A finance department employee joins a video conference call. On screen, they can see their chief financial officer alongside several other senior colleagues. The CFO explains that a confidential acquisition requires an urgent series of wire transfers and walks the employee through the payment details. The faces are familiar, the voices match, and the request — while unusual — appears to come from the highest levels of the organisation. The employee processes the payments. Only later do they discover that every single person on that video call was a deepfake. The real executives were never on the line.

TL;DR — Key Takeaways

  • Learn how deepfake technology enables real-time video impersonation in business calls and discover verification procedures to protect your organisation
  • Review how Deepfake Video Calls Actually Work
  • Assess high-Profile Cases and Emerging Patterns

Visual Overview

flowchart LR
    A["Deepfake Video Created"] --> B["Joins Video Call"]
    B --> C["Mimics Known Person"]
    C --> D["Gives Fake Instructions"]
    D --> E["Victim Complies"]
    E --> F["Fraud Completed"]

This is not a hypothetical scenario. Deepfake video call fraud has already resulted in losses measured in the tens of millions, and the technology enabling these attacks is becoming more accessible and more convincing with each passing month. For small businesses that rely on video conferencing as a daily communication tool, understanding this threat is now essential. If you are already familiar with the broader landscape of deepfake threats facing businesses, this article will take you deeper into the specific mechanics and defences related to live video call impersonation.

How Deepfake Video Calls Actually Work

Deepfake video call fraud relies on a combination of two AI technologies: real-time face swapping and voice cloning. Together, they allow an attacker to appear on a video call as someone else — with a different face, a different voice, and mannerisms that closely resemble the person being impersonated.

Real-Time Face Swapping

Real-time face-swapping software uses deep learning models trained on images and video of the target person. The attacker's face is captured by their webcam, and the software maps their facial expressions and movements onto a digital model of the target's face, which is then rendered and displayed to the other participants on the call. The result is a live video feed that shows the target person's face moving and speaking in real time, driven by the attacker's actual movements.

The training data for these models can be surprisingly easy to obtain. Corporate headshots, conference presentations, media interviews, social media videos, and even footage from previous video calls can all provide the reference material needed to build a convincing face model. For executives and business owners who have any public presence, there is often more than enough material available.

Synchronised Voice Cloning

The visual deepfake is paired with real-time voice cloning technology that converts the attacker's speech into a replica of the target's voice. The combination of a matching face and a matching voice creates a powerful illusion that can fool even people who know the target personally. When multiple participants on a call are all deepfakes — as in the scenario described above — the effect is even more convincing, because the victim sees a group of familiar faces all apparently corroborating the same instructions.

High-Profile Cases and Emerging Patterns

The most widely reported case of deepfake video call fraud involved a multinational company where an employee was tricked into transferring approximately $25 million after attending a video conference in which every other participant was a deepfake. The employee initially had suspicions when they received an unusual email, but those doubts were overcome when they saw and heard what they believed to be their colleagues on the video call.

This case illustrates a critical pattern: deepfake video calls are often used as the final, convincing step in a multi-stage attack. The initial contact may come via email, text message, or phone call, and the video conference serves to overcome any remaining scepticism. The attacker knows that seeing a familiar face in a live video setting creates a level of trust that text or audio alone cannot match.

Other documented patterns include attackers impersonating external parties — such as investors, clients, or legal advisers — on video calls to extract sensitive information, authorise fraudulent transactions, or gain access to confidential documents. In some cases, deepfake video calls have been used to impersonate job candidates during remote interviews, gaining employment at a target company to enable further insider access.

Why Video Creates a False Sense of Security

Human beings are wired to trust visual information. Seeing someone's face and hearing their voice activates our social recognition systems, and we instinctively assign a high level of credibility to live video interactions. This is precisely why video call fraud is so effective — it exploits a deep psychological tendency that operates below the level of conscious analysis.

Many organisations responded to the rise of social engineering attacks by encouraging employees to verify unusual requests through video calls, reasoning that a face-to-face conversation (even a virtual one) would confirm identity more reliably than email or phone. Deepfake technology has turned this advice on its head. A video call is no longer proof that the person you are speaking with is who they appear to be.

The psychological impact of this realisation is significant. Employees who have been deceived by deepfake video calls report feelings of profound violation — the experience of being manipulated by what appeared to be a trusted colleague or superior is deeply unsettling. Organisations need to be prepared not only to prevent these attacks but to support staff members who may be affected by them.

