Deepfake Video Calls: How Scammers Impersonate Your Boss on Zoom
Learn how criminals use real-time deepfake technology to impersonate executives on Zoom and Teams calls. Understand the tactics and how to protect your organization.
· By Truvizy Research Team · 8 min read
TL;DR
Real-time deepfake technology now allows scammers to impersonate executives during live Zoom and Teams calls, tricking employees into making unauthorized wire transfers. The $25 million Hong Kong case was not an isolated incident. Protect yourself with multi-channel verification protocols and AI-powered detection tools.

You join a Zoom call and see your CFO's face on screen. The voice matches. The mannerisms are familiar. They reference a deal you discussed last week and ask you to process an urgent wire transfer to finalize the acquisition. Everything checks out, so you initiate the payment. Except the person on your screen was not your CFO. It was a criminal wearing a real-time deepfake mask, and the money is gone.
This is not science fiction. It is a documented attack vector that has already cost individual organizations tens of millions of dollars. Real-time deepfake technology has advanced to the point where face-swapping can be applied to live video feeds with latency low enough to pass as a normal video call. Combined with voice cloning, this creates a powerful new form of business fraud that exploits the very tools organizations rely on for remote collaboration.
The Rise of Live Deepfake Impersonation
Business email compromise (BEC) has been one of the costliest forms of cybercrime for over a decade. The traditional playbook involved spoofing or compromising an executive's email account and sending fraudulent payment instructions. As organizations implemented email verification protocols, criminals adapted. The deepfake video call is the natural evolution of BEC, replacing the text-based impersonation with a far more convincing audio-visual one.
The technology stack required for a live deepfake call has become surprisingly accessible. Open-source face-swapping models can run on consumer-grade GPUs, virtual camera software intercepts the video feed before it reaches Zoom or Teams, and voice-cloning tools trained on publicly available audio samples handle the audio side. An attacker with moderate technical skill and a few hours of preparation can create a passable real-time impersonation of almost anyone whose face and voice are publicly available.
Anatomy of a Deepfake Video Call Attack
A sophisticated deepfake call attack typically begins weeks before the call itself. The attacker conducts reconnaissance, studying the target organization's structure, identifying which employees have authority to initiate payments, and gathering video and audio samples of the executive to be impersonated. LinkedIn, YouTube conference presentations, podcast appearances, and corporate marketing videos all provide source material.
The attacker then compromises or spoofs the executive's calendar and email to schedule the call through apparently legitimate channels. The meeting invitation looks genuine, sent from the right email address or calendar system, often timed to coincide with the real executive being unavailable such as during travel or a known vacation. During the call, the attacker uses prepared talking points that reference real projects, real colleagues, and real deals to build credibility before pivoting to the fraudulent request.
What makes these attacks devastating is that they exploit the implicit trust of video communication. For decades, seeing someone's face on a video call has been considered reliable identity verification. That assumption is now dangerously outdated. For a deeper look at how deepfakes work and the visual tells you can look for, see our guide to spotting deepfake videos .
The Hong Kong Case: $25 Million in One Call
The most widely reported deepfake video call fraud occurred in Hong Kong, where a finance worker at a multinational firm was tricked into transferring approximately $25 million after a video conference that appeared to include the company's CFO and several other senior executives. The employee had initially been suspicious of an email requesting the transfer but was convinced after the video call appeared to confirm the instructions with multiple familiar faces.

