AI now lets bad actors fake faces, voices, video calls, and writing styles convincingly enough to move money, harvest credentials, and start "relationships." Most attacks use the same playbook. The defense is a small set of habits.
Two years ago, faking a voice took specialist software and a long sample. Today an open tool clones a voice from three seconds of audio. Faking a face on a live video call is similarly cheap. The fraud reports have caught up.
An employee at a multinational firm joined a video conference with the "CFO" and other "colleagues." Every face was a deepfake; the employee was the only real person there. They authorized 15 transfers totaling about HK$200M (~US$25M) before the firm realized none of those people had actually been on the call.
Coverage: CNN · South China Morning Post.
The FBI's Internet Crime Complaint Center (IC3) has issued repeated alerts about voice-cloning scams: a parent receives a call that sounds exactly like their child or grandchild, in distress, asking for bail / accident / hospital money. The voice is genuinely cloned from a few seconds of social-media audio.
FBI public alerts: PSA 2024 · FBI San Francisco.
The good news: a small set of habits — the same ones IT teams drill into staff for phishing — defend against most of it. You don't have to spot the fake to be safe. You just have to slow down.
The tells differ by flavor. The cross-cutting defenses (covered below) are the same.
Generated photos, fake profile pics, doctored photographs.
Image generators can produce a person who has never existed, or doctor a real person into a scene they were never in. The tells are getting subtler — but still cluster in five categories of failure.
Flavor-specific habit: reverse-image-search any photo you're about to act on. If you can't find it elsewhere on the web, that's a warning sign in itself. Then check the five categories of tell ↓.
Cloned from three seconds of audio.
This is the one to take seriously, because it preys on the people you love most — and the good news is that one simple habit defuses it. Almost always the script is the same: distress + urgency + money — for example, "Mom — I crashed the car. Don't tell Dad. I need bail money."
Flavor-specific habit: ask a real-time question only the real person would know right now. ("What was the last thing we ate together?" "What's our cat's name?") AI doesn't have the context. A real person does instantly.
Live deepfake faces on Zoom, Teams, FaceTime.
This is what got the Hong Kong firm. The caller looks and sounds like a person you know — sometimes multiple people you know — in a normal-looking conference window. Then they ask for an unusual transfer or an urgent approval.
Flavor-specific habit: ask them to do something hard to fake live. Wave a hand sideways across the face quickly. Turn fully sideways. Hold a finger close to the lens. Live deepfake models still glitch when something suddenly blocks part of the face (a hand passing across it) or at unusual angles — the face will smear or distort momentarily.
AI-polished phishing, written-style impersonation, romance scams.
Two things changed in the last two years. The broken-English phishing email is gone — AI fixes the spelling and grammar in seconds, so "the email reads weird" is no longer a reliable filter. And AI can now mimic a specific person's writing style from a sample.
Flavor-specific habit: judge the request, not the writing. Ask yourself: is it after money, a password, or a sudden change to payment details? Is it rushing you? Did it come through a channel you'd actually expect from this person? Clean spelling and grammar prove nothing now — AI writes flawless text for free.
Eight AI-generated examples, one tell each. From the Northwestern five-category taxonomy (Kamali, Black, Lin, Groh et al. 2024). Tap a card to study it; tap "reveal" for the hotspot circle and explanation.
Sources: Kamali, Black, Lin, Groh et al. (2024); Hany Farid's lab at UC Berkeley on lighting/shadow forensics. The example images here are AI-generated for teaching; the same tells apply to images you encounter in the wild.
The same playbook IT teams use against phishing — calibrated for the AI-fraud era. None of these requires you to spot the fake. They work even when the fake is perfect.
Pick a word you'd never use casually. Share it with your kids, partner, parents, finance team. The rule: any urgent request involving money or unusual action requires the code word. If the call sounds exactly like your kid but they can't say the word — it isn't them.
AI fakes the call coming in. It can't intercept your outbound call. Same principle for email: don't reply to the suspicious email; open a new one to the address you already have. Off-channel verification is the single best defense.
Real emergencies survive a 60-second pause. Scams die in that minute. Anyone — family, boss, vendor, "tech support," "the IRS" — pressuring you to act now without verification is, by default, suspect. The smartest move under pressure is the slowest one.
The biggest known loss — the 2024 case where an employee at the engineering firm Arup wired about $25M after a video call where every "colleague" was a deepfake — happened because there was no policy-level requirement for callback verification on unusual transfers. Add the rule: any change in account details, any large transfer, any unusual approval — requires a callback on a known number. Ten minutes of friction prevents seven-figure losses.
This was one exhibit. There are two ways into the rest of it — pick the one that fits.
The full journey: eleven short stations on what AI is, where it goes wrong, and how to use it well. About half an hour.
A hands-on lab for kids 8–12 (with a kid-sized version of this very exhibit). Free, no login, nothing collected — walk it through with a kid.
More: The Three Questions · For Parents · Sources (FBI IC3, Hong Kong police, Northwestern Groh, Hany Farid — every claim linked)