Deepfake Scams Guide for Banking Fraud Teams
June 25, 2026
This article is part of "Eye on Fraud by IronVest," an ongoing series on banking fraud where we explore the latest banking scams and fraud impacting financial institutions worldwide.
Our deepfake scam guide walks you through one of the most dangerous scams in 2026 and shows you how to prevent deepfake scams with IronVest’s ActionID™ technology.
Back in 2024, the Financial Crimes Enforcement Network (FinCEN) put out an alert warning financial institutions about the threat of deepfakes. It said:
“FinCEN has observed an increase in suspicious activity reporting by financial institutions describing the suspected use of deepfake media in fraud schemes targeting their institutions and customers.”
Fast forward to 2026, and deepfake fraud attempts have become so common that up to 77% of organizations report having recently experienced a fraud attempt that involved video or audio deepfakes.
Today, thanks to its trust-based relationships, high-value transactions, and increasing reliance on remote verification, banking is a prime target for deepfake-driven scams.
To help your fraud team understand deepfake scams in 2026, we’ve gathered five deepfake scam case studies, each illustrating a different form of deepfake scams and explaining exactly how it unfolds.
What Are Deepfake Scams?
Deepfake scams involve fraudsters using AI-generated or manipulated images, videos, or voices to impersonate someone or create a completely fake identity to defraud a financial institution.
During a deepfake scam, fraudsters might:
Generate realistic photos and documents for people who don’t exist (i.e., "synthetic identities”).
Alter legitimate IDs by swapping faces or tweaking details like facial features to bypass watchlists and sanctions checks.
Clone voices to impersonate banking customers and trick call center agents into resetting accounts or approving fund transfers.
Create fully synchronized video + audio deepfakes to fool “liveness” checks during onboarding or authentication.
Deepfake scams often succeed because, to banks and banking customers, deepfakes appear and sound very realistic, making it difficult for humans and/or automated systems to detect fraud.
One study found that 12% of employees have been tricked by deepfake scams. In another, 43% of organizations reported deepfake impersonation attempts.
Worryingly, only one-third (32%) of executives said they believe their organization is prepared for deepfake attacks.
Deepfakes undermine traditional banking authentication systems, exposing banks to direct financial losses through fraud, regulatory risks due to insufficient controls, reputational harm, and loss of customer confidence, as well as rising operational costs for detection, verification, and fraud response.
5 Deepfake Scam Examples Your Bank Must Prevent In 2026 and Beyond
Below, we highlight five deepfake scam examples to help you see what deepfake scams look like in 2026.
1. Deepfake images
A deepfake image is an image that has been either digitally manipulated or entirely created using AI. While deepfakes can be used for harmless entertainment, fraudsters are increasingly weaponizing them to bypass banking security.
Many banks use static image checks during their onboarding, which typically involves asking banking customers to upload a photo of their ID alongside a selfie.
The problem? Today’s scammers can easily bypass these checks by generating images that look real to both human reviewers and software.
For example, scammers can:
Take a real passport or driver’s license and swap the photo with their own face. Since the rest of the ID remains “legitimate,” verification software struggles to detect the tampering.
Use AI to create an entirely new ID for a person who doesn’t exist.
Blend two faces (e.g., a criminal and a normal citizen), so facial recognition systems can’t flag them.
Change age, gender, hair, or facial features to avoid being caught by sanctions or watchlists.
In , scammers obtained a banking customer’s real ID and then used AI to manipulate the image, altering features such as clothing and hairstyle. They used this altered photo to bypass a financial institution's biometric verification system and applied for fraudulent loans.
2. Voice/audio deepfakes
It’s not hard for scammers to replicate someone’s voice - all they need is just a few seconds of audio of that person speaking.
For banks, this opens the door to serious risks. Scammers can use AI-cloned voices to impersonate banking customers and trick call center agents into bypassing identity checks, transferring funds, resetting accounts, and carrying out account recovery fraud.
A journalist from Vice how they successfully broke into their bank account using an AI-generated replica of their own voice, demonstrating just how easy it is to bypass voice-based security systems with deepfakes.
3. Video deepfakes
Video deepfakes are AI-generated or manipulated videos that impersonate individuals using facial likeness, voice, and even subtle mannerisms.
An example of a video deepfake is the "Deep Tom Cruise" video series that went viral on TikTok a couple of years ago. Created by a VFX artist, these videos used a Tom Cruise look-alike actor whose face was replaced with a highly realistic, AI-generated likeness of the actual Hollywood star. The deepfake perfectly mimicked Cruise's signature facial expressions, mannerisms, and overall appearance.
In banking fraud, a scammer could use the same techniques. They might start by scraping the open web (LinkedIn videos, webinars, interviews, etc.) for information of real banking employees, create deepfake videos of them, and spoof the bank’s official number.
Then, during the video call, the deepfake “banker” could claim to have detected suspicious activity on a banking customer’s account and request confirmation of their OTP. Because the video appears authentic, the customer could be tricked into sharing confidential details.
