How to Detect AI Deepfakes in Video, Audio, and Images: Visual Signals, Forensic Tools, and Organizational Defenses for Individuals and Security Teams

Knowing how to detect AI deepfakes, the synthetic media generated by AI systems to replace or manipulate a real person's face, voice, or body, is now a practical skill with direct financial and organizational consequences.

According to Verizon's 2026 Data Breach Investigations Report, 62% of confirmed incidents involve a non-malicious human element, and a single deepfake video call defrauded engineering firm Arup of $25 million in 2024. That makes the AI deepfake cyber threat concrete, expensive, and well-documented.

This guide covers every layer of detection: the visual and audio artifacts that reveal manipulated media, the forensic tools security teams and individuals can apply, and the source verification practices that catch deepfake cyberattacks that content analysis alone will miss.

The content also addresses what organizations must do structurally: from protocol design to cybersecurity awareness training programs for employees to build a durable defense against AI-generated fraud.

Security leaders ready to benchmark their team's current exposure can schedule a demo with Adaptive Security to see how targeted phishing simulations and cybersecurity awareness training can work together to close the gap between awareness and action.

What Is a Deepfake and Why Does It Matter Now

A deepfake is synthetic media generated by AI, specifically through generative adversarial networks (GANs) or diffusion models, that fabricates or manipulates a person's face, voice, or body across video, audio, or images with enough realism to deceive human perception.

GANs operate through a two-model competition: a generator produces synthetic media while a discriminator attempts to flag it as fake, iterating through millions of cycles until the output becomes indistinguishable from reality.

Deepfakes are distinct from "cheapfakes," low-tech manipulations that use speed changes, cropping, or splicing and require no AI, leaving entirely different forensic traces.

Each generation method also leaves unique artifact fingerprints. GAN-produced content often exhibits subtle facial boundary irregularities, while diffusion models can introduce texture inconsistencies in fine details such as hair and teeth.

Those artifacts are the deepfake detection signals that systematic security awareness training programs teach employees to recognize before a deepfake cyberattack reaches its target.

How Fast Is Deepfake Fraud Growing?

The cyber threat has moved from theoretical to operational at a measurable pace. Sumsub's Identity Fraud Report 2024 documented a 4x increase in deepfake incidents globally year over year. That increase represents a cyberattack category that has moved from isolated experimentation to an industrialized fraud infrastructure.

What Does a Real Deepfake Attack Look Like?

The Arup wire fraud is the clearest proof of what this cyber threat costs in practice. No suspicious email, no obvious manipulation: the entire social engineering chain ran through fabricated faces and voices. That incident illustrates why detecting AI deepfakes demands more than intuition; it requires a systematic understanding of the specific visual and audio signals these systems cannot yet fully suppress.

Visual and Audio Signs That Reveal a Deepfake

Knowing how to detect AI deepfakes involves observing the artifacts that stem from the computational limits of face-swapping and voice-synthesis models.

Examine face edges, eye behavior, lighting geometry, body movement, audio cadence, and cross-modal consistency; each signal carries a different reliability threshold, and some are far easier to spoof than others.

Visual and audio inspection alone is increasingly insufficient as models improve, so treat these cues as a starting checklist, with source verification as the required second step.

1. Look for Face, Skin, and Facial Feature Anomalies

Face-swap models blend a synthetic face onto a source video frame-by-frame, producing characteristic edge artifacts where the generated face meets the original background. Watch for blurred or softened borders along the hairline, jaw, and ears.

Mismatched skin tone between the face and neck, unnaturally smooth or waxy texture, asymmetry that shifts mid-video, and smeared teeth or ear geometry are all byproducts of this blending process.

One critical distinction: pixelation from video compression appears uniformly across the entire frame, while face-swap artifacts concentrate at face-to-background boundaries. If the rest of the video is sharp but the face edges are soft, compression alone cannot explain it.

2. Examine Eye Blinking and Gaze Behavior

Early deepfake models rarely blinked because their underlying model training datasets consisted mostly of static images. Current models still produce blinking that is too infrequent, mechanically rhythmic, or absent during high-motion segments.

