Deepfake Voice Scams
Cloned voices of family members or executives used to authorise urgent payments or 'rescues'.
Last reviewed: 1 June 2026
What this scam is
Deepfake voice scams use AI voice-cloning technology to replicate the voice of a family member, friend, or company executive with startling accuracy. The technology requires only a few seconds of audio — readily harvested from a social media video, voicemail greeting, or podcast appearance — to train a model that can say anything the scammer types.
The resulting call sounds unmistakably like the person you love or work for. Vocal cadence, regional accent, and even characteristic filler words carry over. Older telephone infrastructure further compresses audio quality, making artefacts harder to detect. The result is that even people who consider themselves tech-savvy have been deceived.
In family-emergency variants, scammers impersonate a child, grandchild, or sibling who has supposedly been in an accident, arrested, or kidnapped abroad. In corporate variants — sometimes called CEO fraud with a voice layer — finance staff receive calls from an 'executive' or 'auditor' directing an urgent and confidential bank transfer. Both variants share the same psychological engine: panic combined with a trusted voice short-circuits rational scrutiny, making verification feel disloyal or time-wasting.
How it works
The preparation phase takes minutes. Scammers scrape publicly available audio from social media reels, TikTok videos, YouTube interviews, or podcast appearances and feed it into a commercially available voice-synthesis service. Most modern platforms can clone a voice from under thirty seconds of clean audio and generate unlimited new speech.
The call itself is short and designed to disorient. The 'relative' or 'executive' establishes urgency immediately — there has been an accident, an arrest, a confidential deal — and stresses that time is critical. The caller pressures you to keep the matter secret, which isolates you from anyone who might counsel caution. They will have details scraped from social media: the target's name, family relationships, recent travel, or professional context.
Payment is always immediate and in a form that is hard to reverse. Wire transfers, gift card numbers read over the phone, or a crypto wallet address are all common. In business settings, the scammer may follow up with an email confirming the 'executive's' instruction to add a veneer of documentation. Once the money moves, recovery is extremely difficult.
Afterwards, scammers sometimes call a second time impersonating a 'recovery agent' or 'police officer' to extract further payments or personal information from distressed victims.
Why this scam works
Voice is one of the most emotionally loaded channels of human communication. We associate the sound of a person's voice with trust, intimacy, and identity in a way that text or even images do not replicate. When you hear what sounds exactly like your child calling in distress, the emotional response — love, fear, urgency — is involuntary and powerful.
AI voice cloning removes the one safeguard people previously relied on: 'I would know my own family's voice.' That mental model has not yet updated to account for how accessible and how convincing modern synthesis is. The technology is now consumer-grade and requires no specialist knowledge.
Scammers layer additional psychological pressure on top: urgency (act now or it gets worse), secrecy (don't tell anyone), and authority (a lawyer or officer is on the line). These combine to suppress the analytical thinking that might trigger verification behaviour. The familiar voice provides false reassurance while the pressure mechanisms prevent the pause needed to act on doubt.
A typical pattern
An older adult receives a distressed call from someone speaking in what sounds exactly like their adult child's voice. The 'child' says they have been in a minor car accident abroad and been detained; they need bail money wired immediately and beg the parent not to call other family members. A second voice — a 'lawyer' or 'consular officer' — takes the phone and provides wire-transfer instructions. The parent complies, believing they are helping their child. When they later reach their actual child, who is completely unaware, both parties realise what happened.
Common red flags
- Urgent call from a 'loved one' or 'boss' needing money immediately
- Caller insists you keep the matter secret
- Story depends on speed — no time to verify
- Unusual payment method: wire transfer, gift cards, or crypto
- Caller refuses or avoids a callback or safe-word test
- A 'lawyer', 'officer', or 'assistant' takes over to give payment instructions
- Details scraped from social media make the call feel specific and credible
- Second call from a 'recovery agent' after an initial payment
- Caller becomes hostile or more insistent when you suggest verifying
- Recipient's actual phone line is suspiciously busy when you try to call back
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Mum, it's me — I've been in an accident and need you to send [amount] right now, please don't tell Dad.
This is [name]'s lawyer. Your [relative] needs [amount] for bail — we need it wired to [account] within the hour.
[Executive name]: Process this wire to [account] immediately — it's confidential, do not discuss it with anyone.
I've lost my wallet and passport in [city]. Can you send [amount] in gift cards and give me the codes? I'll pay you back.
Don't hang up — if you put the phone down they will charge [name] with a more serious offence.
It's [friend]. I'm in a really bad situation. I need [amount] urgently. I'll explain everything when I get back.
