Skip to main content
Conan O’Brien featured in series of 15+ AI security training modules
Blog
AI Threats & Deepfakes

Deepfake Verification Procedures: A Complete Framework for Detecting and Defeating AI-Generated Identity Fraud

JULY 10, 202626 MIN READ
Adaptive TeamAdaptive Team
Deepfake Verification Procedures: A Complete Framework for Detecting and Defeating AI-Generated Identity Fraud

A finance employee at a multinational engineering firm joined a routine video call with the company CFO and several familiar colleagues, then authorized a transfer of HK$200 million. Every participant on that call was synthetic. The 2024 Arup fraud proved that a single undetected AI-generated identity can extract catastrophic losses in under an hour, and it exposed how badly conventional identity checks fail against modern synthetic media.

Deepfake verification combines automated detection, manual inspection, liveness confirmation, and out-of-band controls to stop deepfake attacks

Deepfake verification procedures exist to close that gap, combining automated deepfake detection, manual inspection, liveness confirmation, and out-of-band process controls into a defense no single layer provides alone. According to the CrowdStrike 2026 Global Threat Report, the average adversary breakout time, the window between initial access and lateral movement, dropped to 29 minutes, with the fastest measured at just 27 seconds, leaving little room for after-the-fact discovery.

This guide covers:

  • The machine learning models that power automated deepfake detection and where they break down in real-world conditions
  • The manual inspection techniques fraud analysts use when tools fail, built into repeatable deepfake verification procedures
  • The four delivery methods cyberattackers exploit and the liveness and biometric layers that complement deepfake detection
  • A step-by-step implementation plan for security leaders building deepfake verification procedures across regulated industries

Synthetic identity fraud now moves faster than most security teams can respond, and detection after the transfer is already a failure. Adaptive Security trains employees to recognize and report deepfake cyberattacks before funds move.

Take a self-guided tour

What Are Deepfakes and How Are They Created?

Deepfakes are AI-generated synthetic media that replace or manipulate a person's likeness, voice, or both using deep learning neural networks trained on real source material. Organizations encounter them primarily as instruments of social engineering, where cyberattackers impersonate executives on video calls, clone voices for vishing, and fabricate evidence that bypasses identity verification. Effective deepfake verification procedures begin with understanding how the underlying media is built.

The operational difference today is speed. Production-quality deepfakes now require minutes of source footage instead of hours, making every employee with a public conference talk or video post a viable target. That accessibility is precisely why deepfake verification procedures can no longer be treated as a future planning item.

What Is the Technology Behind Deepfakes?

The dominant architecture behind modern deepfakes is the Generative Adversarial Network (GAN), a dual-neural-network system in which two models compete in a zero-sum game. The generator synthesizes fake images, video frames, or audio clips from random noise, attempting to produce output indistinguishable from real media. The discriminator acts as a forensic analyst, classifying each sample as authentic or synthetic.

Both networks improve iteratively. The generator learns from every rejection, and the discriminator sharpens its detection on every near-miss, continuing until the generator produces media that neither the discriminator nor a human observer can reliably detect as fake. This adversarial loop is what separates deepfakes from earlier video manipulation. Rather than manually rotoscoping faces frame by frame, the GAN learns the statistical distribution of a person's facial movements, expressions, and micro-muscle patterns.

Once trained, the model can generate entirely novel footage of that person saying or performing actions they never undertook. Newer architectures, including diffusion models and vision transformers, have pushed quality further by iteratively denoising random patterns, producing faces with anatomically consistent eye reflections, skin texture, and lighting that earlier GANs struggled to replicate.

How Do Neural Networks Create a Convincing Face?

Face-swap deepfakes depend on two specialized neural network types working in sequence: autoencoders and convolutional neural networks (CNNs). An autoencoder compresses a face image into a compact latent representation, a low-dimensional code capturing the essential geometry of the face, then decodes that code back into a full image. In deepfake pipelines, the encoder is shared across all faces, learning universal facial structure, while separate decoders are trained for each target identity. When Person A's encoded face is fed into Person B's decoder, the output is Person B's likeness performing Person A's expression.

CNNs handle the spatial reasoning that makes the output convincing. These networks use layered filters that detect edges, textures, facial landmarks, and eventually high-level features like jawline contours and brow positions. A deepfake CNN must simultaneously align source and target faces across different angles and lighting conditions, blend the swapped face seamlessly into the original neck and background, and preserve temporal coherence so the result does not flicker between frames. Post-processing steps such as color grading, motion blur matching, and resolution upscaling further obscure the digital artifacts that deepfake detection tools hunt for.

How Does AI Clone a Human Voice?

Voice cloning relies on natural language processing (NLP) combined with neural text-to-speech synthesis. The pipeline begins by extracting a speaker embedding, a mathematical fingerprint of vocal characteristics including pitch range, cadence, breath patterns, and phoneme transitions, from as little as three seconds of source audio. Models then use this embedding to generate entirely new speech in that voice, producing waveforms that capture not just the words but the prosody: the rhythm, stress, and intonation that make a voice sound human rather than robotic.

What makes modern voice cloning dangerous is that it no longer requires studio-quality recordings. A single voicemail greeting, a conference talk uploaded online, or a podcast interview provides enough clean signal to train a clone. According to the McAfee Artificial Imposter Report 2023, cloned voices can reach an 85% match to the original speaker from just a few seconds of audio. Cyberattackers combine cloned voices with spoofed caller ID to execute vishing cyberattacks where employees hear what sounds exactly like their CFO demanding an urgent wire transfer.

The psychological authority of a familiar voice overrides the skepticism that a suspicious email might trigger, and that gap is precisely what deepfake phishing simulations are designed to close.

A cloned executive voice can clear every trust barrier, and three seconds of public audio is enough to build one. Adaptive Security runs voice and multi-channel deepfake simulations that condition employees to verify before acting.

Explore the platform

Deepfake vs. Cheapfake: Why the Distinction Matters for Verification

Not every deceptive video is a deepfake. Cheapfakes, sometimes called shallowfakes, are authentic media manipulated through low-tech means: slowing footage to make a speaker appear intoxicated, cropping out context to reverse meaning, or mislabeling an old video as a current event. These require no AI, no neural network training, and no specialized hardware. A free video editor and a misleading caption are the only tools needed.

The verification implications differ fundamentally. Deepfake detection relies on analyzing digital artifacts that AI synthesis leaves behind, including inconsistent corneal reflections, unnatural blinking patterns, and spectral anomalies undetectable through visual inspection. Cheapfakes produce none of these artifacts because the source media is authentic.

Verification against cheapfakes instead demands provenance checking: reverse image search, metadata inspection, and cross-referencing against known original sources. An organization that invests solely in AI-based deepfake detection tools will miss cheapfakes entirely. Effective deepfake verification procedures must address both categories, combining technical detection with journalistic verification methods that predate generative AI by decades.

The Velocity Problem: Why Deepfake Verification Procedures Are Now Urgent

The speed at which deepfakes can be created has collapsed. According to Entrust's Onfido Identity Fraud Report 2024, a deepfake cyberattack was attempted every five minutes in 2024. What once required a specialized VFX team weeks to produce can now be generated by a single operator in under 20 minutes using commodity tools and publicly available source footage.

This compression of the attack timeline has made deepfake verification procedures an urgent operational priority. When creation time drops below the average response cycle of a security team, detection after the fact is a failure mode. Verification must happen in real time: during the call, before the transfer, at the moment of credential entry.

Organizations that lack documented out-of-band verification protocols, have not trained employees on deepfake-specific indicators, and operate without deepfake phishing simulation muscle memory are already behind the adversary's production timeline.

The window between a deepfake landing and funds leaving is now measured in minutes rather than days. Adaptive Security builds the real-time verification reflexes employees need through repeated, realistic deepfake phishing simulations.

Book a demo

The Four Main Types of Deepfakes and How They Differ

Academic research classifies deepfake face manipulation into four distinct categories: identity swap, face reenactment, attribute manipulation, and fully synthetic faces. Each is created through fundamentally different AI architectures, and each presents unique challenges for deepfake detection. Building deepfake verification procedures that hold up across all four requires matching the right forensic approach to the right manipulation type.

Identity swap replaces one person's face with another wholesale, making it the most common vector in executive impersonation fraud. Face reenactment transfers expressions and lip movements onto a target without changing their identity. Attribute manipulation alters specific facial characteristics such as hair color, skin tone, apparent age, and the addition or removal of glasses, without changing underlying facial geometry. Fully synthetic faces are generated from scratch with no real-world counterpart, leaving no original to compare against.

Each type demands its own verification approach. Identity swap benefits from facial boundary artifact analysis and biometric inconsistency checks, whereas synthetic faces require statistical pixel-level forensics because no reference image exists. Understanding these distinctions determines whether an organization's verification procedure catches the cyberattack or gives a false sense of security.

How Do Identity Swap Deepfakes Work?

Identity swap, commonly called face swap, uses autoencoder or GAN architectures to replace one person's face with another while preserving the original video's expressions, head movements, and background. The cyberattacker trains an encoder on thousands of face images from both source and target. A shared encoder extracts common features while two separate decoders reconstruct each face, swapping them at the reconstruction stage.

