Deepfakes are Hijacking Video Calls: A 2025 Guide to Stop Them

Video conferencing is a central component of business today. It’s the digital boardroom where multi-million dollar deals are closed, sensitive strategies are debated, and critical operational decisions are made.

In this ecosystem, the foundation is implicit trust — the belief that the face on the screen is the person you know.

But that foundation of trust is now one of the most lucrative threat vectors for cybercriminals. The same artificial intelligence that powers innovation is being weaponized to create hyper-realistic deepfakes, turning trusted colleagues into digital puppets.

Imagine how this plays out in the real world. An employee meets with the chief financial officer (CFO) on a Zoom call. He looks exactly as he should, perhaps a little tired from a recent trip, and the lighting in the hotel room is slightly dim. His voice is unmistakable as he gives the directive.

“We need to process this wire transfer immediately,” the CFO says, his expression firm. “It’s for the down payment on our acquisition. The deadline is in one hour, and we can’t risk losing this deal.”

An analyst in the finance department pulls up the payment portal, hands ready to execute the transfer. But something feels off. A subtle, almost imperceptible shimmer around the CFO’s earlobe. His blinking also feels too rhythmic.

No, this isn’t a scene from a sci-fi movie. It’s a scenario playing out in real time across the globe. Where just a few years ago these incidents were rare oddities, there are now hundreds of deepfake video attacks every month.

The leap in cybercrime demands a proactive response. This guide provides a comprehensive playbook for securing video conferences, combining technology, policy, and training.

Why Deepfakes Target Zoom & Video Calls

Platforms like Zoom, Microsoft Teams, and Google Meet create a perfect storm for social engineering. Built on a foundation of assumed trust and visual identity, AI shatters it all with convincing deception.

Live video calls combine the authority of a familiar face, urgency, and historically minimal identity checks, making everyday communication channels the ideal environment for manipulation.

Here’s why cybercriminals use Zoom and other platforms for video calls to carry out deepfake attacks.

Low-cost AI is fueling rampant impersonation

Creating a deepfake no longer requires a Hollywood studio or a supercomputer. With the democratization of artificial intelligence, cybercriminals are leveraging the technology to design sophisticated deepfake attacks in a fraction of the time it previously took.

Here’s what has led to the proliferation of deepfakes:

• Rock-Bottom Costs: Malicious actors now use face-swap generators and voice cloning APIs for as little as a few dollars per target. In exchange for this nominal fee, they gain the ability to hijack an individual’s likeness.
• The Power of GANs: Deepfakes are made possible by generative adversarial networks (GANs), a machine learning (ML) framework where a ‘generator’ and a ‘discriminator’ compete. The generator creates synthetic media, and the discriminator judges its realism in a process that repeats until the generated video and audio are virtually indistinguishable from the real thing.
• Blistering Speed: The setup time for a deepfake attack is shockingly short. An attacker needs only seconds of clear audio to create a voice model.

Low cost, high fidelity, and rapid deployment for deepfake attacks mean that any organization, regardless of size, is a potential target.

High-profile corporate losses highlight the risk

Financial losses from video deepfake scams are real, substantial, and growing.

• The $25M Scams: Beyond the infamous Hong Kong scam, an Australian company was also defrauded of approximately $25 million in a similar attack, proving that Arup’s case was not an isolated incident but part of a successful new playbook for cybercriminals.
• Sector-Specific Targeting: Certain industries are being hit particularly hard, including the cryptocurrency sector. A recent report found that 57% of crypto firms were targeted by deepfake attacks, with the average loss from a successful attack hitting $440,000.
• Fintech Under Fire: The broader fintech industry is also a prime target. One study revealed that 25% of fintech companies that suffered a deepfake attack lost more than $1 million, a figure significantly higher than global averages for other sectors.

The staggering figures demonstrate that for tech-forward industries, deepfake defense isn’t an optional security measure. Instead, IT and security teams need to recognize it as a necessity for the business to survive.

Zoom, Microsoft Teams, and Google Meet: Why they’re vulnerable

Everything that makes video conferencing platforms user-friendly also makes them vulnerable.

Major platforms weren’t originally designed to defend against AI-driven impersonation, leaving several security gaps:

• Static Identity Verification: Most platforms rely on static profile pictures and user-provided names for identification, both of which are easily spoofed. There’s often no mandatory, built-in liveness check to confirm a participant is a real, live human and not a digital puppet.
• Screen-Sharing Exploits: Attackers can manipulate screen-sharing features to inject malware. In the BlueNoroff attack, threat actors targeted macOS users by joining fake Zoom calls and prompting the victim to ‘fix their audio’ by running a malicious script, which installed malware.
• Limited Native Defenses: As of 2025, major platforms like Zoom, Microsoft Teams, and Google Meet lack robust, built-in deepfake detection capabilities.

