instruction.
What should our organisation's policy be?
No financial transaction above a minimum threshold should be authorised based on a video or phone call alone. All such requests should require a callback using numbers from an independently maintained directory, and preferably dual authorisation from a second team member.
We have two-factor authentication on our systems — are we protected?
Two-factor authentication protects account access but does not prevent an authorised user from being manipulated into making a fraudulent payment. Deepfake video fraud targets the human authorisation step, not the technical authentication layer.
Can the scam work even if the deepfake is imperfect?
Yes. Imperfections are often attributed to poor connection quality, which is a plausible explanation on video calls. Scammers also control the framing and lighting to minimise visible artefacts. Procedural verification is more reliable than trying to detect technical flaws.
Is this type of fraud only a business risk?
No. Personal variants — typically impersonating a family member in distress — are well documented. The same defences apply: a pre-agreed safe word, a callback on a known number, and resistance to urgency and secrecy pressure.
What are my organisation's liability implications if this happens?
Liability depends on jurisdiction, contract terms, and whether adequate procedures were in place. Establishing and enforcing a documented payment authorisation policy that requires out-of-band verification can be an important factor in assessing due diligence. Seek legal advice specific to your situation.