This category drives the majority of real-world fraud incidents. The $25 million Arup wire fraud in 2024 used face-swap technology to impersonate the company's CFO during a live video conference where every participant the finance employee saw was synthetic. What makes identity swap especially dangerous for verification is that the underlying motion, scene lighting, and background are genuine. Only the face is synthetic, making casual visual inspection unreliable.

The most effective detection methods target boundary artifacts. Because the swapped face must be blended into the original frame, subtle inconsistencies appear at the facial perimeter, around the jawline, and in lighting mismatches between the transplanted face and the original scene. Research from the University at Buffalo's deepfake detection lab confirms state-of-the-art detection algorithms achieve accuracy in the mid-to-high 90% range, while frequency-domain analysis exposes the upsampling and downsampling artifacts that identity-swap pipelines leave behind during alignment and blending.

What Makes Face Reenactment Different From Identity Swap?

Face reenactment transfers one person's facial expressions, head poses, and lip movements onto another person without changing the target's identity. The target still looks like themselves, but their expressions are driven by a source actor in real time. This technique relies on facial landmark mapping, detecting key points around the eyes, nose, and mouth, then warping the target face to match the source's movement patterns frame by frame.

The verification challenge differs fundamentally from identity swap. Since the person's identity remains intact, biometric facial recognition systems may still authenticate correctly. What gives the manipulation away are temporal inconsistencies, because lip-sync deepfakes, a common subset of face reenactment, often produce mouth shapes fractionally misaligned with the underlying audio.

Research presented at CVPR 2024 by Hany Farid and colleagues at UC Berkeley demonstrated that lip-sync detection models identify audio-visual mismatches human observers systematically miss. Blink rate analysis serves as a second detection layer. Early face reenactment models struggled to reproduce natural blink patterns because training datasets contained far more open-eyed images than mid-blink ones. While newer generators have improved, many still produce blink cadences that deviate from the human baseline of 15 to 20 blinks per minute. For high-stakes verification, combining lip-sync analysis with temporal inconsistency detection provides a layered defense no single method can match.

How Does Attribute Manipulation Challenge Verification?

Attribute manipulation uses GAN-based image-to-image translation architectures that map visual attributes from a source domain to a target domain while preserving everything else about the image. The verification risk is insidious because it exploits trust in familiar faces. A cyberattacker does not need to impersonate someone else; they can alter their own appearance to bypass identity verification systems trained on a specific photograph.

Someone who grows a beard, changes their hairstyle, or wears glasses absent from a reference photo can already challenge biometric systems. Attribute manipulation amplifies this by enabling cyberattackers to reverse-engineer the appearance a verification system expects, matching the stored template rather than evading it.

Detection methods focus on pixel-level forensics and metadata analysis. Unlike identity swap, there is no seam or boundary to detect, because the manipulation is diffused across the entire face region. Statistical analysis of noise patterns reveals inconsistencies introduced during generation, since GAN-synthesized pixels carry a different noise signature than those captured by a camera sensor. These techniques are more computationally intensive than boundary detection but represent the only reliable approach when manipulation blends seamlessly with the original image.

What Are Fully Synthetic AI-Generated Faces?

Fully synthetic AI faces are statistical composites with no real-world source, and studies confirm humans cannot reliably distinguish them from real photographs

Fully synthetic faces are generated entirely by AI, typically through StyleGAN architectures or diffusion models, with no real-world photographic source. These faces belong to no human being; they are statistical composites engineered from patterns the model learned across millions of training images. A 2022 study published in Proceedings of the National Academy of Sciences found participants could not reliably distinguish GAN-generated faces from real photographs, and subsequent research has confirmed that detection difficulty has only increased since.

For verification, synthetic faces create a unique problem: there is no original to compare against. Traditional forensic techniques that look for inconsistencies between a manipulated image and its source are rendered irrelevant when no source exists. Synthetic faces are consistent by design because every pixel was generated by the same model under the same constraints. Cyberattackers use these fabricated identities to create social media profiles, pass know-your-customer checks, and build entire synthetic personas, a tactic the FBI has documented as increasingly common in romance scams and business email compromise (BEC) schemes.

The most reliable detection approach targets the statistical fingerprints left by the generation process. GANs and diffusion models introduce subtle but measurable regularities in pixel correlation patterns, color channel distributions, and frequency-domain signatures that differ from the natural variation produced by physical camera sensors. Specialized classifiers trained to recognize these generative artifacts now achieve high accuracy on controlled benchmark datasets, though performance degrades substantially against generator architectures not represented in training data, a generalization gap that remains one of the hardest unsolved problems in synthetic face detection.

A synthetic persona that clears know-your-customer checks can open accounts, pass interviews, and move money long before anyone notices. Adaptive Security helps teams recognize the social-engineering patterns these fabricated identities depend on.

Explore the platform

Why Deepfake Verification Procedures Must Address Both Deepfakes and Cheapfakes

Organizations designing deepfake verification procedures face a strategic blind spot if they optimize exclusively for AI-generated media. Cheapfakes, manipulated through conventional editing rather than deep learning, remain a common vector in active fraud campaigns. The Department of Homeland Security defines cheapfakes as content altered using simple digital techniques such as slowing video, mislabeling footage with false timestamps, splicing audio, or using basic photo edits to change context rather than fabricate imagery.

These manipulations require no AI expertise, cost nothing to produce, and routinely evade detection systems calibrated for generative artifacts precisely because they contain none. A procedure that looks only for GAN fingerprints will flag a sophisticated deepfake while clearing a manually edited invoice or a deceptively edited screen recording.

Effective verification must layer AI-specific detection with traditional media forensics: metadata validation, source provenance tracking, and contextual inconsistency checks that catch both machine-generated and human-edited fraud with equal reliability. Each category demands its own forensic lens, which is why no single detection method can anchor a complete program.

How Automated Deepfake Detection Technology Works

Automated deepfake detection pipelines train machine learning classifiers on large corpora of real and AI-generated media, then deploy those models to analyze pixel-level inconsistencies, forensic compression artifacts, and frequency-domain anomalies that visual inspection cannot catch. Convolutional neural networks handle static images and individual video frames, while recurrent neural networks track temporal irregularities across frame sequences, including blinking cadence, lip-sync drift, and unnatural head movement that no single frame reveals.

Ensemble architectures combine multiple specialized detectors to raise overall accuracy. Even so, all current approaches face real-world performance degradation substantial enough that no production system should serve as a definitive gatekeeper without human verification layered on top, which is the core reason robust deepfake verification procedures never rely on automation alone.

1. Training the Foundation Models on Real and Synthetic Datasets

Every deepfake detector begins with supervised learning on labeled datasets containing both authentic media and AI-generated counterfeits. These corpora range from early benchmarks like FaceForensics++ to contemporary collections like Deepfake-Eval-2024, which spans 45 hours of video, 56.5 hours of audio, and 1,975 images from 88 websites across 52 languages. The core vulnerability is dataset staleness: models trained on older academic datasets collapse against real-world deepfakes circulating on social media.

The Deepfake-Eval-2024 benchmark documented an average AUC drop of 50% for video detectors, 48% for audio, and 45% for image models compared to the academic datasets they were originally tested on. Off-the-shelf open-source models achieved a maximum AUC of just 0.58 across all modalities, barely above random guessing. This gap exists because academic training sets predominantly feature structured, single-scene content with centered faces. In-the-wild deepfakes include varied camera angles, partial occlusions, background noise, and non-facial manipulations the model never trained on.

2. CNN-Based Detection for Static Images and Video Frames

Convolutional neural networks remain the workhorse of image-level deepfake detection. Architectures like ResNet-50, XceptionNet, and EfficientNet process individual frames through layered convolutional filters that extract increasingly abstract features: edge orientations in early layers, textural patterns in middle layers, and semantic facial regions in deep layers. A 2025 evaluation published in Applied Sciences found that ResNet-50 achieved 90.5% recall on controlled benchmarks, though its false positive rate climbed to 27.3% on more diverse test sets.

The fundamental constraint of CNN-only approaches is frame-level blindness. They analyze each image in isolation, unable to detect the temporal inconsistencies that distinguish a genuine speaker from a face-swapped imposter. A perfectly rendered synthetic face in a single frame may look indistinguishable from a real one; the giveaway only emerges when that face blinks at the wrong rhythm or its mouth movements drift out of sync with the audio two seconds later.

3. RNNs and Temporal Modeling for Video Deepfakes

Video deepfake detection adds a temporal dimension that CNNs alone cannot capture. Recurrent neural networks, particularly long short-term memory (LSTM) networks and gated recurrent units (GRUs), process frame sequences to model change over time. These architectures track biological signals that synthetic generators consistently mishandle: irregular blinking patterns, unnatural head movement trajectories, and micro-expressions that flicker across a face in milliseconds.