4. Combined video + audio deepfakes
A combined video and audio deepfake is what happens when scammers who use video deepfakes step up their game.
Video deepfakes are convincing, but often focus exclusively on replicating facial appearance, expressions, and body movements. The audio is often genuine (live) or crudely faked and mismatched.
This means that if the victim is even slightly more discerning and the voice doesn’t match the face perfectly (in terms of tone, timing, or accent), the fraud may be foiled.
A combined video and audio deepfake, on the other hand, simultaneously mimics the victim visually and vocally in sync. Voice cloning matches the target’s pitch, tone, accent, and cadence while the face moves naturally in sync with the generated speech.
A mismatch in one can be spotted. When both match perfectly, detection requires advanced biometric or behavioral verification tools.
In , scammers used AI-generated deepfakes to impersonate a company’s CFO and other employees during a video call, tricking a Hong Kong staffer into transferring approximately $40 million across 15 transactions.
Though publicly reported banking-related examples are scarce, here’s how this kind of scam could play out in a banking context:
Research. A fraudster gathers publicly available information on a bank's wealthy client, "Mr. Davies." They find his social media accounts, news articles, and a short video of him speaking. They also find the name of his private wealth manager, "Sarah," through the bank's website.
The scam. The fraudster then uses a combined video and audio deepfake to impersonate Mr. Davies. They call Sarah, the wealth manager, spoofing the number so it appears to be from Mr. Davies's phone. The video shows a convincing likeness of Mr. Davies, and the voice is an accurate clone of his.
Deception: The deepfake "Mr. Davies" tells Sarah that he is traveling and has a poor internet connection, which is why the video quality isn’t great, and he can't speak for long. He says he needs an urgent transfer to a new business account for a last-minute investment opportunity.
The outcome: Sarah, who has a long-standing and trusting relationship with Mr. Davies, sees his face and hears his voice. The urgent and high-stakes nature of the request is consistent with the kind of business he does, so she doesn’t suspect that it’s a fraud. She proceeds with the transfer, possibly against standard protocol, but convinced by the "face-to-face" interaction. The funds are immediately moved to a series of accounts, and by the time the real Mr. Davies is contacted later, the money is gone.
5. Live/real-time deepfakes
Live or real-time deepfakes are the most advanced deepfake scams possible. They are essentially either audio or video deepfakes that can be generated in real time.
If you are wondering how realistic real-time deepfakes have gotten, check out these “Elon Musk” livestreams.
People contributing to the livestream called in disbelief, “Wow, Elon, it's incredible to be on a livestream with you.”
These deepfakes are highly interactive, meaning that if someone on the other end changes the conversation or asks unexpected questions, the fraud will go on. The scammer can answer questions, change tone, or react to anything instantly.
Only very subtle AI artifacts or biometric/liveness tests can catch this type of deepfake scam.
How Banks Can Prevent Deepfake Scams Without Adding Friction
Detecting deepfake fraud is challenging for banks because deepfake technology is becoming increasingly sophisticated, realistic, and accessible. Traditional fraud detection systems weren’t built to handle these advanced synthetic media threats.
IronVest ActionID™ tackles this challenge by constantly confirming both the user’s identity and the legitimacy of every high-risk action, removing opportunities for compromise.
Common Deepfake Scams
Deepfake scam | How it works | Real-world example |
Deepfake images | Synthetic or manipulated images created with AI tools to bypass static ID and selfie verification checks. | Fraudsters altered a customer’s ID photo using AI (changing clothing and hairstyle) and successfully bypassed a bank’s biometric verification to apply for loans. |
Voice/audio deepfakes | Using AI, criminals create audio replicas from just a few seconds of someone’s voice and impersonate customers, trick call center agents, reset accounts, transfer funds, and commit account recovery fraud. | In 2023, a Vice journalist used an AI-generated replica of his voice to break into his own bank account, bypassing voice-based authentication entirely. |
Video deepfakes | AI-generated or manipulated videos impersonate individuals by mimicking their facial features, expressions, and mannerisms. | Viral "Deep Tom Cruise" video series on TikTok where a Tom Cruise look-alike actor’s face was replaced with an AI-generated likeness of the actual actor, perfectly mimicking Cruise's facial expressions, mannerisms, and overall look. |
Combined video + audio deepfakes | Deepfakes that synchronize visual and vocal impersonation, making them highly convincing. Voice cloning matches pitch, tone, and cadence, while facial movements align perfectly with the generated speech, significantly reducing detection chances. | Fraudsters are combining AI-generated faces with cloned voices, making mismatches nearly impossible to detect without advanced biometric tools. |
Live/real-time deepfakes | Video/audio deepfakes generated on the fly. Unlike pre-generated deepfakes, they adapt dynamically to real-time conversations. | Deepfake Elon Musk livestreams utilize AI-powered face-swapping, real-time voice cloning, and sometimes AI chatbots or a human operator to impersonate him convincingly and even answer questions live, tricking viewers into falling for fake cryptocurrency or investment scams. |