Synthetic eyes often track slightly off-axis, creating a glazed quality that real eye contact does not produce. Pupils in deepfakes also fail to dilate or constrict in response to lighting changes visible in the same frame.

3. Check Lighting and Shadow Consistency

Light sources cast shadows in a single consistent direction, and reflective surfaces (including eyes and glasses) carry specular highlights that mirror the actual environment.

Deepfake compositing frequently imports a face lit under one condition into a background lit under another, producing shadows that contradict the scene.

Examining where light hits the nose bridge and cheeks and verifying that background shadows point in the same direction reliably reveals this inconsistency.

4. Watch Body Movement and Proportions

Head and neck movement in deepfakes tends to be either unnaturally jerky or artificially smooth. The model stabilizes the face region but struggles to track the entire upper body's motion in physical space.

Hands and fingers remain a persistent weakness: extra digits, fused fingers, or hands that morph shape between frames are strong indicators. Lip sync degrades noticeably during fast speech or under natural head rotation.

5. Listen for Audio Artifacts

Synthetic voices generated by AI cloning tools lack the micro-emotional variation (the subtle rises, catches, and breathiness) that characterizes real human speech. Listen for a robotic cadence where stress and rhythm feel metronomic rather than conversational.

AI voices often omit the inhalations between long sentences or insert them at unnatural points. Background noise that abruptly cuts at sentence boundaries, and a voice carrying no room ambiance in a setting that should produce some, are diagnostic signals.

6. Test for Multi-Modal Inconsistency

Deepfake video with synchronized audio is the hardest category for humans to detect accurately because both sensory channels reinforce each other's credibility.

When audio and visual tracks are produced separately and merged, a pattern common in live-call impersonation attacks, small mismatches emerge. A phoneme shapes the mouth into a position that the audio does not match. A smile appears while the voice carries a flat tone. Or emotional expressions arrive slightly before or after the corresponding vocal inflection.

Forensic Tools and Verification Methods for Deepfake Detection

Detecting AI deepfakes with confidence requires layering multiple technical methods, as no single tool delivers a definitive verdict. The steps below cover reverse source tracing, metadata examination, AI-based scanners, frame-level forensics, luminance analysis, and distribution pattern checks.

Each technique exposes a different class of artifact, and when combined, they raise the bar for cyberattackers trying to pass synthetic media as authentic. Because detection tools consistently lag behind generation technology, verifying the origin of media often proves more reliable than analyzing the media itself: a principle that flows directly into source and identity verification.

Step 1. Reverse Image and Video Search

Reverse search is the fastest way to determine whether a face or scene has been reused from a different context. Upload a screenshot to Google Images or TinEye, or submit a video clip to the InVID/WeVerify browser extension to trace where that visual first appeared online. A face that surfaces in unrelated footage from three years earlier is demonstrably not the person being claimed in the target video.

Step 2. Metadata and Provenance Analysis

EXIF data embedded in authentic media records the creation timestamp, GPS coordinates, and device fingerprint. Stripped or absent metadata is itself a red flag. Legitimate media exported through professional pipelines retains provenance markers.

The Coalition for Content Provenance and Authenticity (C2PA) has established an open standard called Content Credentials that cryptographically signs media at the point of capture, allowing any receiver to verify that the content has not been altered since it left the originating device.

Step 3. AI-Based Detection Tools

The DeepFake-o-meter, developed by the University at Buffalo Media Forensics Lab, aggregates results from multiple independent detection models across video, image, and audio. It is among the most accessible free, open-source tools of its kind. Sensity AI and Reality Defender offer enterprise-grade analysis.

All three carry a critical limitation: detection accuracy degrades against newer diffusion-based models because the tools were trained predominantly on older GAN datasets. AI chatbots are unreliable deepfake video detectors; they lack the frame-level signal processing these forensic tasks require.

Step 4. Frame-by-Frame and Edge Analysis

Open the video in a frame-extraction tool and examine the face boundary regions one frame at a time. Compositing artifacts (blurred edges, color fringing, and spatial inconsistencies) concentrate at face perimeters, particularly under motion blur.