The Fully Temporal Convolutional Network (FTCN) architecture analyzes frame-to-frame coherence to identify the boundary artifacts where face-swapped regions meet authentic backgrounds. Temporal models also flag lip-sync failures by comparing phoneme-to-viseme alignment, the correspondence between spoken sounds and mouth shapes, that even sophisticated generators struggle to maintain across extended sequences. The Deepfake-Eval-2024 research team reported that open-source temporal video models lost roughly half their AUC when moving from structured benchmarks to real social media content.

4. Forensic Artifact Analysis: Compression, Noise, and Frequency Domains

Beyond learned feature representations, forensic analysis examines the invisible fingerprints that generation pipelines leave behind. Every camera sensor introduces a characteristic noise pattern, photo response non-uniformity (PRNU), that synthetic media lacks or replicates imperfectly. Compression artifacts tell a similar story, because authentic video passes through a single compression pipeline while deepfakes undergo multiple encode-decode cycles that create double-compression signatures detectable through discrete cosine transform (DCT) coefficient analysis.

Frequency-domain examination converts images into their spectral components using Fourier transforms. Real photographs exhibit natural high-frequency falloff consistent with lens optics. AI-generated images often show anomalous high-frequency patterns, because GANs and diffusion models produce pixel arrangements that look photorealistic in the spatial domain but exhibit statistical irregularities in the frequency domain. No camera-captured image would produce these signatures.

5. Ensemble Approaches That Combine Multiple Detection Models

No single detection architecture covers every manipulation vector. Ensemble methods combine CNN-based image classifiers, RNN-based temporal analyzers, audio spoofing detectors, and forensic artifact scanners into a unified pipeline that votes on the final classification. The Deepfake-Eval-2024 study evaluated 22 commercial models from seven vendors and found that even the best-performing commercial systems failed to reach 90% accuracy on in-the-wild data, with the top video detector around 78%, the best audio system roughly 89%, and the strongest image detector about 82%.

Ensemble approaches raise the floor by catching what individual models miss. A CNN might flag visual implausibilities while an audio detector simultaneously identifies synthetic voice artifacts, and together they produce a confidence score higher than either could alone. The trade-off is computational cost, because running five or six models in parallel on every piece of inbound media creates latency that conflicts with real-time verification requirements in live video conferencing.

6. Measuring Performance: APCER, BPCER, EER, and the Missing Benchmark

Detection accuracy is measured through three principal metrics defined by the ISO/IEC 30107-3 presentation attack detection standard. APCER (Attack Presentation Classification Error Rate) measures the proportion of deepfakes incorrectly classified as genuine, the false acceptance rate. BPCER (Bona Fide Presentation Classification Error Rate) measures genuine media incorrectly flagged as fake, the false rejection rate. EER (Equal Error Rate) identifies the operating threshold where APCER and BPCER are equal, providing a single-number accuracy summary.

In controlled evaluations, leading detectors report low EER values, with some systems claiming APCER and BPCER under 1%, though independent verification of vendor claims remains difficult without a standardized deepfake-specific benchmark. No NIST or iBeta standardized benchmark yet exists specifically for deepfake detection comparable to the NIST FRVT (Face Recognition Vendor Test) program for biometric verification. The NIST Guardians of Forensic Evidence study, published in January 2025, represents an early step toward formal evaluation frameworks, but the field still lacks the independent, repeatable, vendor-neutral testing infrastructure that would let security buyers compare detection products on equal footing.

7. Key Limitations: False Positives, Novel Synthesis, and the GAN Arms Race

Three structural limitations constrain every automated detector. First, false positive rates matter enormously in operational deployment, because a system flagging 5% of legitimate executive video calls as deepfakes destroys trust faster than the cyberattacks it aims to prevent. The Deepfake-Eval-2024 error analysis found that detection models perform 21.3% worse on diffusion-generated videos than on GAN-generated content, meaning the gap widens precisely as cyberattackers migrate to newer synthesis architectures.

Second, detectors trained on known generators fail against novel synthesis methods they have never seen. When a new video or voice model ships, existing detectors have zero training data on its output fingerprint, creating a window of vulnerability that can last weeks or months.

Third, the adversarial dynamic is asymmetric. Cyberattackers can test their deepfakes against public detectors and iterate until the fake passes, while defenders must retrain on every new generation technique. The Deepfake-Eval-2024 finetuning experiments showed models improve substantially when trained on representative in-the-wild data, with video AUC rising by an average of 57.6%, but this requires continuously refreshed datasets that most organizations cannot sustain internally.

8. Debunking Common Deepfake Detection Myths

Three persistent myths undermine realistic expectations about detection technology. The first, that all deepfakes are laggy or visually glitchy, collapsed with the arrival of diffusion-based video synthesis. Modern deepfakes exhibit smooth frame transitions and photorealistic skin rendering, and the Deepfake-Eval-2024 team found that people can no longer reliably determine whether media is AI-generated or real.

The second myth, that metadata proves authenticity, ignores that metadata is trivially stripped during re-encoding or deliberately forged through tools that inject fake provenance fields. File creation dates, camera model tags, and GPS coordinates provide zero forensic certainty in an adversarial context.

The third myth, that liveness checks alone are foolproof, misunderstands what liveness detection verifies. Standard liveness checks confirm that a live camera is pointed at a human face, without confirming that the face belongs to the person on the other end of the call. Real-time face-swapping pipelines can inject a deepfake between a live camera feed and the video output in under 200 milliseconds, passing liveness while presenting a synthetic identity. Effective deepfake verification procedures therefore demand layered defense, because organizations that rely exclusively on automated detection without training employees to recognize synthetic media leave the final decision to people who have never practiced making it.

Automated detectors lose half their accuracy on real-world deepfakes, leaving employees as the deciding layer. Adaptive Security trains that layer through realistic deepfake simulations within a full awareness program.

Book a demo

Manual Deepfake Detection: Visual Artifacts and Inspection Techniques

Manual deepfake detection inspects video frames for eight visual artifacts identified by MIT, then advances to corneal reflection and occlusion checks

Manual deepfake detection means systematically inspecting video frames for artifacts that AI generation engines consistently fail to replicate. It is the last line of defense when automated tools are unavailable, inconclusive, or too slow, and it forms a core part of any organization's deepfake verification procedures. Security teams and fraud analysts should scan for eight specific visual indicators identified by the MIT Media Lab's Detect Fakes project, then advance to higher-precision techniques like corneal reflection comparison and partial face occlusion that break the deepfake model's tracking grid.

No single indicator proves manipulation on its own. The goal is to build a cumulative body of visual evidence that either confirms authenticity or raises enough suspicion to halt the interaction and verify through an out-of-band channel.

1. Inspect Skin Texture on Cheeks and Forehead

Deepfake models tend to smooth skin unnaturally or produce patchy texture transitions that real faces never show. Focus on the cheeks and forehead, where authentic skin displays visible pores, fine lines, and subtle tonal variation. The MIT Media Lab identifies mismatched aging cues as a core indicator: the skin on a deepfake face may appear decades younger than the hair, eyes, or neck would suggest. In real-time calls, ask the subject to move closer to the camera and examine whether texture remains consistent as lighting shifts. If skin looks airbrushed, waxy, or displays visible seams where tone transitions abruptly, flag the frame.

2. Monitor Blinking Patterns

Humans blink roughly 15 to 20 times per minute at irregular but physiologically grounded intervals. Deepfake models trained on still images frequently produce subjects who blink far too little or not at all, because training data overrepresents open-eyed portraits. Siwei Lyu, a SUNY Empire Innovation Professor at the University at Buffalo, demonstrated in research covered by Nature that deepfake videos tend to show inconsistent or entirely absent blinking. Some over-corrected models generate rapid, mechanical blinking that looks clockwork. Count blinks over a 15-second window during any high-stakes video interaction, since zero blinks or a metronomic pattern are both red flags.

3. Check Lip-Sync Alignment

AI-generated lip-sync frequently drifts out of phase with spoken audio, especially on consonant-heavy syllables like "b," "p," and "m" that require distinct mouth shapes. Watch the subject's mouth during rapid speech. A real speaker's lips close completely on bilabial sounds, whereas deepfake mouths often stay slightly open or produce mushy, indistinct shapes. The lag between audio onset and visible mouth movement should be imperceptible in an authentic feed, so anything that looks dubbed, even subtly, warrants escalation.

4. Analyze Lighting Consistency Across the Face and Background

Deepfake compositing layers a synthetic face onto a real body and background, which almost always introduces lighting discrepancies. The MIT Media Lab checklist prompts reviewers to ask whether shadows appear where expected. Look for mismatched shadow direction, such as the nose shadow cast one way while background objects cast another. Check whether the forehead, chin, and both cheeks receive light from identical angles and matching intensity. A common failure mode occurs at the jawline, where the deepfake face may appear lit from a different source than the neck and torso beneath it.

5. Examine Edge Artifacts Around the Face Boundary

The face-swap boundary where the generated face meets the real head, hair, and background produces some of the most reliable manual detection signals. Zoom into the hairline, jawline, and ears in any paused frame. Deepfake models struggle with fine edge detail, often producing a faint blur halo, pixelation, or subtle color discontinuity where the synthetic region ends. Yisroel Mirsky, head of the Offensive AI Lab at Ben-Gurion University, notes that deepfake software relies on facial anchor points, so when those points are partially obstructed or hit the edge of the frame, the synthetic mask warps or distorts visibly. Edge artifacts are often most visible in motion, so check frames where the subject has just turned their head.

