*New CNN Live Zoom Call Deepfake Video*
An engineering org sent $25 Million to scammers who deepfaked the finance team in a live video call. Are your colleagues, family & friends ready to catch this AI attack?
I demo'd a live Zoom deepfake to CNN's Clare Duffy to help you spot the signs.

These live video call or audio call deepfakes are increasing in the business world. Most often, an exec is deepfaked to the team that supports them asking for money, passwords, MFA codes, etc:
- $25M sent to scammers in Arup video call deepfake attack https://cnn.com/2024/05/16/tech/arup-deepfake-scam-loss-hong-kong-intl-hnk
- Fraudsters Cloned Company Director's Voice In $35 M Heist: https://forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/
- Wiz CEO says company was targeted with deepfake attack that used his voice: https://techcrunch.com/2024/10/28/wiz-ceo-says-company-was-targeted-with-deepfake-attack-that-used-his-voice/

We're also seeing a large increase in attackers using AI to voice clone an exec and target their team to steal money, data, or access, like in this example I did for 60 Minutes: https://x.com/RachelTobac/status/1976308961684189576

Many recommend using a verbal "passphrase" with colleagues, family and friends to verify that person you're talking to is who they say they are.
A verbal passphrase could work in some scenarios, especially the ones that aren't super dire or extreme. But, in the scenarios tricking families, where a child is deepfaked to a grandparent/parent/sibling etc and is in extreme distress, screaming, and crying -- remembering passphrases will be hard to do in the moment.
That is because we know from neuroscience that the amygdala in the brain takes over during times of crisis, making it challenging to remember anything at all except the present moment.
If you've ever been through a true crisis at home then you may know that it's hard to even remember your own ADDRESS to report to 911 during an actual emergency. The brain goes blank.
What I recommend instead is: if your family, friends, or colleagues get a terrified phone call from "you" asking for money (for example), stay on the line and use another method of communication to verify authenticity of the request while offering words of support.
Even a quick text, chat, or DM (even while the call is ongoing!) can verify that the call is a scam (and your loved one is actually safe) before sending money.

Share this example with family, friends & your team to ensure everyone is on the same page about Being Politely Paranoid and using another method of communication to verify people are who they say they are:
CNN: https://edition.cnn.com/2025/10/07/business/video/deepfake-scam-ai-zoom-call-digvid

Right now, AI voice clone scam calls are increasing for orgs.
I give it 1 year before criminals increase use of live video call deepfakes in their scams. Get your team and folks prepared now.

*New live hack demo: hacking bank security questions with AI voice clone calls*
At @defcon I went on the @scammerpayback Payback podcast and hacked the host by calling his friends & stealing answers to his bank's password reset identity questions using a voice clone within 10 seconds!

The Scammer Payback podcast was one of my favorite interviews of all time because I got to:
- do hard OSINT on Daniel, present my findings live and shock the glasses off him multiple times
- live hack his bank account in front of him by calling his friends and using AI voice clones to take over his account
- talk about how hacking has changed in the past year
- discuss how AI psychosis happens from a neuroscience perspective
- tell a never before heard story about how I almost took the worst job in history
- and what we can do to protect people from scammers in 2025 in our personal and professional life

This is also probably the funniest interview I've done in years.
I haven't gotten to laugh this hard on camera in a while.

Watch the full Scammer Payback interview on YouTube here: https://www.youtube.com/watch?v=xEdZwLRJttQ