What made this case particularly alarming was the multi-participant nature of the deepfake. Rather than impersonating a single executive, the attackers generated real-time deepfakes of several people simultaneously, creating the illusion of a group meeting where every participant was synthetic. This significantly increased the perceived legitimacy of the request because the target employee saw "multiple" trusted colleagues all confirming the same instruction.
The case underscored a critical vulnerability: organizations that had invested heavily in email security had no equivalent protections for video communication. The employee followed all existing protocols, verifying the request on a video call with senior leadership, but the verification method itself had been compromised.
Got a suspicious video recording? Scan it with Truvizy for free
Technical Limitations Scammers Exploit
Real-time deepfakes are not perfect. They introduce processing latency, struggle with rapid head movement, produce artifacts when hands cross the face, and often have difficulty matching environmental lighting. However, scammers deliberately exploit the limitations of video conferencing itself to mask these tells. Low-resolution video streams, bandwidth fluctuations, and compression artifacts that are normal on video calls conveniently hide deepfake imperfections.
Attackers often claim poor internet connectivity as a reason to keep their camera quality low, disable screen sharing, or keep their video off for portions of the call. They may keep calls short and focused on the fraudulent request to minimize the chance of detection. Some even stage fake "technical difficulties" if the deepfake begins to degrade, hanging up and calling back to reset the session. These are the same kinds of tricks used in celebrity deepfake scam campaigns adapted for the corporate context.
How to Detect Deepfakes During Live Calls
While you cannot run a video through a detection tool during a live call as easily as you can with pre-recorded content, there are several practical tests you can apply in real time. Ask the person to perform an unexpected action: turn their head sharply to the side, hold up a specific number of fingers near their face, or move to a different position in their room. Real-time deepfakes struggle with sudden changes, and these requests can cause visible artifacts or delays.
Watch for micro-delays between the speaker's lip movements and their audio. Real-time deepfake processing adds latency that often manifests as a subtle but detectable audio-visual desync. Pay attention to the edges of the face where it meets the hair and neck. Jittering, blurring, or color shifts at these boundaries are strong indicators of face-swapping.
If you have any doubt, do not proceed with the requested action during the call. Instead, end the meeting and verify through a completely separate channel. Call the person directly on their known phone number, walk to their office if they are in the building, or contact them through a different communication platform. If the recording of the suspicious call is available, run it through Truvizy's video analysis tool for a comprehensive AI-powered authenticity check.
During a video call, your colleague asks you to quickly process a wire transfer. Their video quality is low and they claim bad internet. What is the biggest red flag?
- They are using a virtual background
- They claim bad internet while making an urgent financial request
- They are wearing different clothes than usual
- The call is scheduled during lunch hours
Answer: Scammers deliberately use low video quality to hide deepfake artifacts. The combination of poor video quality, urgency, and a financial request is a classic pattern in deepfake video call fraud.
Building Organizational Defenses
The most effective defense against deepfake video call fraud is a combination of policy, training, and technology. Start by implementing a mandatory multi-channel verification policy for all financial transactions above a defined threshold. No single communication channel, whether email, phone, or video call, should be sufficient to authorize a payment. Every request must be confirmed through at least one independent channel.

Conduct regular deepfake awareness training for all employees who handle financial transactions or sensitive information. This training should include examples of real-time deepfake technology, practice exercises in identifying synthetic video, and clear procedures for reporting suspected impersonation attempts. Make it culturally acceptable, even encouraged, for employees to question and verify instructions from senior leadership. Organizations where employees feel they cannot question authority are the most vulnerable.
For a comprehensive approach to organizational protection, review our complete deepfake protection guide . For teams that need scalable detection capabilities, Truvizy's professional plans offer the advanced forensic analysis and volume support that security teams require.
Build your organization's deepfake defense today
The Future of Video Call Authentication
The video conferencing industry is beginning to respond to the deepfake threat, though solutions are still in early stages. Proposed approaches include cryptographic identity verification built into call platforms, real-time liveness detection that checks for signs of face-swapping, and integration of content provenance standards that can authenticate video feeds at the source.
Until these platform-level solutions are widely deployed, the responsibility falls on organizations and individuals to protect themselves. The good news is that the policies that defend against deepfake video call fraud, multi-channel verification, separation of duties for financial approvals, and a culture of healthy skepticism, are the same policies that protect against many other forms of business fraud. Implementing them does not just defend against deepfakes. It strengthens your overall security posture against the full spectrum of social engineering attacks.
Key Takeaways
- Real-time deepfakes can now impersonate executives on live Zoom and Teams calls convincingly
- Never authorize financial transactions based on a video call alone, always verify through a separate channel
- Ask unexpected questions or request sudden movements to test for deepfake artifacts during suspicious calls
- Build organizational policies where multi-channel verification is mandatory for all high-value requests
Related reading: How to Spot a Deepfake Video — The 7 key visual and audio signals that reveal AI-generated video content
Related reading: How to Verify Video Authenticity — A step-by-step process for confirming whether video content is genuine
Related reading: The Evolution of AI Scams — How deepfake technology is transforming business fraud and social engineering
Frequently Asked Questions
Can deepfakes really work in real-time video calls?
Yes. Modern face-swapping tools can process video feeds in real time with latency under 100 milliseconds, making them viable for live video conferences. The quality is lower than pre-recorded deepfakes but often sufficient to deceive participants, especially on standard-quality video calls.
How much money have companies lost to deepfake video call scams?
The most publicized case involved a $25 million loss from a single incident in Hong Kong. Industry estimates suggest cumulative losses from deepfake-enabled business email compromise and video call fraud reached hundreds of millions globally by 2025.
What should I do if I suspect a video call is a deepfake?
Do not transfer any funds or share any sensitive information. Ask the caller to perform an unexpected action like turning to show a specific object in their office. End the call and verify the request through a separate, trusted communication channel such as a known phone number or in-person confirmation.
Can video conferencing platforms detect deepfakes?
As of 2026, most mainstream video conferencing platforms do not have built-in deepfake detection. Some enterprise security vendors offer add-on solutions that analyze video feeds for synthetic artifacts, but adoption remains limited.
Are small businesses at risk or only large corporations?
Small and mid-size businesses are increasingly targeted because they often lack the verification protocols and security training that larger organizations have. The lower transaction thresholds mean smaller individual losses, but the cumulative impact across thousands of targets is substantial.