6. Scrutinize Facial Hair and Mole Rendering

Deepfake models routinely mishandle small, discrete facial features. The MIT Media Lab guidance instructs reviewers to check whether facial hair appears real or looks painted on. Individual beard hairs, mustache edges, and sideburns should show natural variation in thickness and direction, whereas deepfake-generated facial hair often looks uniform and blurred. Facial moles deserve similar scrutiny: a real mole maintains consistent shape, color, and position across head movement, while deepfake moles may shift, change tone, or disappear momentarily.

7. Assess Glasses Glare and Reflection Anomalies

Glasses present a compound challenge for deepfake engines because the model must simultaneously render the face behind the lens, the frame geometry, and realistic reflections. The MIT Media Lab asks reviewers to check whether glare exists at all and whether its angle changes appropriately when the person moves. Deepfake glasses often show static, painted-on glare that does not shift with head movement, or erratic, flickering reflections that real lenses would never generate. If the subject wears glasses, ask them to tilt their head slowly, because real reflections travel across the lens surface while synthetic reflections typically stay fixed.

8. Evaluate Head and Facial Movement Naturalness

AI face-swap models are trained predominantly on frontal imagery, which means they handle profile views, rapid head turns, and extreme expressions poorly. Sudden movements can break the model's temporal coherence, producing a quick head shake, a raised eyebrow held too long, or a smile that snaps unnaturally between expressions. Ask the subject on a video call to turn to a complete profile. Yisroel Mirsky and other researchers have demonstrated that deepfake models lose approximately half their facial anchor points at 90 degrees, often causing visible warping or distortion that manual inspection can catch immediately.

9. Perform Corneal Reflection Analysis

The eye reflects incoming light like a spherical mirror, so in a real face both corneas should reflect the same scene from slightly different angles, producing near-identical highlights in shape, position, and intensity. University at Buffalo researchers developed an automated tool based on this principle that proved 94% effective at detecting deepfake photos. For manual inspection, zoom into both eyes simultaneously and compare the pinpoint reflections. If the left eye shows a single bright window reflection while the right shows multiple diffuse sources, or if highlight shapes differ markedly, the video is likely synthetic.

10. Deploy the Half-Face Coverage Technique

Covering one vertical half of the subject's face disrupts the deepfake model's face-tracking grid and forces the synthetic layer to collapse or distort. Ask the person on the video call to hold a hand, a piece of paper, or any opaque object vertically down the center of their face, covering exactly one side from forehead to chin. A real face remains visually coherent. A deepfake, trained to map a full-frontal face, will often glitch: the exposed half may flicker, the facial identity may shift toward the underlying real person's features, or a seam artifact may appear at the boundary of coverage. This technique exploits the model's structural dependency on complete frontal facial geometry.

Structured Manual Inspection Checklist

Use this checklist during any high-stakes video interaction where identity verification matters, including vendor payment calls, executive briefings, and remote onboarding sessions.

  • Skin texture: Smooth or waxy appearance, or a mismatch between facial skin age and neck or hair age?
  • Blinking: Fewer than two blinks in 15 seconds, or a rhythmic, mechanical cadence?
  • Lip sync: Mouth lagging behind audio, or bilabial consonants failing to close the lips?
  • Lighting: Shadow directions inconsistent across face, neck, and background?
  • Edge artifacts: Blur halo, pixelation, or color shift visible along jawline, hairline, or ears?
  • Facial hair and moles: Hair that looks painted on, or moles that shift position or disappear during head movement?
  • Glasses: Glare static during movement, or reflections that fail to track with head tilt?
  • Movement: Head turns that cause warping, or expressions that snap unnaturally between states?
  • Eye reflections: Corneas that fail to show matching highlight shape, position, and intensity?
  • Half-face test: A covered half that distorts or reveals another identity?

Any two affirmative answers across the first eight indicators warrant pausing the interaction and initiating out-of-band verification. A single affirmative on either of the final two advanced techniques, corneal mismatch or half-face distortion, should trigger immediate escalation.

Manual inspection only works if employees have practiced it before a real cyberattacker is on the call. Adaptive Security embeds this checklist into deepfake phishing simulations so recognition becomes rapid and instinctive.

Take a self-guided tour

How Cyberattackers Deliver Deepfakes and the Most Common Use Cases

Cyberattackers favor deepfake delivery methods that bypass liveness detection, because camera-based identity checks were never architected to distinguish between a physical face and a synthetic video feed routed through virtual camera software. Each delivery method exploits a different architectural gap in the verification pipeline, and defenders who only harden one channel leave the others wide open. Strong deepfake verification procedures account for all four delivery paths rather than the single channel an organization happens to monitor.

According to a 2025 Gartner survey of 302 cybersecurity leaders, 62% of organizations experienced a deepfake cyberattack in the past year. Injection cyberattacks surged 200% as tools like OBS Studio and ManyCam democratized access, turning a once-specialized technique into a commodity capability.

The Four Delivery Methods Cyberattackers Use

Cyberattackers present deepfakes in verification contexts through four distinct techniques, each targeting a specific vulnerability in how applications ingest and trust video input. Recognizing all four is the baseline for deepfake verification procedures that hold across channels.

Physical presentation attacks involve holding a deepfake image, printed photo, or playback device directly in front of the camera lens. A fraudster displays a synthetic identity document or deepfake face on a tablet screen positioned in front of the verification camera. Standard liveness checks that rely on blink detection or head-turn prompts can be defeated by pre-rendered deepfake videos that incorporate those exact movements.

Video injection attacks bypass the physical camera entirely by feeding synthetic video streams directly into the application through virtual camera software. The fraudster routes a deepfake video file through OBS Studio, ManyCam, or a custom virtual camera driver that the browser or mobile application reads as legitimate camera input. According to a 2024 Gartner forecast, injection cyberattacks became markedly more common as these tools moved into the mainstream.

Doctored media submission involves pre-recording and altering video that is uploaded asynchronously to a verification platform. The fraudster records footage, edits it with deepfake face-swapping software, and uploads the manipulated file. Asynchronous verification, common in gig-economy onboarding and fintech account opening, lacks the interactive challenge-response that catches synthetic identities in real time.

Screensharing attacks exploit the trust model of conferencing platforms. The fraudster joins a video call and plays deepfake content through the screen-share function rather than a direct camera feed, making visual artifacts harder to spot. The FBI has documented cases where threat actors used this technique during remote hiring fraud, interviewing for positions they never intended to fill legitimately.

Why Virtual Camera Injection Is the Most Dangerous Attack Vector

Virtual camera injection attacks are escalating faster than any other delivery method because they target the trust boundary between the camera driver and the application layer, a boundary most identity verification systems never validate. This is the channel most deepfake verification procedures overlook entirely.

A fraudster installs OBS Studio, a free and open-source broadcasting application, and configures it to output a virtual camera device, then loads a deepfake video file into it as a media source. When the verification application prompts for camera access, the fraudster selects the virtual camera instead of the physical webcam. The application receives a video stream indistinguishable from live capture, because the data arrives through the same operating system pipeline used for real hardware.

The growth in injection cyberattacks tracks directly with the commoditization of the tools required. Five years ago, executing a convincing injection attack demanded custom driver development. Today a fraudster needs a consumer-grade GPU, freely available deepfake generation models, and a virtual camera application downloadable in under two minutes, dropping the cost to attack below the cost to defend.

Standard liveness detection often fails here because many liveness checks are themselves software-based. If the liveness module runs in the same application layer that receives the virtual camera feed, there is no hardware root of trust to anchor the verification. The application asks whether a real person is present, and the synthetic stream answers yes, because the check never had access to the physical sensor data that would reveal the deception.

The Five Most Common Fraud Use Cases

Deepfake fraud concentrates in five recurring scenarios, each of which deepfake verification procedures must address explicitly.

  • Identity fraud and KYC bypass in financial onboarding is the most prevalent use case. Fraudsters use injection cyberattacks to impersonate legitimate identity document holders during remote account opening, defeating the selfie-liveness checks that banks and fintechs rely on for know-your-customer compliance. This pattern is now among the most widely reported in regulated financial institutions.

Experience the Adaptive platform

Take a free tour
  • Social engineering scams targeting finance and executive teams weaponize deepfake video and voice during live calls. The most documented example remains the $25 million Arup wire fraud in early 2024, where a finance employee joined a video conference in which every other participant was a deepfake. The cyberattackers did not breach a single technical control; they convinced a trained professional she was speaking with real colleagues.
  • Job applicant fraud exploits the remote hiring boom. Fraudsters apply for remote positions using stolen or synthetic identities, pass video interviews by playing deepfake content that matches submitted identity documents, and gain access to corporate systems and source code repositories. The FBI has issued multiple warnings that technology and defense-sector companies are disproportionately targeted because of the value of the credentials they grant.
  • Account takeovers using deepfake voice and video escalate beyond credential theft. After compromising login credentials through phishing or infostealer malware, a cyberattacker uses deepfake voice synthesis to pass call-center voice verification checks, convincing the agent to approve password resets, fund transfers, or changes to account ownership.
  • Deepfake-enabled meeting fraud combines screensharing and injection techniques to infiltrate high-stakes virtual meetings. Fraudsters join as impersonated executives or board members, using screen-shared deepfake content to appear legitimate while steering discussions toward fraudulent investment decisions or payment authorizations. Because participants see colleagues they recognize and trust, the psychological barrier to questioning the interaction is extraordinarily high.