Error level analysis (ELA) surfaces re-encoded image regions by revealing compression inconsistencies that indicate post-capture manipulation. These signals are invisible at normal playback speed but become visible the moment the video is paused and examined at the pixel level.

Step 5. Luminance Gradient Analysis

Uneven luminance gradients across face boundaries indicate that the face and background were composited under different lighting conditions. A genuine video captures the subject and environment under the same light source, so shadows and highlights track consistently across both.

When the face appears slightly brighter, flatter, or differently shadowed than the surrounding scene, treat it as a compositing indicator and escalate it through the security team's deepfake phishing simulation protocols.

Step 6. Distribution Channel Analysis

Examine how the media is spreading before analyzing its content. Coordinated bot accounts, abnormally rapid share velocity, and accounts with no post history amplifying a specific clip are all signals that organic propagation has been replaced by an influence operation.

Consider a video that gains 50,000 shares in two hours from accounts created within the same 48-hour window. That warrants immediate scrutiny, regardless of how convincing the footage appears.

Regula Forensics' Identity Threats 2026 report found that 98% of organizations report concern about identity-based threats

The figure reflects how much cyberattackers invest in synthetic media, even as their distribution infrastructure remains relatively easy to expose.

How to Verify the Source Before Trusting Any Media

Verify the originating account's history and verification status, cross-reference the claimed event against independent outlets, and contact the alleged speaker through a pre-established trusted channel, never through any contact information embedded in the suspicious message itself.

The most reliable safeguard is one established before a deepfake cyberattack arrives: a personal code word or challenge-response protocol with executives, finance team members, and close family.

1. Check the Account Before Trusting the Content

A deepfake video lands harder when it appears to come from a verified, familiar account. Before forming any judgment about the media itself, examine the publishing account's history: when was it created, what has it posted previously, and does its activity pattern match the person it claims to represent?

A newly created account with few posts, a follower count disproportionate to the claimed identity, or a sudden change in posting cadence are each harder to fabricate than the video itself.

2. Cross-Reference the Claimed Event Independently

No real event involving a public figure happens in a single source. Before trusting any video or audio clip depicting a notable person saying something consequential, check whether at least two independent, named news organizations have reported the same event.

If an established outlet has not covered it, that absence is a signal worth heeding. The 2024 deepfake impersonation of Ukraine's former Foreign Minister Dmytro Kuleba during a video call with U.S. Senator Ben Cardin succeeded in part because no independent verification was conducted before the conversation proceeded.

3. Establish a Code-Word Protocol for High-Risk Individuals

Real-time audio deepfakes make a phone call from a known voice an insufficient authentication signal. Finance teams, executives, and any employee authorized to approve wire transfers need a pre-arranged challenge-response protocol. This can be a code word, a shared personal reference, or a question only the real person could answer. The protocol applies any time an unusual financial or access request arrives by phone or video.

4. Understand Where Platform AI Labeling Falls Short

The Dais's Human or AI? Evaluating Labels on AI-Generated Social Media Content (2025), published by the policy think tank at Toronto Metropolitan University, found that AI content labeling practices across major social media platforms are failing. Small disclaimer labels have no meaningful effect on whether users trust or share AI-generated content compared to no label at all.

Labels are inconsistently applied, easily missed by users, and entirely absent on content generated outside each platform's own AI tools. Detection lags behind generation, and confirmation bias compounds the problem.

People are systematically more likely to believe deepfakes that reinforce their existing opinions or arrive from accounts they already follow, meaning even a labeled video can still drive harmful behavior.

5. Apply "Authentication Before Action" to Every High-Stakes Request

Any unusual or high-stakes request arriving through a digital channel, whether a wire transfer, a credential reset, or an access approval, requires a second verification step through a separate channel with a known good contact.

This "authentication before action" principle treats digital communication as a prompt to verify rather than as authorization itself. A follow-up call to a number already stored in contacts, or a message to a verified internal account, takes under two minutes and closes the window deepfakes are designed to exploit.

