Should I hang up if I suspect a deepfake call?

Yes, always. Hang up and call back on a known-good number. This single rule defeats most vishing attacks regardless of how good the voice clone is.

What if it sounds exactly like my family member in trouble?

Still hang up, still call back. If they're really in trouble, the real person will answer the callback. If they don't, contact them through every other channel you have — the scam depends on urgency overriding verification.

Do banks ever legitimately call to authorize wire transfers?

Almost never. Legitimate bank fraud calls will ask you to log in to verify through the app or call their main number. Any call asking you to move money to a new account, verify codes, or authorize a transfer over the phone should be treated as a scam until verified on your side.

How to spot · scam-call

How to Survive a Deepfake Scam Call

A practical survival guide for recognizing, handling, and recovering from a deepfake scam call — whether you're an individual, a family member, or an employee of a targeted organization.

Resemble AI·Apr 12, 2026·3 min read

If you're reading this because you think you're on or just finished a deepfake scam call, the most important sentence on this page is: hang up, and call back on a number you sourced yourself.

That's it. The rest of this guide is context.

During the call

The single rule

Never transfer money, never share a code, never authorize an action from an inbound call — regardless of who the caller claims to be. Hang up. Call back on a number you sourced yourself (bank's website, back of your card, company directory, your own phone contacts).

This rule defeats most vishing attacks regardless of how good the voice clone is. The attacker cannot hold a phone call while also receiving one — a callback from you breaks the attack.

Signals you're on a scam call

Urgency. "Your account is being drained right now." "The CEO needs this before close of business." "You're being investigated."
New information about accounts, wire routing, or credentials you didn't initiate.
Requests to move money to a "safe account" or read back security codes.
Pressure not to tell anyone ("this is confidential, don't loop in your manager").
Caller ID matches a legitimate number you know — modern caller-ID spoofing is trivially easy and not evidence of legitimacy.

What to say

If you suspect it:

"I need to verify this call. Please hang up, I'll call you back on the number I have."

If the caller pushes back — pressure, protest, accusation — that's confirmation. A legitimate caller welcomes callback verification. Scammers don't.

The shared-context test

If you can't hang up (e.g., you're at a front desk and someone calls claiming to be the CEO), ask something only the real person would know:

What's my dog's name?
What book did you recommend to me last week?
Where did we have that conversation about X?

A voice clone driven by a script-reading attacker cannot answer these. This is what saved Ferrari from a $40M fraud attempt.

After the call

If you didn't fall for it

Report the number to your carrier (7726 in the US).
Report to the FTC at ReportFraud.ftc.gov (US) or your local equivalent.
If the caller impersonated a specific company or person, let that company/person know — they may want to issue a warning.
If you recorded any of the call or have the voicemail, consider uploading it to the free audio detector to confirm it was synthetic.

If you did fall for it

Call your bank immediately. Funds moved via wire are sometimes recoverable if the report is within hours.
Freeze affected accounts.
Change credentials for any account credentials you shared.
Report to law enforcement — FBI IC3 (US), Action Fraud (UK), or your local cybercrime unit. Prosecution rates are low but reporting adds to pattern data.
Don't blame yourself. These attacks are designed by professionals to hit exactly when you're rushed or emotional. Awareness is the defense going forward.

For employers

If you run a business with wire-transfer authority (most do):

Written out-of-band verification policy. No financial transfer is approved on voice alone. Callback on a known-good number, or multi-party approval, is mandatory.
Make verification cultural, not optional. "Of course I trust you, and of course I'll still follow the process."
Train specifically on deepfake voice attacks — most employees have heard of deepfake video but not deepfake voice, and it shifts how they respond.
Consider real-time audio deepfake detection integrated into the call flow. See the banking and call-center playbooks.

For family

Agree on a "safe word" with older relatives who are the highest-risk population. If someone calls claiming to be a grandchild in trouble, the real grandchild knows the safe word. A voice clone doesn't.