Stopping these delivery methods requires more than detection algorithms layered onto the same vulnerable camera pipeline. Organizations that train employees to recognize and report deepfake attempts close the verification gap that software alone cannot.

Hardening one channel while leaving three open is how a single injection cyberattack still gets through. Adaptive Security runs multi-channel deepfake phishing simulations across voice, video, and chat so no delivery method goes unpracticed.

Book a demo

Liveness Detection and Biometric Verification Layers

Liveness detection demands real-time interaction, making deepfake bypass far harder than static submissions

Liveness detection and deepfake verification procedures serve distinct but complementary roles in any layered identity defense. Active liveness detection demands user interaction to prove a living person is physically present at the capture moment. Blinking, turning the head, or reading aloud a randomized challenge phrase forces a cyberattacker to generate real-time synthetic responses, which is far harder than submitting a pre-rendered deepfake video.

Passive liveness operates invisibly, using AI to analyze skin texture, micro-movements, light reflection patterns, and depth cues from a single selfie, without the user ever knowing a check is running. Its accuracy depends heavily on capture quality, camera resolution, and the sophistication of the underlying AI model. The choice between active and passive is a risk-calibrated design decision: high-value transactions justify active liveness, while high-volume consumer flows often justify passive detection's speed advantage.

How Do Active and Passive Liveness Detection Compare?

Liveness detection answers a single question: is the biometric sample coming from a live, physically present human being, or from a spoof, replay, mask, or deepfake? ISO/IEC 30107-3 defines it formally as biometric presentation attack detection (PAD), and its scope covers attacks that occur at the biometric capture device during presentation. The standard states directly that any other attacks fall outside its scope, which becomes critical when evaluating whether a PAD-certified system can stop deepfake injection cyberattacks. It cannot, and the standard never claimed otherwise.

Active liveness detection builds its defense on challenge-response mechanics. The system prompts the user with a randomized action and verifies that the response matches what a live human would produce in real time. It might instruct the user to turn their head left, blink twice, or read digits displayed on screen. This approach traces back to foundational work by BioID, which filed its first challenge-response liveness patent in 2004, pioneering eye-blink detection to distinguish a living face from a static photograph. A pre-recorded deepfake video cannot anticipate a randomized challenge, so the cyberattacker must either generate synthetic responses on the fly or fail the check.

Passive liveness detection works through background AI analysis of signals the user never notices. It examines skin texture for the subsurface light scattering that distinguishes living tissue from silicone or paper, and it detects remote photoplethysmography (rPPG), the subtle facial color changes caused by blood flow that real faces exhibit but synthetic faces almost never reproduce. Research by Hernandez-Ortega and colleagues demonstrated rPPG-based detection achieving above 98% AUC on standard deepfake benchmark datasets. The trade-off is real, because passive detection depends on adequate lighting, decent camera hardware, and a model trained on enough spoof variants to generalize reliably.

Can Deepfakes Bypass KYC Identity Verification and Biometric Authentication?

The short answer is yes, and the mechanism is the distinction between presentation attacks and injection attacks that most procurement conversations miss. A presentation attack places something fake in front of the camera: a printed photo, a video playing on a second screen, a silicone mask. Liveness detection was built to catch these. An injection attack bypasses the camera completely, feeding synthetic video directly into the application data stream through a virtual camera, a compromised device, or a manipulated API call.

The liveness system receives data that appears to originate from a legitimate camera. It may confirm, correctly within its operational logic, that the stream resembles a responsive human face. What it cannot confirm is whether that stream reflects reality, because it was never architected to inspect the data layer where the attack occurred. According to the Group-IB 2025 High-Tech Crime Trends Report, more than 8,000 attempts were recorded to bypass a single financial institution's liveness checks using biometric injection cyberattacks with AI-generated deepfakes.

NIST formalized the distinction in its updated Digital Identity Guidelines, SP 800-63-4, finalized in July 2025. Section 3.11 mandates PAD per ISO/IEC 30107-3, while Section 3.14 is a separate normative requirement covering digital injection prevention and forged media detection. Both are mandatory at Identity Assurance Level 2, and one certification does not satisfy both.

"Fraud detection technology has not kept pace with generative AI, and deepfakes can pass through liveness and biometric checks and only trigger alarms later, creating a dangerous window for fund diversion," according to the FATF Horizon Scan on AI and Deepfakes, published in December 2025. FATF recommended that institutions invest in tools that detect synthesized media in real time, treating deepfake detection as complementary to and distinct from biometric verification.

The Security-UX Tradeoff in Liveness Detection Design

Every liveness detection deployment forces a calibration between security assurance and user abandonment. Active liveness offers the highest spoof resistance but introduces measurable friction, because users must position themselves correctly, follow prompts accurately, and complete the sequence without timing out. In poor lighting, with older devices, or for users less comfortable with technology, this friction translates directly into drop-off. For a bank onboarding a customer with a six-figure initial deposit, that friction is acceptable; for a marketplace verifying a low-value seller, it is not.

Passive liveness solves the abandonment problem, since the user takes a selfie and moves on. But it creates a dependency on capture quality that active liveness sidesteps. A passive system in suboptimal lighting may lack sufficient signal to distinguish real skin from a high-quality mask, and its defense against injection cyberattacks depends entirely on whether endpoint integrity checks are layered separately.

Neither method, deployed alone, constitutes a complete deepfake verification procedure. The strongest architectures combine active or passive liveness with injection attack detection at the device and session layer, plus deepfake media analysis that examines content for GAN fingerprints, frequency-domain anomalies, and temporal coherence failures. These are forensic signals that liveness detection was never designed to inspect.

This is where vocabulary precision matters for procurement. A vendor certified under ISO/IEC 30107-3 has demonstrated rigorous PAD capability against presentation attacks, but that certification says nothing about injection resistance. CEN/TS 18099:2024, published by the European Committee for Standardization, is the first technical specification designed specifically to evaluate injection attack detection, and a global ISO standard is now under development using it as the baseline. Organizations evaluating biometric verification layers should ask one question: if a cyberattacker bypasses the camera entirely and feeds synthetic video at the data layer, what in the current stack detects it?

For organizations building or refining their deepfake verification procedures, the principle is straightforward. Liveness confirms a real person is present, and deepfake detection confirms the presented identity matches a genuine biometric. An architecture missing either one is exposed to the vector the missing layer was designed to stop. That same logic extends to the human layer, where employees who have never encountered a synthetic voice or face remain the last unguarded door in the identity verification chain.

A PAD certificate proves nothing about injection resistance, and that is exactly the gap cyberattackers feed synthetic video through. Adaptive Security closes the human side of that gap with cybersecurity awareness training built around real deepfake scenarios.

Explore the platform

Building Layered Deepfake Verification Procedures: Technology, Process Controls, and Human Review

Deepfake cyberattacks succeed because most organizations still rely on a single layer of verification, typically a video call or a voice confirmation, that cyberattackers have already learned to compromise. Resilient deepfake verification procedures stack automated detection tools, device intelligence signals, behavioral biometrics, structured process controls, and trained human judgment into an architecture where each layer catches what the layer before it missed.

No single technology stops every synthetic identity cyberattack, but a properly sequenced combination makes the cost of bypassing the defenses prohibitively high. The sections below map each layer to the specific gap it closes.

Why Does a Single Verification Layer Fail Against Modern Deepfakes?

Automated detection tools analyze incoming video and audio streams for synthetic artifacts that visual inspection cannot catch: inconsistent lighting across facial regions, unnatural blink patterns, microsecond audio-visual desynchronization, and compression anomalies introduced during deepfake generation. These tools serve as the outermost filter, flagging high-confidence synthetic media before it reaches an employee's screen or earpiece, and modern platforms classify media in under 200 milliseconds.

The critical design principle is triage rather than blocking. Automated tools should assign a confidence score to each interaction instead of making a binary determination. Interactions scoring above 90% confidence as synthetic can be blocked outright, those in the 50 to 90 percent range get escalated, and those below 50 percent pass through with interaction metadata logged for forensic analysis if the session later proves malicious. This graduated approach prevents both false positives that disrupt legitimate business and false negatives that let synthetic media through unchallenged.

How Does Device Intelligence Block Virtual Camera Injection?

Deepfake injection cyberattacks often bypass the camera entirely, injecting the deepfake feed directly into the video stream at the driver or application layer using virtual camera software. Device intelligence counters this by verifying that the capture signal originates from a real physical camera sensor rather than a software intermediary, closing the vector that enabled the $25 million Arup fraud.