Source and identity verification disciplines keep humans from acting on manipulated media. The harder challenge is security awareness training, which enables employees to recognize manipulation in real time, precisely what deepfake phishing simulations, including AI deepfake video scenarios, are built to develop.

How Businesses Can Defend Against Deepfake-Based Fraud

Learning how to detect AI deepfakes at the individual level matters, but organizational resilience requires systemic controls that do not depend on any single employee making the right call under pressure.

Phishing simulations, reporting culture, incident response planning, and open-source intelligence (OSINT) monitoring together form the structural defense layer that individual detection skills alone cannot replicate.

1. Enforce Multi-Step Verification for High-Risk Requests

No wire transfer, executive instruction, or access request delivered through a single voice or video channel should be approved without independent confirmation.

Deepfake technology has reached the point where visual and audio plausibility is no longer a reliable trust signal. A second-channel confirmation, meaning a direct callback to a known number rather than one provided in the original message, stops most AI-powered fraud before it completes.

According to Verizon's 2026 Data Breach Investigations Report, credential abuse was the initial access vector in 13% of confirmed incidents, underscoring that procedural controls must complement technical defenses rather than replace them. Finance, HR, IT, and executive assistants need written protocols that make out-of-band verification mandatory.

2. Run Deepfake Phishing Simulations Against High-Risk Employee Groups

The most reliable way to measure an organization's susceptibility to deepfake fraud before cyberattackers do is to simulate it. Finance teams, HR staff, IT administrators, and executive assistants are the highest-value targets because they control funds, credentials, and sensitive data.

Exercises that use AI-cloned executive voices and synthetic video, rather than generic phishing emails, create the visceral recognition that static security awareness training modules cannot replicate.

Organizations that deploy targeted deepfake phishing simulation programs can establish baseline susceptibility data and track measurable improvement over time. Without that baseline, organizations are defending a cyberattack surface they cannot measure.

3. Build a Reporting Culture That Removes the Fear of Being Wrong

An employee who suspects a deepfake but stays silent has learned nothing from their training program. Psychological safety (the assurance that flagging suspicious media will be treated as responsible behavior rather than grounds for embarrassment) is the mechanism that converts individual skepticism into an organizational defense signal.

The Department of Homeland Security's Increasing Threat of DeepFake Identities (2019) concludes that deepfake detection cannot rely on technology alone and requires human participation at every layer of defense. The report draws on the expertise of Siwei Lyu, SUNY Empire Innovation Professor of Computer Science and Engineering and Director of the UB Media Forensics Lab.

Operationally, this means creating a frictionless reporting path: a single internal channel where employees submit suspicious calls, video requests, or messages, with every report acknowledged rather than judged.

4. Define a Deepfake Incident Response Plan

Every organization that moves money, holds sensitive credentials, or employs public-facing executives needs a documented deepfake incident response plan before an event occurs.

The plan must specify who an employee contacts when they believe they have encountered a deepfake (security team first, then manager), what evidence to preserve (recordings, emails, call logs), and how legal and HR are notified when financial loss or reputational harm is possible.

5. Brief Leadership on Deepfake Risk as a Board-Level Business Issue

The Arup case is the clearest existing proof point that deepfake fraud is a business continuity and financial risk rather than a technical IT problem, and it belongs on the board agenda.

Security leaders should present the $25 million loss figure alongside IBM's Cost of a Data Breach Report 2025 to frame the financial exposure in terms that finance and board members recognize immediately.

6. Monitor Executive OSINT Exposure

Cyberattackers need raw material to build a convincing deepfake clone: voice recordings, video footage, and high-resolution images often publicly available through earnings calls, conference recordings, LinkedIn posts, and media interviews.

OSINT collection is the first step in every targeted deepfake campaign. Organizations should audit the publicly available digital footprint of their executives and high-risk employees, and build ongoing OSINT monitoring into their human risk management program.

Reducing what cyberattackers can access directly reduces the quality of the clones they can build, which means the cyberattack surface shrinks before a phishing simulation is ever run.

