For years, “get on a video call” has been a common safety rule for verifying someone’s identity online. That rule is rapidly losing value.

Investigators and threat analysts are now documenting near-real-time face-swap video being used in romance and “pig butchering” scams—where criminals build a relationship, then steer victims into fraudulent investment or payment flows. The net effect is a major shift in the social-engineering playbook: video is no longer a reliable proof of presence, identity, or intent.

What’s changed: “live” deepfakes have crossed the usability threshold

Deepfake content is not new, but two things have improved enough to change attacker economics:

• Real-time face swapping that can run during live calls on common platforms (e.g., WhatsApp/Zoom/WeChat), enabling scammers to “perform” a believable persona on demand.
• Operational support ecosystems (often via Telegram-style channels) that market, troubleshoot, and monetise these tools—reducing the skill required to deploy them effectively.

In one recent investigation, WIRED reported on a face-swapping platform linked to romance and pig-butchering operations, with crypto-payment traces and marketing patterns that strongly suggest the tool is being positioned for scam workflows.

How the scam works: from trust-building to money movement

While tactics vary, the pattern is consistent:

1. Discovery and grooming: The attacker connects via dating apps/social media, builds rapport, and creates a “high-trust” narrative (career, travel, family).
2. Trust escalation via “proof”: The attacker offers (or agrees to) a live video call—now potentially face-swapped to match the fake persona and disarm scepticism.
3. Financial pivot: The victim is guided toward a “can’t-miss” investment, a “temporary transfer,” or a “verification payment,” often involving cryptocurrency rails.
4. Pressure and persistence: Once money moves, victims are pressured to “recover losses” by sending more—classic sunk-cost manipulation.

This matches broader fraud telemetry: the FBI’s Internet Crime reporting shows investment fraud (often crypto-linked) drives the largest losses, even when other categories generate more complaints.

Why video calls are now an unreliable trust signal

Real-time deepfakes are a trust-layer attack: they exploit the assumption that “live video equals real identity.”

For businesses, this intersects directly with identity verification and customer onboarding risk. Veriff’s 2025 analysis notes that deepfakes are becoming a material driver of verification failures and emphasises the growing role of real-time video manipulation in fraud attempts.

Separately, law-enforcement warnings continue to underscore the surge in AI-powered impersonation tactics—particularly voice and messaging impersonation used to gain access, build trust, or solicit money/data.

Bottom line: treat video calls as one signal—not proof.

India Context

In India, the risk is no longer theoretical. CERT-In has issued a formal advisory warning that deepfakes can be misused for impersonation, fraud, and reputational harm, and it recommends practical precautions for detection and reporting. At the same time, the Reserve Bank of India (RBI) has publicly cautioned citizens about deepfake videos impersonating senior RBI leadership to push misleading “investment advice,” underscoring that synthetic video is already being weaponised to manufacture trust and trigger financial decisions. Separately, India’s National Cyber Crime Reporting Portal (MHA/I4C) continues to publish advisories on fast-growing impersonation-led scams such as “digital arrest,” which often use intimidation and remote communication channels to pressure victims into transferring money—reinforcing why video calls and official-sounding claims should never be treated as proof of legitimacy without out-of-band verification.

Where the risk hits businesses (not just individuals)

Even if your organisation is not a financial institution, deepfake-enabled impersonation can land in multiple workflows:

• Accounts payable / vendor management: payment change requests, “urgent” approvals, invoice redirection
• HR and recruiting: remote interviews, identity checks, contractor onboarding
• Customer support/refunds: “I lost access” stories, account takeover recovery, chargeback disputes
• Sales/partnerships: convincing fake founders, suppliers, or “investors” pushing time-sensitive deals
• Executive protection: impersonation targeting senior leadership and their networks

This also aligns with consumer protection insights: the FTC highlights that older adults report major losses—especially from investment scams—and that social media is a frequent contact channel for investment fraud approaches.

Defensive playbook: verification that survives deepfakes

Individuals (reader-friendly checklist)

• Verify out-of-band: confirm identity using a known phone number/email thread (not the one provided in chat).
• Use a “shared secret”: agree on a family code word or verification phrase for emergencies.
• Slow down money movement: refuse urgent transfers, crypto deposits, or “verification” payments.
• Assume social media content can be weaponised: scammers often mine posts for context to strengthen deception.

Organisations (controls that reduce fraud exposure)

• Phishing-resistant MFA (FIDO2/WebAuthn) for email, admin consoles, and finance systems.
• Payment-change controls: mandatory call-back to a pre-validated number; dual approval; cooling-off windows.
• Identity-proofing upgrades: liveness detection tuned for face swaps, risk-based step-up checks, device/behaviour signals (not just video).
• High-risk workflow hardening: HR onboarding, refunds, and vendor creation should require stronger verification than routine support.
• Run deepfake tabletop scenarios: treat this like BEC—include finance, HR, legal, comms, and leadership.

Content and awareness programs

Update training materials so “video proof” is not presented as the final safety step. Use language like:

• “Video helps—but it does not verify identity.”
• “Always confirm payment requests through a known channel.”
• “If urgency is the hook, treat it as hostile until verified.”

What to watch next

Expect rapid maturation in three directions:

• Multi-modal impersonation: face swap + voice cloning + AI scripting in the same interaction
• Fraud-as-a-service marketplaces selling deepfake tooling, coaching, and playbooks
• More tenant/IDV bypass attempts targeting KYC onboarding, remote hiring, and support recovery flows

Europol and INTERPOL reporting continues to flag AI-enabled impersonation and deepfakes as an increasingly common enabler of fraud and organised crime operations.

Sources

• WIRED — Investigation into a real-time face-swapping platform linked to romance and “pig butchering” scams (published December 2025).
• Veriff — “Real-time deepfake fraud in 2025” and guidance on biometric liveness and real-time deepfake attack modes.
• Reuters — PSA on AI-enabled impersonation targeting officials and contacts (May 2025)
• CERT – Deepfake advisory + Protective steps