Effective device intelligence checks at least three signals. Camera authenticity verification confirms the device's optical sensor fingerprint matches the manufacturer's known hardware profile. Device fingerprinting correlates the requesting device's operating system, browser, installed fonts, and GPU characteristics against a previously established baseline, triggering re-authentication on a mismatch. Geolocation data cross-references the device's reported location against expected patterns for that user, so a CFO authenticating from a continent, where their calendar shows no travel in, should raise an immediate flag. Organizations running conferencing platforms should also disable virtual camera support at the administrative policy level.

What Role Do Behavioral Biometrics Play in Deepfake Defense?

Identity verification at login is a single checkpoint, and deepfake cyberattackers who clear it once can operate freely thereafter. Behavioral biometrics close this gap by continuously authenticating users throughout a session based on how they interact with their devices: typing cadence, mouse movement patterns, touchscreen pressure, scroll behavior, and the micro-corrections people make when navigating interfaces.

These signals are extraordinarily difficult to spoof. A deepfake video can replicate a face, but it cannot replicate the unique rhythm with which an executive types a payment approval or moves their cursor between fields. Behavioral biometric platforms build a baseline profile for each user over days or weeks, then flag sessions where interaction patterns deviate beyond a configured threshold. According to a Deloitte 2024 C-Suite Survey of more than 1,100 executives, 25.9% reported at least one deepfake incident targeting their organization's financial or accounting data in the preceding year, underscoring why authentication cannot end at the login screen.

What Process Controls Stop Deepfakes That Bypass Technology?

Technology layers reduce the attack surface, while process controls reduce the blast radius when technology misses. Three controls form the non-negotiable core of any deepfake verification procedures program.

Out-of-band verification requires that any high-risk request, such as a wire transfer, a credential reset, or a data export, be confirmed through a separate, pre-established communication channel. If the request arrives via video call, confirmation happens via a phone number already on file in the corporate directory rather than one provided in the call itself. The channel separation ensures that even a perfectly executed deepfake across one medium cannot bootstrap trust across another.

The four-eyes principle mandates that any transaction exceeding a defined monetary threshold requires authorization from two independent individuals, neither of whom can be the requestor. A deepfake impersonating the CFO cannot unilaterally move funds if the controller must independently approve through their own authenticated session with its own behavioral biometric baseline. Organizations should set tiered thresholds, escalating from dual authorization to dual authorization plus out-of-band verification, up to in-person or live-video confirmation using a known-good device with hardware attestation for the largest transfers.

How Should Conferencing Platforms Be Hardened Against Deepfake Attacks?

Platform-level controls close configuration gaps that deepfake cyberattackers actively exploit. IT administrators should disable virtual camera support across all conferencing applications in the organization's tenant, since Microsoft Teams, Zoom, and Google Meet all offer this setting. They should also enforce a policy that users may only join sensitive meetings from managed devices that pass a hardware attestation check, and require that executive and finance team meetings authenticate via phishing-resistant multi-factor authentication before joining.

These controls are simple to implement and disproportionately effective. According to the iProov Biometric Threat Intelligence Report 2025, digital injection cyberattacks increased 783% in 2024, with virtual camera injection and unmanaged devices representing the predominant attack vectors. Closing these two vectors eliminates the majority of attack paths available to adversaries with off-the-shelf deepfake tooling.

When Should Borderline Cases Route to Human Analysts?

Automated systems are built for volume, while human analysts are built for ambiguity, pattern recognition, and contextual judgment that no rule set fully captures. Every layered defense needs a defined escalation path where borderline cases, meaning interactions flagged by detection tools but below the blocking threshold, or transactions where behavioral biometrics show moderate anomalies, reach a trained fraud analyst for manual review.

Analyst review is structured rather than ad hoc. Analysts verify the request against the organization's known transaction patterns, confirm the requester's identity through an independent channel, check for contextual red flags such as urgency or first-time vendor details, and document the decision with a timestamped rationale. According to the Deloitte Center for Financial Services, 25.2% of organizations that experienced multiple deepfake incidents established new procedures afterward, compared to only 8.8% of single-incident organizations adopting detection technologies. Structured human review is what organizations adopt after learning the hard way that technology alone is insufficient.

What Does a Deepfake Verification Decision Tree Look Like?

The decision tree below maps interaction risk level to required controls within an organization's deepfake verification procedures. Risk level is determined by transaction value, the sensitivity of the data involved, and whether the request deviates from the organization's established pattern.

  • Low risk (routine internal communication, no financial or data transfer): Standard authentication, device fingerprinting, and automated detection running in monitor-only mode.
  • Medium risk (vendor payment under a defined threshold, access to non-sensitive internal systems): Automated detection with blocking at high synthetic confidence, device intelligence checks, and a session logged for audit.
  • High risk (mid-value wire transfer, sensitive data access, credential changes): All medium controls plus out-of-band verification, behavioral biometric analysis with step-up challenge on anomalies, and a managed device requirement.
  • Critical risk (high-value wire transfer, suspected executive impersonation, merger-and-acquisition activity, customer data export): All high controls plus four-eyes authorization, live human analyst review before execution, a hardware-attested device for all approvers, and in-person or live two-way video confirmation with challenge-response questions.

Each control layer addresses a gap the previous layer was not designed to catch. The goal is not a single unbreachable wall but a sequence of barriers that makes successful exploitation require defeating multiple independent systems at once. Organizations that train their teams to recognize and respond to deepfake cyberattacks within this architecture build the human judgment layer that no automated tool can replicate.

A decision tree only works when the people executing it recognize the cyberattack in the first place. Adaptive Security turns documented deepfake verification procedures into practiced reflexes through scenario-based cybersecurity awareness training.

Take a self-guided tour

Real-World Deepfake Case Studies: What They Teach Us About Verification

Deepfake verification procedures close the gaps that cost Arup $25.6 million in a single video call

When organizations lack structured deepfake verification procedures, employees are left with only the instinct to separate real executives from synthetic ones, and instinct fails under pressure. The multinational engineering firm Arup lost HK$200 million ($25.6 million) in a single deepfake video conference because no verification protocol existed to stop the transfer. Each of the four incidents below exposes a distinct verification gap that a documented procedure would have closed, and each points to a specific countermeasure security leaders can implement immediately.

The Arup Deepfake Video Conference: Why Multi-Person Authorization Is Non-Negotiable

In early 2024, a finance employee at Arup's Hong Kong office received a message purportedly from the company's UK-based CFO about a confidential transaction. The employee initially suspected a phishing email, according to Hong Kong police, but agreed to join a video conference where the CFO and several recognized colleagues appeared as participants. Every single person on that call was a deepfake.

The cyberattackers built AI-generated recreations from publicly available footage of real executives, complete with accurate voices and mannerisms. Convinced by the multi-person orchestration, the employee authorized the wire transfer, and the fraud was only discovered when he later contacted the head office to verify the transaction.

The verification lesson is clear: no single employee, regardless of seniority, should authorize a high-value transfer based solely on a video conference. Multi-person authorization requiring a second, independent confirmation through a pre-registered channel would have stopped this cyberattack cold. The cyberattackers understood that multiple familiar faces on screen create a powerful illusion of legitimacy, so verification protocols must treat that illusion as inherently untrustworthy.

The Ferrari Voice Clone: How One Personal Question Stopped a Fraud

In July 2024, a Ferrari executive received WhatsApp messages from someone claiming to be CEO Benedetto Vigna. The messages came from an unfamiliar number but featured a profile picture of Vigna, and the sender discussed an imminent acquisition, urging the executive to sign a non-disclosure agreement immediately. A follow-up voice call deployed a cloned version of Vigna's voice, complete with his distinctive accent, pressing for urgent action on the confidential deal.

The executive noticed subtle inconsistencies in the voice's tone and decided to test the caller with a question only the real CEO could answer: the title of a book Vigna had recommended just days earlier. The scammer hung up immediately. As MIT Sloan Management Review documented, this single knowledge-based verification check, costing nothing and requiring no software, defeated a sophisticated AI voice clone that had already cleared every other trust barrier.

The lesson reshapes how organizations should think about deepfake verification procedures. Technical detection alone is insufficient, but shared context is nearly impossible to fake. Cyberattackers can scrape public speeches, earnings calls, and posts to clone a voice, yet they cannot access what a CEO discussed with a direct report over coffee three days ago. Security teams should train executives and high-risk employees to maintain a small set of rotating personal verification questions drawn from recent, private interactions, rather than static security answers like a mother's maiden name.

The LastPass WhatsApp Attack: When Context Is the Real Red Flag

In April 2024, a LastPass employee received a series of WhatsApp calls, text messages, and at least one voicemail featuring an AI-generated deepfake of CEO Karim Toubba's voice. The cyberattackers manufactured urgency around a supposed business need and pressed the employee to act quickly, but the employee did not engage.

What stopped the cyberattack was not detecting synthetic audio artifacts. The contact came through WhatsApp, a consumer messaging platform, rather than any internal corporate channel; it arrived outside standard business hours; and the request itself carried the hallmarks of social engineering, pairing high urgency with an unusual demand. The employee reported the incident through proper channels, and LastPass publicly disclosed the attempt as a warning to the broader security community.