Due to the lack of native defenses, the burden of detection squarely falls on the organization and its employees, making the human firewall even more vulnerable to deepfake attacks.

Anatomy of a Live Deepfake Zoom Attack

To defeat the enemy, you must understand their mindset and methods. A live deepfake attack is a multi-stage process that combines open-source intelligence (OSINT), sophisticated AI, and targeted social engineering.

Real-time face swapping with GANs

A deepfake’s visual component relies on real-time face swapping. Attackers scour the internet for public images and videos of their target — from corporate headshots to conference talks — to train their gain model. The model learns the unique facial structure and expressions of the target.

During the live call, the attacker’s own webcam feed is intercepted, and their face is replaced with the AI-generated likeness of the target, which then mimics their head movements and speech.

Face-swapping technology has become so advanced that it often evades liveness proof checks that merely look for simple movement. And the rise of this ‘DIY-deepfake-as-a-service’ market will only make the technology more accessible than it already is.

Voice cloning and social engineering scripts

Simultaneously, the attacker uses an AI voice clone created from as little as a few seconds of the target’s publicly available audio. Voice models routinely achieve at least 95% similarity to the original, making the deepfake indistinguishable to the human ear.

The cloned voice is then used to deliver a carefully crafted social engineering script designed to create a sense of urgency and leverage authority bias.

A typical script might sound like the following:

“Team, sorry to do this on such short notice, but I need your help. We have a vendor deadline for Project Titan that we can’t miss. I need to transfer $1.2 million by the top of the hour. I’ll email you the wire details right now, as this is a top priority and a deal we need to finalize immediately."

The combination of a trusted face and a trusted voice delivering an urgent command is psychologically potent and difficult for an unprepared employee to resist.

Network injection and stream hijacking

In more complex attacks, cybercriminals don’t just join a call as an imposter; they hijack a legitimate participant’s video stream.

Using man-in-the-middle tactics or packet sniffing, the attacker performs network injection, inserting malicious data packets into a communication stream to alter its content. In this case, they replace the data packets from a real employee’s video feed with their deepfaked stream.

While end-to-end encryption on a platform like Zoom helps protect the data in transit, it doesn’t prevent an attacker from hijacking the stream at the endpoint, for example, on a machine that’s already been compromised with malware.

Real-Time Detection: Spotting a Deepfake’s Red Flags on Screen

Organizations can’t ignore the confidence gap that exists, which is why training the human eye (and ear) with a partner like Adaptive Security is a vital part of any defense strategy.

Adaptive Security’s next-generation platform for security awareness training and phishing simulations significantly outperforms the legacy solutions that have fallen behind the surge of AI phishing. The platform leverages AI to deliver role-based training at scale, ensuring that every employee can detect a deepfake attack during a video call, despite the high degree of sophistication.

Here are the red flags to look for to spot a deepfake.

Micro-expression and lighting anomalies

AI models still struggle to perfectly replicate the subtle and chaotic details of a real human face and its surrounding environment.

Train employees to look for anomalies, including these most popular examples:

• Unnatural or rigid blinking patterns, or a complete lack of blinking
• Reflections in eyeglasses or on pupils that appear static or don’t match the room’s environment
• Inconsistent shadows on the face that don’t align with the visible light sources in the background
• A ‘locked’ head position, where the face moves but the neck and shoulders remain unnaturally still
• Blurry or distorted edges where the fake face meets the neck or hair

Employees can be supported by technology, too. Deepfake detection platforms, such as Facia, are specifically designed to catch irregular eye movements and other subtle artifacts that the human eye may miss.

Lip sync and audio latency mismatches

The synchronization of audio and video is computationally impressive, and deepfake models might show signs of strain.

Employees should be on the lookout for:

• A noticeable drift of 100-300 milliseconds between the speaker’s lip movements and the words being heard.
• Choppy or robotic-sounding audio, or strange intonations that don’t match the context of the conversation.

Neither is particularly easy to identify, but technology can also assist human perception in this area. Platforms like Pindrop use temporal analysis to automatically flag this audio-visual drift, providing a technical alert for a potential deepfake in progress.

Behavioral cues and verification challenges

Aside from technical glitches, exposing a deepfake can be done through simple behavioral challenges that force the AI model outside its trained parameters.

