You get a voice message from your banker: it's their voice, their tone, their cadence. Or a video call with your boss asking you to wire money urgently. What if it were nobody at all? AI can now clone a voice or a face in a few minutes, and the scams cashing in on it are exploding. The good news: you don't need to be an expert to protect yourself. Let me show you how to spot a fake and, above all, which simple reflexes stop a scam dead in its tracks.
A deepfake is content manufactured by AI to imitate a real person: their face in a video, their voice in a call, their appearance in a photo. The word comes from English ("deep learning" + "fake"), but the idea is simple: make someone say or do something they never said or did. In a way, it's the malicious cousin of the hallucination: content that's false, but perfectly believable.
For a long time, this was reserved for special-effects studios. Not anymore: the same families of tools I use to create my own visuals can be hijacked to manufacture fakes. Cloning a believable voice takes just 20 to 30 seconds of recording. A one-minute faked video can be produced in under 25 minutes. In other words: it's become fast, accessible, and cheap for anyone who wants to scam you.
And don't count too much on your own eyes. A recent study estimates that only 0.1% of people reliably tell real from fake across every format. It's not a question of intelligence. It's that the technology has gotten very good.
The danger of a deepfake isn't that it's perfect. It's that it shows up at the worst moment — a rushed call, an urgent transfer — and plays on your trust. The defense isn't in your eyes, it's in your method.
People assume these scams go after big companies. It's the opposite that happens: small businesses are prime targets. The reason is simple. You have real money flows to manage, but often less formal procedures than a large group. Nobody's going to push back on "the boss" asking for a quick transfer.
The numbers are dizzying. Attempted deepfake fraud has gone up by more than 2,100% in three years. It now accounts for a significant share of identity fraud. And the bill is steep: in 2024, an incident tied to a deepfake cost the affected companies nearly half a million dollars on average.
The best-known case is chilling. In early 2024, an employee at a large company joined a video conference with his CFO and several colleagues. Everyone around the table was a deepfake, except him. He wired 25.6 million dollars. He thought he was just following orders from up the chain.
Before we talk method, here are the signs that should put you on alert on an image or a video. None of them is proof on its own, but several together are a red flag.
Be honest with yourself, though: these cues work less and less. Generators are improving fast, and a recent fake can pass every one of these tests. That's why what comes next matters more than this list.
On the phone or in a voice message, your ear has its tells too.
Here again, don't stake your security on it. A voice cloned from a public video of you can be uncanny. The right reflex isn't "does this sound real?", it's "can I verify this some other way?".
Here's the heart of the article. Since your eyes and ears are no longer enough, you protect your business with simple procedures. They cost nothing and they stop a scam dead.
An internal password. Agree in advance on a secret word or question with your close colleagues. On any sensitive request by call or video, you ask for it. A scammer, even with a perfect voice, doesn't know it.
The second-channel rule. No request for money or sensitive data gets approved on a single channel. A call asks you for a transfer? You hang up and call the person back on their usual number, or you confirm by another means. This one reflex would have prevented nearly every major scam.
The "challenge" on video. If a doubt creeps in during a video call, ask the person to turn their head in profile or to pass their hand in front of their face. Many real-time deepfakes break down on that kind of movement.
Suspicion of urgency. Urgency is the scammer's number-one weapon: it stops you from thinking. "It's confidential", "it has to be done right now": those are warning signs, not reasons to go faster.
For more exposed organizations, there are real-time detection tools that plug into video calls and messaging. But for most of us, the human procedure remains the first line of defense — and the most effective one.
A word on the legal framework, because it's shifting. Starting August 2, 2026, the European AI Act will require AI-generated content to be labeled and to carry an invisible watermark. That will help, without solving everything: a watermark can be stripped out by a malicious actor. If you want to understand what this law changes for your business, I've written a dedicated article: the AI Act, what it changes for your business.
If you remember just one thing: no request for money or data gets approved on a single channel. You hang up, you call back on the number you know. Thirty seconds that can spare you a disaster.
Yes, and maybe more than a big one. Scammers target outfits that have money to move but few control procedures. A small business where the owner signs off on transfers directly is an easy target. You don't need to be a multinational to be hit — just to have a bank account and a habit of moving fast.
Three things, and they're free. One, agree on an internal password with your team for sensitive requests. Two, set the second-channel rule for any payment. Three, warn your team that urgency and confidentiality are warning signs. You can do all three this afternoon.
They exist and they're improving — some detect deepfakes in real time during a video call. But for a freelancer or a small team, they're rarely the priority: they cost money, take a bit of setup, and don't replace a good procedure. Start with people and method. Tools are the next step if your line of work is highly exposed.
Not by telling horror stories, but by giving them reflexes. Frame it as a simple routine, just like locking the door at night. One concrete example, the internal password, the second-channel rule, and you're set. People remember a method, not a fear.
If a transfer has gone out, contact your bank immediately to try to block it, then report the scam to the relevant authorities. If you just have a doubt about a call or a message, don't approve anything and verify on another channel. When in doubt, the right move is always to slow down.
No, not on its own. The obligation to label AI content, which kicks in on August 2, 2026, is a useful step forward for transparency. But a determined scammer can strip out a watermark, and the law won't protect you in real time during a call. Regulation helps; your vigilance stays essential.
Deepfakes made me change one reflex: I no longer trust what I see and hear when money or data is involved. Not out of paranoia — out of method.
What's reassuring is that the defense takes zero technical skill. A password agreed on in advance, the habit of checking on a second channel, and a healthy suspicion of urgency. For most of us, those three reflexes are worth all the software in the world.
The technology for manufacturing fakes will keep getting better. Your best defense, on the other hand, doesn't change: slow down, and verify.

I test AI for real and share what works, no jargon and no hype. If this article helped you, the easiest way to never miss anything is my Friday letter. And if you have a question or a doubt: reply to me, I read everything.