The critical insight is that contextual verification, meaning scrutiny of channel, timing, and the nature of the request, matters as much as detecting audio artifacts. Even a flawless voice clone should fail verification if it arrives through an unapproved platform at an odd hour with an abnormal request. Organizations need to codify what normal executive communication looks like, defining which platforms are approved, what hours are standard, and what types of requests should never originate through informal channels.

The WPP Multi-Platform Impersonation: Verification Must Follow the Channel Switch

The most structurally instructive cyberattack of 2024 targeted WPP, the world's largest advertising group. Fraudsters built the impersonation across four distinct touchpoints. They used a WhatsApp account with a publicly available photo of CEO Mark Read. They sent a Microsoft Teams meeting invitation that appeared to include Read and another senior executive. During the call, they deployed a live AI voice clone, and they simultaneously used the Teams chat window to conduct text-based impersonation while posing as Read off-camera. The target was an agency leader asked to establish a new business entity, a request designed to extract money and personal details.

WPP confirmed the cyberattack was unsuccessful due to employee vigilance. The architectural lesson goes deeper than vigilance, because the cyberattackers deliberately switched platforms, moving from WhatsApp to Teams and from voice to chat, knowing that most verification instincts are platform-specific. An employee who would question a WhatsApp message from a CEO might lower their defenses once the interaction moves to a familiar corporate tool.

Effective deepfake verification procedures must be platform-agnostic and persistent across every channel switch. If verification was required at the WhatsApp stage, it must still be required after the interaction migrates to Teams, and again if the communication shifts from voice to text. Cyberattackers exploit the gaps between platforms, and closing those gaps demands training that covers every channel an adversary can weaponize.

Cyberattackers switch platforms precisely because verification instincts rarely follow them. Adaptive Security trains employees across email, voice, video, and chat so a channel switch never becomes an opening.

Book a demo

Standards, Regulations, and Accuracy Benchmarks for Deepfake Detection

The deepfake detection landscape is shaped by two distinct forces that rarely intersect. Voluntary ISO/IEC technical standards define repeatable laboratory methodologies for measuring whether a biometric system can tell a real person from a synthetic one. Binding legal frameworks criminalize harmful deepfake content after it spreads but say nothing about what makes a detector accurate.

These approaches are complementary rather than competing, because effective regulation depends on reliable detection benchmarks, and detection standards gain urgency from the legal mandates requiring organizations to deploy them. Both matter when an organization formalizes its deepfake verification procedures.

How Do ISO/IEC Standards and Government Regulations Compare in Deepfake Defense?

ISO/IEC standards operate as a voluntary technical backbone, a shared language that allows laboratories, vendors, and buyers to discuss detection accuracy with precision. Government regulations operate as mandatory guardrails that define what organizations must do and the consequences of failing to comply.

Standards emerged from the biometrics community decades before deepfakes became a mainstream cyber threat. ISO/IEC 2382-37 establishes foundational terminology, defining terms like presentation attack, bona fide presentation, and liveness detection that every subsequent standard builds upon. ISO/IEC 30107-3, revised in 2023, specifies exactly how to test presentation attack detection mechanisms: how many attack species to use, how to select artifacts, what time limits apply, and which error metrics to report.

Testing laboratories must demonstrate competence under ISO/IEC 17025 and earn accreditation from oversight bodies like NIST's National Voluntary Laboratory Accreditation Program. iBeta, the most widely referenced PAD testing lab, is NIST NVLAP-accredited and has tested hundreds of biometric systems at three escalating difficulty levels, with Level 3 requiring hyper-realistic masks and silicon prosthetics applied by experts.

Regulations skip the how-to and go straight to what is prohibited. The TAKE IT DOWN Act, signed into law as Public Law 119-12 on May 19, 2025, criminalizes the publication of non-consensual intimate imagery covering both real and AI-generated content, and requires online platforms to remove such material within 48 hours of a victim's notice. The Act is limited to intimate imagery and does not address deepfake-enabled corporate fraud or financial crime, a distinction security leaders should note before assuming it covers business cyberattacks. The EU AI Act takes a transparency-first approach, requiring that AI-generated or manipulated content depicting real people be clearly labeled, while a patchwork of state laws adds further compliance complexity for organizations operating across state lines.

ISO/IEC Standards: The Technical Benchmarking Layer

Three accuracy metrics anchor every deepfake detection benchmark under ISO/IEC 30107-3. APCER measures how often the system fails to detect an actual attack, so a low APCER means fewer deepfakes slip through. BPCER measures how often the system incorrectly flags a genuine user as an attack, so a high BPCER means legitimate users get locked out or forced through unnecessary re-verification. EER is the single-point benchmark where APCER equals BPCER, used as shorthand for comparing different systems on one number.

ISO/IEC 19795-10 adds demographic bias testing, requiring biometric performance to be measured across different groups including skin tone, age, and gender to identify whether the system fails more often on certain populations. Systems trained predominantly on lighter-skinned faces have repeatedly shown higher error rates on darker-skinned subjects, and the same pattern applies to deepfake detection, where a detector that performs well on one demographic may collapse on another.

The FIDO Alliance Face Verification Certification Program builds directly on these ISO frameworks. It is the first international certification to independently test face verification systems for deepfake resistance, liveness assurance, biometric matching accuracy, and demographic fairness in a single unified evaluation. Rather than testing detection components in isolation, FIDO evaluates the full selfie-match pipeline, making it the closest thing the industry currently has to a comprehensive deepfake readiness benchmark.

The Missing Piece: No NIST/iBeta Deepfake-Specific Benchmark

A critical gap remains despite the sophistication of ISO/IEC 30107-3 testing and FIDO certification. No NIST-standardized or iBeta-administered benchmark exists specifically and exclusively for deepfake detection. PAD testing evaluates resistance to presentation attacks broadly, including photo prints, video replays, 3D masks, and silicone prosthetics, while deepfakes represent a fundamentally different vector that exploits the digital domain rather than the physical one.

A system that passes Level 3 PAD against physical artifacts may still fail catastrophically against a real-time AI-generated deepfake injected directly into the video stream. This gap makes vendor claims difficult to independently verify, because a vendor can state its detection achieves 99% accuracy without specifying against which dataset, under which lighting conditions, across which demographic profiles, or against which generation model.

Until a standardized, independent, and publicly reported deepfake detection benchmark emerges, organizations building deepfake verification procedures should treat unaudited vendor accuracy claims with the same skepticism they apply to any unverified security assertion. The benchmark gap is the difference between confidence and guesswork when an AI-generated executive appears on a video call asking for a wire transfer.

Unaudited accuracy claims tell buyers nothing about how a detector performs against a live injection cyberattack. Adaptive Security focuses on the human layer no benchmark can certify, building verification skills through realistic deepfake simulations.

Explore the platform

Training Employees to Recognize and Report Suspected Deepfakes

Deepfake defenses fail without rehearsed employee behavior, because knowing a protocol exists and reaching for it under pressure are not the same

Technical detection tools and out-of-band confirmation form the architecture of any deepfake defense strategy, but they are useless if the person on the receiving end of a synthetic CFO call never thinks to trigger them. A 2024 meta-analysis of 69 empirical studies published in Computers & Security found that while security training reliably increases knowledge and awareness, its impact on actual behavior is limited without repeated, realistic practice.

The gap between knowing a verification protocol exists and reaching for it under pressure is where deepfake cyberattacks succeed. Only cybersecurity awareness training designed around behavioral rehearsal closes that gap, which is why employee readiness belongs inside every organization's deepfake verification procedures.

Why Technical Detection Tools Alone Cannot Stop Deepfake Fraud

Detection tools face an uncomfortable asymmetry: they must catch every deepfake, but a cyberattacker only needs one to get through. Even AI-powered detectors that achieve near-perfect accuracy in laboratory settings encounter real-world audio compressed by phone networks, video degraded by conferencing software, and employees who simply do not think to run a verification check on a call that looks and sounds completely normal.

A 2026 study published in Cognitive Research: Principles and Implications found AI detectors reaching 97% accuracy on static deepfake images. Human participants hovered near chance levels, heavily influenced by truth bias: the assumption that what appears authentic is authentic. Tools provide capability, while cybersecurity awareness training provides the trigger, because without employees who instinctively pause, question, and escalate, even the best detection stack becomes a locked door with the key left in the open.

What Deepfake Warning Signs Should Employees Look for Across Channels?

Effective cybersecurity awareness training teaches recognition cues across the three channels where deepfake social engineering lands. On voice-only calls, employees learn to listen for unnatural pauses mid-sentence, a flat or robotic cadence that lacks the micro-variations of human speech, and a refusal or deflection when asked a personal verification question that only the real person would know.

On video calls, the training shifts to visual and behavioral signals: lip-sync mismatches where mouth movements lag behind the audio, unusual eye movement or blinking patterns, and lighting artifacts around the face or hairline. The most important signal is behavioral rather than technical, because any video or voice request that demands an immediate wire transfer, credential handover, or bypass of a standard approval process, especially when paired with language like "this is confidential, do not tell anyone," should trigger verification reflexes regardless of how convincing the face and voice appear.