Encourage employees to:

• Ask the person to turn their head fully to the side. Many real-time deepfake models are trained on frontal images and will distort or ‘break’ when showing a profile view.
• Request an unexpected action, like waving a hand in front of their face or touching their nose.
• Ask a question that only the real person would know the answer to, which is not discoverable via open-source intelligence.

Simple, real-time tests quickly unravel a digital impersonation without relying on any expensive technology.

Hardening Video Meetings: Tech & Policy Controls

Defending against deepfakes calls for a layered security posture, which involves the strategic combination of technology, process, and people. It means a heavy emphasis must be placed on security awareness training and phishing simulations, as employees are the last and most adaptive line of defense.

AI deepfake detection tools

Here’s a comparison of leading deepfake detection tools:

Adaptive Security, the best platform for security awareness training, stands out as a must-have because it focuses on the human element. Leading brands in every industry rely on the AI-driven platform to train employees on the ever-evolving nature of deepfake attacks, recognizing that technology alone can’t be the sole defense.

When deploying the other listed technologies, remember to pilot them in non-critical meetings first to fine-tune their sensitivity and avoid disrupting business-critical conversations.

Multi-factor verification before sensitive approvals

Never allow a video presence alone to serve as authorization for a sensitive action. Enforce a policy that pairs visual confirmation with a strong secondary authentication factor.

This aligns with a zero-trust framework for video identity, where no participant is trusted by default.

Before approving a wire transfer or a major system change, the approver must verify their identity using one of the following:

• A single sign-on (SSO) push notification sent to their registered mobile device.
• A one-time code generated by a hardware token like YubiKey.
• A separate biometric check via a trusted corporate application.

Multi-factor verification ensures that even if an attacker perfectly replicates a face and voice for a deepfake, they can’t complete the attack without compromising a separate, secure device.

Out-of-band callback and passphrase protocols

Implement simple, low-tech policies that are incredibly effective at thwarting deepfake attacks.

• Mandatory Callback Policy: For any unexpected, high-stakes request made via video call, the employee must hang up and call the person back on a phone number stored in the company’s employee directory. It ensures they’re connecting with the real individual.
• Rotating Passphrases: For critical teams like executive leadership or finance, establish a verbal passphrase. The unique, non-public phrase (six words or fewer is ideal) must be exchanged to validate the sensitive request.

The procedural guardrails provide a powerful safety net that can prevent an attack from occurring, thereby stopping any data or financial loss.

Training Employees to Outsmart Deepfake Scams

Technology and policy are crucial, but a well-trained, skeptical employee trumps all.

That’s why organizations are moving beyond passive awareness to active skill-building, partnering with security awareness training platforms like Adaptive Security to prepare employees for deepfakes and all types of phishing attacks.

Deepfake simulations

The most effective way to train employees is through realistic, hands-on experience. Next-generation platforms include deepfake simulations, exercises that present employees with short video clips containing subtle, AI-generated flaws and test their ability to spot them.

This safe exposure builds muscle memory, making employees far more likely to detect a real attack under heightened pressure.

Rapid reporting and escalation playbook

Employees need to know exactly what to do in the moment they suspect a deepfake, so institute a three-step playbook that’s easily remembered and executed.

1. Flag: Verbally and calmly state that you need to pause to verify something. Do not accuse the person directly, which could escalate the situation if they’re legitimate.
2. Isolate: Mute your microphone and turn off your camera. If you’re the meeting host, immediately mute the suspicious participant or move them to the waiting room.
3. Escalate: Immediately contact the IT or security team through a trusted channel and report the incident, providing the meeting details and the reason for suspicion.

With this clear and concise playbook, employees feel empowered to act decisively without creating panic.

Continuous measurement of awareness KPIs

One-and-done training is not enough. The effectiveness of deepfake awareness training needs measurement and refinement.

• Time-to-Report: The average time it takes for an employee to escalate a suspicious simulation.
• Simulation Success Rate: The percentage of employees who correctly identify the deepfake in a simulated exercise.
• Post-Training Scores: Measure knowledge retention on the key red flags and reporting procedures.

Linking improvements in these metrics to decreased incident response times provides a powerful, data-backed argument for the value of ongoing security awareness training.

Building a Deepfake-Resistant Culture

The weaponization of AI to hijack faces and voices signals an alarming shift in cybersecurity. It targets the foundation of human communication and trust.

Defeating this threat requires a massive shift in defense — away from a purely technical, perimeter-based model to one that’s layered, agile, and human-centric. A firewall or email filter can’t stop a convincing deepfake on a live video call, but a well-trained, critical-thinking employee can.

Prepare your organization for the next wave of AI-powered attacks. Schedule a demo with Adaptive Security to see how our next-generation platform builds a resilient human firewall.