Synthetic voice and video generation has improved to the point that short, low-quality source clips are enough to produce a convincing clone of someone's voice, and increasingly their likeness on video. This guide is about awareness and detection — how these scams typically work, the warning signs that still hold up, and how individuals and businesses can build a verification habit that does not depend on spotting a technical flaw. It is not a how-to for creating synthetic media.
What changed in 2026
- The amount of source audio needed for a convincing voice clone kept shrinking, making even a short public video or voicemail a viable source for cloning.
- Real-time voice conversion during live calls became more accessible, meaning scams are no longer limited to pre-recorded clips — an attacker can hold a live conversation in a cloned voice.
- Detection tooling improved but remains a reactive arms race — automated detectors help at scale but are not reliable enough to be a sole line of defense for an individual in the moment.
- Awareness and verification-process training spread within businesses, particularly finance and HR teams, as the more durable defense compared to trying to spot fakes by ear or eye.
How these scams typically work
The pattern is more consistent than the technology: someone receives an urgent call or message that appears to come from a trusted person — a family member, a boss, a company executive — asking for money, credentials, or sensitive action, with pressure to act quickly and quietly. The synthetic voice or video is the delivery mechanism; the urgency and secrecy are the actual attack. Scams that give the target time to think, or that route through a normal verification channel, mostly fail.
Warning signs worth taking seriously
- Urgency paired with a request to bypass normal process — wiring money outside the usual approval chain, sharing a password "just this once."
- A request to keep the interaction secret from colleagues, a spouse, or anyone who might normally be consulted.
- Contact through an unusual channel — a call from an unfamiliar number claiming to be someone whose number you already have saved.
- Reluctance or inability to answer an unscripted, personal question that the real person could answer instantly, if you ask one.
None of these signs is proof on its own, and audio or video quality is no longer a reliable tell — treat the pattern of behavior as the signal, not the production quality of the media.
Verification methods compared
| Method |
Reliability |
Practicality |
| Judging by voice/video quality alone |
Low — quality is no longer a reliable signal |
Easy but insufficient |
| Calling back on a known, saved number |
High |
Very practical, should be default habit |
| Pre-agreed verbal "safe word" for sensitive requests |
High |
Requires setup in advance, works well for families and small teams |
| Asking an unscripted personal question |
Moderate to high |
Practical in the moment, not foolproof |
| Automated deepfake detection tools |
Variable, improving |
Useful at organizational scale, not yet reliable for individuals alone |
What businesses should put in place
Any process that can move money, reset credentials, or grant access should require verification through a channel independent of however the request arrived — a callback on a known number, an in-person confirmation, or a second approver who was not part of the original contact. This should be a written, trained policy, not an assumption that employees will "just know" a request looks off. Finance and HR teams, which are disproportionately targeted, benefit from specific training on the urgency-and-secrecy pattern described above rather than training focused on spotting audio artifacts.
FAQ
Can I reliably tell a cloned voice from a real one by ear?
Not anymore, for a well-produced clone. Treat the behavioral pattern of the request — urgency, secrecy, an unusual channel — as the primary signal, not audio quality.
What should I do if I get a suspicious urgent call from someone I know?
Hang up and call back on a number you already have saved for that person, not a number given to you during the call. This single habit defeats most of these scams.
Are automated deepfake detection tools good enough to rely on?
They are useful as one layer, especially at organizational scale, but detection is a continuing arms race against generation quality — do not treat a "looks real" result from a detector as a guarantee.
Is it illegal to create a deepfake of someone?
Laws vary by jurisdiction and by use case (satire, consent, fraud, defamation all differ legally) and are actively evolving — verify current law in your jurisdiction rather than assuming a blanket answer.
Where to go next