The call sounded exactly like your bank manager — the voice, the cadence, the small verbal tics. A machine made it.A finance officer in Bengaluru joined a video call with her CEO. He was travelling, his face a little soft on the screen, asking her to move funds to a vendor account before a deal closed. The voice matched. The mannerisms matched. The request ran odd, yet the CEO had a name for last-minute calls. She sent the money.Someone had fabricated the whole call — the face and voice assembled in real time from footage anyone could find online. The money was gone before lunch.This is real, and it happens at scale. In February 2024, a finance worker at the engineering firm Arup wired $25 million after a video call populated by deepfaked versions of the company's chief financial officer and other executives. India sits inside the blast radius: a 2025 study of AI scams in India found that 47 per cent of adults have been hit by a voice-cloning or deepfake scam or know someone who has — close to twice the global rate — and 83 per cent of Indian voice-scam victims lost money, almost half of them more than Rs 50,000.Here is the reassuring part. Guarding against this takes common sense well ahead of technical skill. A shared code word, a rule about urgency, and the habit of checking with a second source before you act will stop most of these attacks cold.Your voice, face and writing are all copyable now.Until recently, impersonation at scale needed real resources. Forging a document took skill. Mimicking a voice well took training. That friction kept most attacks crude, and crude attacks are easy to spot.The friction has collapsed. A system trained on three to five seconds of recorded speech can clone a voice closely enough to fool people who know it well. A short video clip is enough to generate a moving, talking likeness. A handful of someone's emails is enough to write fresh ones that match their rhythm, their vocabulary, and the way they open and close a message.So the old signals of identity — a familiar voice, the feel of someone's writing, a face on a screen — now stand on their own as proof of very little.Pick a code word, and share it in person. The strongest defence against voice and video impersonation uses zero technology: a code word shared between the people you talk to most. A word or short phrase you agree on face to face, then use to confirm identity, any time money, access or sensitive information is on the line.Treat it like a PIN. A PIN guards your bank account; a code word guards your trust. Families, business partners and small teams have taken it up because it takes about thirty seconds to set and has already blocked real attempts.Three things to do today. Agree on a code word with your immediate family and closest colleagues — pick something an outsider would struggle to guess, well away from birthdays and pet names. Set a rule that any request involving money, passwords or urgent action on a call or video needs the code word first. And keep the word off your devices: agree it in person, or over a channel you already trust.Why fraudsters weaponise urgency? Automated scams pull one psychological lever harder than any other: urgency. The account closes tonight. The deal slips away the moment you hesitate. The package goes back to the sender. Act now, or pay later.Pressure tactics are old. The personalisation is new. A message that names you, your bank, your account number and your relationship manager earns belief — and belief plus a ticking clock is the whole con. The detail sells the urgency.So make urgency your cue to slow down. Any high-pressure demand tied to money or access earns a pause and a second channel. Ring the person back on a number you already have. Walk into the branch. Send a message on a different app. The thirty minutes it costs will feel like an overreaction now and then; once in a while, it saves you from a one-way mistake.Starve the attack of raw material. Fabricated voices and faces are built from real recordings. Personalised phishing is written from real details about you. The more of that material sits in public, the easier you are to fake.Deleting yourself from the internet misses the point. The point is being deliberate about what you make public. A profile stacked with years of voice notes, videos and personal updates is a ready-made training set for anyone who wants to be you for an afternoon.A few sensible adjustments. Review your public profiles — voice notes, videos and location data hand an attacker more than photos do. Search your own name now and then to see what surfaces; when account numbers, address history or job details turn up, ask whether they need to be there. Treat a video call from someone you have yet to meet as a recording session, because that is what it can become. And switch on a password manager and two-factor verification across every account that matters — old advice, still the most ignored.When something feels off, trust it. The Bengaluru finance officer said afterwards that something had felt wrong on the call. The CEO's phrasing ran a touch formal. He skipped his usual question about her family. She clocked both and let them go.That instinct deserves more respect. Fabricated likenesses keep improving, yet the tells remain: a rhythm that sits a fraction off, an answer that lands a beat late, a phrase that sounds like the person without quite being them. Each one falls short of proof. Each one earns a stop.Risk the awkwardness. If a call feels wrong, it is wrong enough. Offer to ring back. Say you want to check one thing first. A real request from a real person survives a ten-minute delay. A fabricated one tends to fall apart the moment you try to verify it — because dodging verification is the entire design.The code word she wishes she'd had.The attacks reaching people today want what attacks have always wanted: your money, your data, your credentials, your trust. What has changed is the quality of the disguise and the scale of the operation. India shows the shape of it — Mumbai's cyber police logged 640 deepfake-related complaints in 2025, with losses near Rs 400 crore, and SEBI warned in November that fraudsters now pose as chief executives and public figures to manufacture credibility.The defences that hold are human and habitual, ahead of anything technical. A code word agreed upon face-to-face. A rule about urgency. The nerve to stop when something feels wrong. A second channel to confirm. Each asks for one decision: take the threat seriously before it arrives, rather than after.The finance officer in Bengaluru has a code word with her CEO now. She wishes she had set it six months sooner.Frequently Asked QuestionsHow do AI cyber attacks work? They use artificial intelligence to scale up old crimes — cloning voices, generating fake video, writing convincing phishing emails, guessing passwords and building malware. The AI makes each attack faster, cheaper and far more convincing than the manual version.How do you avoid becoming a victim of an AI scam? Agree on a code word with close contacts, switch on two-factor authentication, and verify any money or access request through a second channel before you act. Treat unexpected urgency as a reason to pause, and confirm a sender's identity before you share personal details.Can AI clone a voice or a face? Yes. With a few seconds of audio or a short video clip, AI can produce a convincing copy of someone's voice or a moving likeness of their face — enough to fool people who know them.Does antivirus software help against AI threats?It helps. AI-powered security tools spot phishing, suspicious activity and malware faster than older software. Pair them with a password manager, two-factor authentication and the habit of verifying urgent requests.end of article