Detection Techniques: What to Look For

While deepfake technology is improving rapidly, current real-time face-swapping systems still have limitations that an alert observer may be able to detect. Training your team to recognise these artefacts can provide an additional layer of defence, though it should never be relied upon as the primary safeguard.

  • Lighting inconsistencies: The lighting on a deepfake face may not perfectly match the lighting in the background environment. Look for shadows that fall in the wrong direction, skin tones that appear inconsistent, or highlights that seem unnaturally uniform.
  • Edge artefacts around the face: The boundary between the generated face and the real background can sometimes show subtle blurring, flickering, or misalignment, particularly around the hairline, ears, and jawline.
  • Unnatural eye movement: Current deepfake systems sometimes struggle to replicate natural eye movement patterns, including the small, rapid movements (saccades) that occur during normal conversation. The eyes may appear to stare slightly too steadily or blink at unusual intervals.
  • Synchronisation issues: There may be slight mismatches between lip movement and audio, particularly during rapid speech or when the speaker changes direction mid-sentence.
  • Response to unexpected requests: Ask the person on camera to perform an action that the deepfake software may struggle with — such as turning their head to an extreme angle, holding an object close to their face, or placing a hand over part of their face. Some face-swapping systems cannot maintain the illusion when the face is partially occluded.
  • Low resolution or poor quality: Attackers may intentionally use a lower video resolution to mask deepfake artefacts. If a colleague who normally has excellent video quality suddenly appears on a grainy, low-resolution feed, this should raise questions.

Verification Procedures Every Business Should Implement

Technical detection of deepfakes is an arms race that defenders are currently losing. The most reliable defence is procedural: establishing verification systems that do not rely on visual or auditory identity confirmation alone. The following measures should form the foundation of your organisation's approach to secure video conferencing.

Out-of-Band Verification for Sensitive Requests

Any request made during a video call that involves financial transactions, changes to sensitive data, or deviations from normal procedures should be verified through a separate communication channel. If someone requests a wire transfer during a Zoom call, verify the request by calling their known mobile number, sending a message through your internal messaging platform, or confirming in person. The key is that the verification must occur through a channel that is independent of the potentially compromised video call.

Pre-Shared Authentication for High-Stakes Calls

For video conferences where significant decisions will be made — board meetings, financial reviews, contract negotiations — consider implementing a pre-shared authentication step. Before the call begins, each participant confirms their attendance through a separate channel (such as a text message or internal chat) using a pre-agreed reference number or code word. This confirms that the real individuals are actually joining the call.

Meeting Hygiene Practices

Simple procedural habits can significantly reduce the risk of deepfake video call fraud:

  • Use authenticated meeting platforms: Ensure your video conferencing platform requires participants to authenticate with their organisational credentials before joining. Avoid using generic meeting links that anyone can access.
  • Maintain a waiting room: Use the waiting room feature to verify participants before admitting them to the call. This prevents attackers from joining uninvited.
  • Record sensitive meetings: Recording high-stakes video calls (with appropriate consent) creates an audit trail and may deter attackers who know their deepfake footage could be analysed later.
  • Limit meeting information: Do not share meeting links, times, or agendas publicly or in unsecured channels. The more information an attacker has about a scheduled meeting, the easier it is for them to plan a deepfake impersonation.

Preparing Your Organisation for the Deepfake Era

Deepfake video call fraud is still relatively rare compared to email-based phishing or traditional vishing attacks, but its potential for causing catastrophic financial losses makes it a threat that no business can afford to ignore. The technology is becoming cheaper, more accessible, and more convincing, and it is reasonable to expect that attacks targeting small and medium-sized businesses will become more common in the coming years.

Start by having an honest conversation with your team about the fact that video calls can no longer be treated as a reliable form of identity verification. This is a difficult message to communicate, because it undermines a tool that most of us use and trust every day, but acknowledging the reality is the first step towards building effective defences.

Next, implement the procedural safeguards described above — out-of-band verification, pre-shared authentication, and disciplined meeting hygiene. These measures do not require expensive technology or specialised expertise; they require only a commitment to following a consistent process, even when it feels unnecessary.

Finally, stay informed. The deepfake landscape is evolving rapidly, and the detection techniques and countermeasures that are effective today may need to be updated as the technology advances. Regular security awareness training that includes information about deepfake threats, combined with periodic reviews of your verification procedures, will help ensure that your organisation remains resilient as this threat continues to grow.

The era when seeing was believing is over. But with the right policies, the right training, and a healthy dose of procedural discipline, your business can navigate this new reality with confidence.