Common variations
- Grandparent scam with AI voice cloning ('virtual kidnapping' variant)
- CEO / executive fraud with cloned voice directing a wire transfer
- HR or payroll impersonation directing salary redirection
- Cloned voice of a friend asking for an emergency loan
- Fake police or legal official using a cloned trusted voice as 'proof'
- WhatsApp voice-note clone sent to personal contacts
How to verify before you act
The single most important protection is a pre-agreed family safe word or passphrase — a short, memorable word that any family member can ask for in a suspected emergency. If the caller cannot supply it, treat the call as fraudulent regardless of how convincing the voice sounds.
After receiving any urgent call asking for money, hang up and call the person back directly on the number saved in your own contacts — not a number the caller gives you. If you cannot reach them, call another family member or colleague who can physically locate them.
For business calls directing transfers, use your organisation's established callback or dual-authorisation procedure. No legitimate executive will object to a standard verification step. Treat any instruction to bypass controls as a major red flag.
Consider keeping a private note of your family safe word in a password manager or secure location. Review it periodically so everyone remembers it without prompting. A well-established safe word is useless if family members have forgotten it when they need it most.
Payment methods used
- Bank transfer
- Gift cards
- Crypto
Who is usually targeted
- Parents and grandparents
- Finance staff
- Anyone with public voice clips
What to do immediately
- Pause — do not send money while on the call, no matter how urgent it sounds
- Hang up and call the person back on the number in your own contacts
- Ask for the pre-agreed family safe word; if they cannot give it, treat the call as fraudulent
- Contact another family member or colleague to physically verify the person's whereabouts
- If you have already sent money, contact your bank immediately to attempt a recall
- Report the scam to your national fraud hotline and to the platform or carrier used
- Preserve the caller's number, any voicemail, and all payment records as evidence
How to prevent it
- Agree and regularly refresh a private family safe word for emergency calls
- Always call back on a known number before sending any money
- Minimise the amount of audio you share publicly on social media
- Businesses should enforce dual-authorisation for all outbound transfers
- Never send gift cards, wire transfers, or crypto based on a phone call alone
- Brief elderly relatives specifically about voice-cloning technology
- Use call-filtering apps that flag suspected spoofed numbers
- Treat any request for secrecy alongside urgency as an automatic red flag
Evidence to preserve
- Incoming call logs and any recorded voicemail
- The number the call came from (even if spoofed, it may assist investigation)
- Screenshots of any follow-up messages or emails
- Bank or gift-card transaction records and receipts
- Crypto wallet addresses and transaction IDs if applicable
- Notes on what was said, including names and details the caller provided
- Any second or follow-up call from an alleged 'recovery' or 'official' source
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I protect my family from voice cloning?
Agree a private family safe word to confirm identity in emergencies, always call back on a number you already have saved, and brief older relatives specifically on this technology. No legitimate emergency will be worsened by a thirty-second verification pause.
How little audio does it take to clone a voice?
Modern voice-synthesis tools can produce convincing results from as little as fifteen to thirty seconds of clean audio. Any video you have posted publicly — a birthday message, a social media reel, a podcast — may be sufficient source material.
Can I rely on caller ID to spot these calls?
No. Caller ID can be spoofed to display any number, including a genuine contact's number. A familiar caller ID combined with a familiar-sounding voice is still not proof of identity.
What should businesses do to protect finance staff?
Implement mandatory dual-authorisation for all outbound transfers, establish a voice-callback procedure using numbers from an internal directory — not numbers provided by the caller — and run regular staff training that specifically covers voice-cloning technology.
Is there technology that can detect deepfake audio?
Detection tools exist but are not yet reliable enough to be a primary defence, and scammers can work around known artefacts. Procedural controls — safe words, callbacks, dual authorisation — are more dependable than detection software at present.
What happens if I have already sent money?
Contact your bank immediately and ask them to attempt a recall. Report the fraud to your national fraud authority and the police. Banks can sometimes recover wire transfers if they act quickly, but recovery is not guaranteed and crypto transfers are rarely recoverable.
Can I do anything to make my voice harder to clone?
There is no technical way to prevent cloning from existing public audio, but you can reduce your exposure by limiting the volume of publicly accessible voice content on social media. Private or friends-only settings offer some protection.
My bank says the transfer was authorised — do I have any recourse?
In many jurisdictions, regulators require banks to consider reimbursement for victims of authorised push payment fraud even when the victim instructed the transfer. Contact your bank's fraud team and, if unsatisfied, escalate to your national financial ombudsman.