Why Deepfake Detection Belongs in Security Awareness Training

Deepfake detection is a behavioral reflex that erodes without repeated reinforcement; it cannot be installed through a single workshop.

Kumaraguru et al.'s Protecting People from Phishing: The Design and Evaluation of an Embedded Training Email System (CHI 2007) found that simulated phishing emails with immediate, in-context training outperformed standard security notices, establishing the design foundation for modern phishing simulation programs.

Detection capability without a practiced response protocol is insufficient: employees must know both how to identify a suspicious deepfake interaction and exactly what steps to take in the seconds that follow.

Why Annual Training Cycles Cannot Keep Pace With AI-Generated Threats

AI-powered cyberattack tooling has compressed the development cycle for new deepfake variants from months to days. An awareness training module published in January is already outdated by the time employees complete it in December.

Organizations relying on once-a-year content refreshes are preparing employees to recognize last year's cyber threats rather than the ones arriving in real time.

Why Role-Specific Training Outperforms Generic Org-Wide Modules

Finance teams face invoice fraud deepfakes. HR staff encounter synthetic voice impersonations during candidate screening. Executives are targeted with fabricated video calls requesting urgent wire approvals.

A compliance video delivered to all 3,000 employees simultaneously addresses none of these scenarios with the specificity needed to change behavior under pressure.

Role-targeted deepfake phishing simulations deliver the exact cyber threat context each employee is statistically most likely to encounter, making training immediately recognizable and applicable when a real cyberattack arrives.

Detection Alone Is Not Enough: Employees Need a Behavioral Protocol

The behavioral protocol must be pre-loaded: pause the interaction, decline to act, verify through a second trusted out-of-band channel, and report immediately to the security team. Without this sequence embedded through phishing simulation practice, detection insight collapses at the moment of decision.

Leading organizations building or modernizing their security awareness training programs are incorporating multi-channel AI threat phishing simulations, including deepfake scenarios, as a program component.

SOC 2, HIPAA, and NIST CSF each mandate security awareness training for workforce members, and guidance mapped to these frameworks increasingly positions AI-generated social engineering, including deepfake threats, as scenarios that training programs should address.

How Deepfake Technology Is Evolving and What That Means for Detection

How to detect AI deepfakes is becoming structurally harder. Diffusion models and real-time face-swap APIs available since 2023 produce synthetic media with far fewer compression artifacts, blending boundaries, and temporal inconsistencies than GAN-based methods from 2020.

Visual cues that once served as reliable signals (unnatural eye blinking, mismatched lighting, blurry hairlines) are increasingly absent in content produced by current-generation tools.

Meta's Deepfake Detection Challenge, which concluded in 2020, found that the top-performing model achieved only 65.18% accuracy against unseen deepfakes, on GAN-era content.

Detection models trained on that dataset perform worse today against diffusion-based and neural face-swap outputs, because the artifacts those models learned to identify no longer consistently appear.

The challenge produced one critical output: a shared dataset of over 100,000 videos that established the first rigorous performance baseline, which now lags significantly behind the generation tools it was built to counter.

Why Artifact-Based Detection Will Remain a Losing Race

Artifact-based detection is inherently reactive. A model that learns to flag one generation method's artifacts becomes obsolete the moment generation pipelines update: a cycle that now runs faster than most academic peer-review timelines.

Consumer-accessible detection tools carry the same limitation. Without corroborating verification steps (a secondary communication channel, a confirmed callback, a pre-established code word), no standalone detection tool delivers high-confidence results.

What Provenance-Based Authentication Changes

The more durable answer is to shift from asking "Is this real?" to asking "Where did this come from?" The Coalition for Content Provenance and Authenticity (C2PA) has developed an open technical standard that cryptographically signs media at the point of capture, attaching a tamper-evident provenance record to each file.

When provenance infrastructure is embedded universally at the device and platform level, the absence of a valid credential becomes the detection signal: a fundamentally different and more scalable approach than chasing artifacts.

How Deepfakes Are Reshaping Information Warfare

The geopolitical dimension is already documented. A deepfake video of Ukrainian President Volodymyr Zelensky falsely ordering troops to surrender circulated in 2022, requiring a public rebuttal.