In text-based communications, employees are trained to recognize urgency triggers, channel-switching requests, and out-of-pattern asks that deviate from how an executive normally operates. Covering all three channels is what turns recognition into a dependable part of an organization's deepfake verification procedures.

How Do Deepfake Simulation Exercises Build Verification Reflexes?

Reading about deepfake warning signs in a training module is not the same as experiencing a synthetic version of the organization's own CEO voice asking a finance employee to process an urgent payment. Multi-channel deepfake phishing simulations close that gap by creating controlled encounters where employees face the exact pressure, authority cues, and time urgency that real cyberattacks deploy.

When a finance team member receives a phone call that sounds precisely like the CFO, then watches a pre-recorded deepfake video message confirming the request, they experience firsthand how difficult it is to override the instinct to comply. After approximately a dozen deepfake phishing simulation rounds across different channels and scenarios, employees develop what behavioral researchers call automaticity: the ability to execute a verification action without deliberate deliberation.

The muscle memory becomes a sequence: pause, end the call, contact the supposed requester through a pre-established out-of-band channel such as a known mobile number, and escalate to the security team if anything fails to confirm. A cybersecurity awareness training program built on repeated simulations transforms a written verification policy into a conditioned response that fires before the money moves.

How to Build a Psychologically Safe Reporting Culture

A verification procedure only works if employees follow it consistently, and they will only do so if they trust that reporting a suspected deepfake will not result in criticism or punishment for a false alarm. Organizations that treat a reported-but-legitimate call as a win, where the employee followed protocol and the system worked, build the psychological safety that deepfake defense depends on.

The alternative, where reporting a suspected deepfake earns a reputation for paranoia or wastes time, guarantees that employees will rationalize the next suspicious interaction as probably fine. Effective programs make reporting frictionless: a single click in the email client, a dedicated internal channel for voice and video concerns, and a security team that responds with appreciation before any investigation begins.

When the $25 million Arup fraud succeeded in 2024, the finance employee who approved the transfer had been conditioned by a culture where urgency from authority meant move fast. Reversing that default requires leadership to publicly model verification behavior and recognize reporting as a strength, so that every employee understands that stopping to verify is never the wrong move, even when the voice on the other end sounds exactly right.

A verification protocol nobody trusts enough to use is no protocol at all. Adaptive Security pairs realistic deepfake phishing simulations with a reporting workflow that rewards employees for speaking up.

Take a self-guided tour

How Adaptive Security Builds Deepfake Verification Procedures Into the Human Layer

Adaptive Security rehearses employees across voice, video, email, and chat until verification against deepfakes becomes reflexive

Security leaders who close the technical gaps in their deepfake verification procedures still face the layer no detector can certify: the employee on the call who must decide, in real time, whether the executive asking for a transfer is real. Adaptive Security turns that employee into an active line of defense by rehearsing the exact cyberattacks they will face, across voice, video, email, and chat, until verification becomes reflexive rather than optional.

Adaptive Security generates AI-powered deepfake phishing simulations that mirror real adversary tradecraft, including cloned executive voices and synthetic video, then measures how employees respond and where verification breaks down. Each simulation feeds a cybersecurity awareness training program that adapts to individual risk, reinforces out-of-band verification habits, and tracks measurable improvement in reporting rates over time. The result is a workforce conditioned to pause, question, and escalate before money or credentials move.

Because deepfake cyberattacks exploit the gaps between platforms, Adaptive Security trains across every channel an adversary can weaponize and routes suspected incidents into a reporting workflow that recognizes employees for speaking up. Embedding cybersecurity awareness training directly into an organization's deepfake verification procedures is what converts a written policy into a conditioned response.

Even a flawless technical stack still leaves one person deciding whether a synthetic executive is real. Adaptive Security prepares that person through realistic, multi-channel deepfake phishing simulations and continuous cybersecurity awareness training.

Book a demo

Frequently Asked Questions About Deepfake Verification Procedures

What Are Deepfake Verification Procedures and Why Do Organizations Need Them?

Deepfake verification procedures are structured protocols combining automated detection tools, manual inspection techniques, liveness checks, and out-of-band confirmation steps that organizations use to determine whether media or a live interaction involves AI-generated impersonation. Organizations need them because deepfake fraud is escalating rapidly: 49% of businesses reported encountering video deepfake fraud in 2024, up from 29% in 2022, according to a Regula survey.

A single deepfake-enabled fraud incident costs businesses an average of nearly $500,000, per Regula research. Without formal verification procedures, organizations rely on individual judgment alone. Structured procedures create a repeatable defense that combines technology, process controls, and trained human review to intercept AI-generated fraud before funds or credentials are compromised.

How Accurate Are Deepfake Detection Systems, and What Are Their Main Limitations?

Deepfake detection systems achieve 94% to 99% accuracy in controlled lab settings, but their performance drops 45% to 50% when deployed in real-world conditions, according to the Deepfake-Eval-2024 benchmark. This means many commercial tools perform near coin-flip levels outside the lab. The main limitations are training datasets that fail to capture the full range of modern synthesis techniques, vulnerability to novel generative models the detector has never encountered, and high false-positive rates that incorrectly flag legitimate media as fake.

Accuracy also degrades significantly with compressed or low-resolution video common on conferencing platforms. Audio-only deepfakes present an even harder challenge, with models showing steeper accuracy drops than their video counterparts. No standardized NIST benchmark yet exists for deepfake detection, making independent comparison of vendor claims difficult.

Can Deepfakes Bypass KYC Identity Verification and Biometric Authentication Systems?

Yes, deepfakes can bypass KYC identity verification and biometric authentication systems, particularly through video injection attacks that feed synthetic video directly into the application, bypassing the physical camera entirely. These injection attacks increased 200%, according to Gartner research. Fraudsters use virtual camera software to present deepfake video during liveness checks, fooling systems that only verify whether a face matches an ID document.

Presentation attacks, where a deepfake image is held in front of a physical camera, also succeed against basic biometric checks. Traditional liveness detection was designed to catch printed photos and video replays, not AI-generated faces that mimic natural micro-movements and depth cues. Javelin Research reported that 2024 new account fraud losses reached $6.2 billion in the US alone, underscoring the financial scale of the vulnerability.

What Is the Difference Between Active and Passive Liveness Detection for Deepfake Prevention?

Active liveness detection requires users to perform specific actions such as blinking, turning their head, or smiling to prove they are a real, present person. Passive liveness detection works silently in the background, using AI to analyze facial depth, skin texture, micro-movements, and light reflection patterns without user participation, according to Sumsub's deepfake detection overview. Active liveness introduces noticeable user friction but provides a stronger real-time challenge against pre-recorded deepfake video.

Passive liveness delivers a seamless user experience but can be more vulnerable to sophisticated injection attacks that simulate depth and texture cues. Challenge-response mechanisms add another layer by requiring randomized actions. The most effective deepfake prevention strategy combines both liveness approaches with dedicated deepfake detection that analyzes the media itself for synthetic artifacts rather than relying on either method alone.

How Much Does Deepfake Fraud Cost Businesses, and How Fast Is It Growing?

Deepfake-related fraud cost businesses an average of nearly $500,000 per incident in 2024, with large enterprises facing losses up to $680,000, according to deepfake statistics compiled by Bright Defense. The financial sector absorbed even higher costs, averaging $600,000 per company, per Regula's 2024 survey.

The growth rate is staggering: deepfake-related losses surged from $360 million in 2024 to $1.1 billion in 2025, a near-tripling in a single year, per Surfshark research. Deepfake files detected worldwide grew from 500,000 in 2023 to a projected 8 million in 2025, a 1,500% increase. And 92% of companies have experienced financial loss due to a deepfake incident, per CFO Magazine reporting. This trajectory confirms deepfake fraud has shifted from an emerging risk to a mainstream financial threat, making employee training and verification procedures an operational necessity rather than a precaution.

Key Takeaways

  • Deepfake verification procedures demand a layered architecture that combines automated analysis, manual inspection, and out-of-band process controls to neutralize synthetic identity fraud.
  • Automated deepfake detection systems identify pixel-level anomalies and temporal inconsistencies but experience significant accuracy degradation when facing novel generation models.
  • Manual inspection techniques enable fraud analysts to spot visual artifacts like lighting mismatches, boundary blurring, and unnatural blinking patterns that evade algorithmic scanners.
  • Virtual camera injection attacks bypass physical liveness checks entirely by routing synthetic media directly into the application data stream.
  • Effective deepfake verification procedures must simultaneously address sophisticated AI-generated media and low-tech cheapfakes through rigorous source provenance tracking.
  • Behavioral rehearsal via deepfake phishing simulations conditions employees to execute out-of-band verification reflexes before authorizing high-risk transactions.

Single-layer verification leaves financial transactions exposed to evolving deepfake attacks. Adaptive Security builds multi-channel verification reflexes through realistic deepfake simulations.

Take a self-guided tour

Adaptive Team

Adaptive Team

As experts in cybersecurity insights and AI threat analysis, the Adaptive Security Team is sharing its expertise with organizations.

Get started with Adaptive Security

Get started

Human security for the AI era.