This incident confirms that deepfakes are an active tool in information warfare targeting both public trust and individual decision-makers.

What This Means for Human Judgment

Until C2PA or equivalent provenance standards achieve universal adoption across devices, platforms, and distribution channels, no technical layer fully closes the gap. Trained human judgment remains a non-optional defense.

Security teams can view the Adaptive Security deepfake webinar to understand how these attacks are evolving.

Key Takeaways

• How to detect AI deepfakes begins with knowing the artifacts generative AI cannot yet suppress: face-boundary blurring, off-axis eye tracking, audio cadence without micro-emotional variation, and multi-modal timing mismatches between expression and voice;
• Deepfake detection tools (including the DeepFake-o-meter, Sensity AI, and Reality Defender) provide useful signals but must be layered with source verification, metadata analysis, and direct callback protocols rather than used as standalone verdicts;
• AI deepfakes in live video calls are most effectively countered through pre-established code-word protocols and a strict "authentication before action" rule for any unusual financial or access request;
• Deepfake cyberattacks are evolving faster than artifact-based detection methods; provenance-based authentication through C2PA content credentials represents the most durable long-term defense;
• Organizations that deploy role-targeted deepfake phishing simulations through a security awareness training program build measurable, durable detection reflexes that static modules cannot replicate;
• Detecting AI deepfakes requires systemic organizational controls: multi-step verification protocols, documented incident response plans, executive OSINT monitoring, and a reporting culture with genuine psychological safety;
• Every security team should establish baseline susceptibility data through realistic deepfake phishing simulation exercises before a real cyberattack tests them instead.

Train the Team to Recognize Deepfakes Before Cyberattackers Test Them

Deepfake-based fraud does not announce itself; it arrives looking and sounding exactly like someone employees already trust. Organizations that expose employees to realistic AI deepfake phishing simulation scenarios before a cyberattack occurs build the detection reflexes that no policy document can produce.

Adaptive Security's platform delivers purpose-built deepfake phishing simulations and role-targeted training programs designed to reduce susceptibility across the highest-risk roles in any organization.

The platform measures baseline exposure, tracks improvement over time, and surfaces which employee groups remain most vulnerable to AI deepfake cyber threats.

Security teams ready to build a measurable deepfake detection capability can book a demo with Adaptive Security to see how targeted phishing simulations and awareness training protect the workforce from modern deepfake attacks.

Frequently Asked Questions About How to Detect AI Deepfakes

How to Detect AI Deepfakes in a Live Video Call or Phone Call in Real Time?

Detecting a deepfake during a live video call requires combining behavioral checks with a second-channel verification protocol, because no consumer tool currently offers real-time detection with reliable accuracy.

On video, watch for facial edge blurring when the person moves, lighting that does not match the call environment, unnatural blink patterns, and audio that sounds slightly compressed or lacks ambient room noise.

On voice calls, listen for robotic cadence, missing micro-pauses between words, and pitch uniformity that natural speech does not produce.

The most reliable defense is procedural. If a caller requests unusual action (a wire transfer, credential reset, or access grant), end the call and call back using a known-good number already on file.

Pre-established code words with executives and finance team members provide a real-time authentication layer that no deepfake can replicate without prior access to that information.

Guo, Wang, and Lyu's Detection of Real-Time Deepfakes in Video Conferencing with Active Probing and Corneal Reflection (IEEE ICASSP 2023, DOI: 10.1109/ICASSP49357.2023.10094720) showed that corneal reflection analysis can expose real-time face-swap attacks in video conferencing by displaying a probing pattern on screen and checking whether it reflects in the participant's eyes. Most deepfake models cannot replicate this tell.

The authors note that no specialized hardware is required, though the technique is currently too slow for real-time deployment in its unoptimized form and requires further development before practical integration into video conferencing platforms.  

Are Deepfake Detection Tools Reliable Enough for Everyday Consumers to Use?

Consumer-accessible deepfake detection tools are reliable enough to serve as one signal in a multi-step verification process.

iProov's Deepfake Blindspot Study (February 2025), testing 2,000 UK and US consumers, found that only 0.1% of people could accurately identify deepfakes across all stimuli, even when participants were primed to look for them, suggesting real-world detection rates are likely lower still.

The Tow Center's What Journalists Should Know About Deepfake Detection Technology in 2025: A Non-Technical Guide (Columbia Journalism Review, March 2025), synthesizing recent detection research, found that detection reliability varies significantly depending on the generation method used to produce the content.

Tools trained on one type of synthetic media consistently underperform when confronted with content generated by a different technique. The guide notes that even trained journalists struggle to interpret detection tool outputs without knowing the model's training dataset and update history, a challenge that is compounded for ordinary users.

Treat a tool's output as a reason to investigate further, with source verification as the final arbiter. Source verification, behavioral anomaly checks, and direct callback confirmation through a known channel remain the more durable and accessible defenses for individuals without forensic expertise.

What to Do If a Person Becomes the Victim of a Deepfake?

If an organization discovers a deepfake attack has been used against them, take the following steps immediately:

• Preserve evidence. Screenshot or record the deepfake before requesting takedown, as platforms often remove content quickly and documentation will be needed;
• Report to the relevant platform. Most major platforms have synthetic media or impersonation violation policies; submit a formal report with supporting evidence;
• Report to law enforcement. File a complaint with the FBI's Internet Crime Complaint Center at ic3.gov and with the FTC at reportfraud.ftc.gov;
• Notify affected parties. If the deepfake was used in a financial fraud or impersonation cyberattack, alert the relevant bank, employer, or HR department immediately so they can freeze or flag affected accounts;
• Consult legal counsel. Several U.S. states now have statutes specifically addressing non-consensual deepfakes, and an attorney can assess options for civil action or injunctive relief.

Acting within the first 24 hours significantly improves the likelihood of content removal and preserves the evidentiary chain.

What Is the Difference Between a Deepfake and a Cheapfake?

A deepfake uses AI, specifically generative adversarial networks (GANs) or diffusion models, to synthesize or replace a person's face, voice, or body with a realistic AI-generated substitute.

A cheapfake achieves manipulation through low-tech methods: slowing down or speeding up footage, cropping to remove context, splicing audio out of sequence, or applying basic editing filters; no AI is required.  

Data & Society's Deepfakes and Cheap Fakes: The Manipulation of Audio and Visual Evidence (Britt Paris and Joan Donovan, 2019) first formalized this distinction, defining cheapfakes as audiovisual manipulations created with accessible software rather than machine learning.

The detection approach differs accordingly: cheapfakes are often exposed by simple contextual verification (reverse-searching the original footage or cross-checking the claimed date and location), while deepfakes require artifact analysis or provenance-based authentication.

Cheapfakes are easier to produce and frequently more widespread in political disinformation campaigns precisely because they require no technical skill.

How to Tell the Difference Between a Deepfake and a Low-Quality but Legitimate Video?

The key difference lies in the type of artifact rather than the overall quality. A legitimate low-quality video degrades uniformly: compression introduces blocky pixelation, poor lighting creates flat color, and motion blur affects the full frame evenly.

A deepfake produced by a face-swap model shows structurally inconsistent artifacts. The face area carries different noise patterns. Edge-blending artifacts appear at the hairline or jaw in a way that does not match the surrounding background. Skin texture appears smoother or differently lit than the neck and ears. Teeth and eye details lose resolution under fast motion while the background stays sharp.

Specifically, examine the face boundary: in a legitimately compressed video, pixelation at a face edge matches the surrounding pixels. In a deepfake, the face edge often shows a soft, AI-composited blend that looks mismatched against the scene.

Audio-visual sync errors, where mouth movement does not precisely match phonemes at normal playback speed, point to deepfake generation rather than simple recording quality.

When anomalies cluster specifically around the face while the rest of the frame remains consistent, that pattern warrants deeper verification: a trainable skill. Employees who practice detecting anomalies through simulation build pattern recognition that is more likely to activate under real-world pressure.