# Deepfake detection: A practical guide for fraud prevention teams **Author:** Eduardo Lopez · **Published:** 2025-10-23T00:00:00.000Z · **Categories:** Fraud Deepfakes are quickly becoming a major fraud vector, used to bypass KYC, fake job applicants, and socially engineer victims. Learn how fraud prevention teams can detect, triage, and stop deepfake attacks. If you work in fraud or compliance, you’ve probably already started seeing signs of deepfakes and synthetic documents in your queues. AI-powered fraud is rising fast, and it’s only getting easier to pull off. New tools are constantly being released that make it simple to generate realistic faces, videos, and documents with minimal effort. What used to take technical skill can now be done with a few clicks, and that accessibility is driving more fraud attempts across every industry. The challenge is that most existing systems weren’t built to spot this kind of fraud. And now, with new regulations emerging around AI-generated identities and synthetic media, risk teams need to be able to effectively detect and stop deepfake fraud. This guide walks through the different types of deepfakes, how fraudsters use them, and how risk teams can detect them. ## Types of deepfakes and how they’re delivered **Deepfakes are AI-generated or manipulated images and videos designed to make someone appear real or change what they look like.** They fall under the broader category of synthetic media and are becoming a shared problem for both fraud and compliance teams. Fraudsters are using them for a range of attacks, such as creating synthetic identities, spoofing their feeds during selfie liveness checks, and creating falsified evidence for disputes or insurance claims. Let’s take a look at the different types of deepfakes. ### Partial face morphing Partial face morphing (identity cloaking) allows you to change specific parts of your face, without having to completely hide your appearance. This can be done by blending features from other people, or using models that let you adjust eye color, resize noses, alter jawlines, or make your face look thinner or wider in real-time. Because these models use very little processing power, fraudsters will use them to change their appearance during real-time video streams without any lag or obvious tells. ### Fully AI-generated faces Fully AI-generated faces are created entirely from scratch using generative AI models like DALL-E, SDXL, Midjourney, and Stable Diffusion. **Attackers can easily prompt AI to generate an image of someone based on their gender, race or nationality, where they live, or even what job they have.** Beyond the publicly available AI tools, there are scam toolkits sold on the dark web that make it easy to produce hyper-realistic images and videos specifically built for fraud. ### Face swapping Face swapping replaces one person’s face with another’s, and is probably the most common type of deepfake you’ll see online today. There are many different tools that allow you to create these deepfakes by uploading an image or a video. ### Face reenactment / Lip syncing Face reenactment and lip syncing allow you to animate a photograph or screenshot of a real person’s face to their expressions and mouse movement match another person’s speed or actions. These deepfakes are usually delivered in a few specific ways, and understanding how they’re presented can give you clues about what signals can be used to detect them. 1. **Physical presentation:** This is when a deepfake is shown on a physical device, such as a phone, tablet, or computer monitor during a call or an in-person verification. 2. **Video injection:** This refers to deepfakes that are delivered through a virtual camera or browser plugin that feeds a video stream into a platform, such as a liveness check embedded in a fintech app or a conference call. 3. **Doctored media:** This includes synthetic or manipulated documents, images and videos, such as government IDs, business registrations, bank statements, invoices, or proof-of-address forms. 4. **Screensharing:** This is when a deepfake is shown during a screenshare session or embedded in a pre-recorded presentation. ## How deepfakes are used for fraud Deepfakes are being used across a wide range of fraud vectors that affect both fraud and AML teams. Below are a few areas where we've seen fraudsters using deepfake technology. **Identity fraud:** Attackers generate full faces or morph photos to create synthetic identities that pass visual checks and populate onboarding forms. These images are paired with fabricated PII and used to open accounts, enroll in services, or stitch multiple fake profiles into a single fraud ring. **Bypassing KYC:** Fraudsters feed virtual camera streams, pre-recorded video, or real-time reenactment into selfie liveness checks so the system believes the user is live. **Social engineering scams:** Deepfakes provide quick visual “proof” to back up impersonation calls or messages and reduce hesitation from targets. **Job applicant fraud:** There’s been a recent uptick in the use of synthetic video and headshots to clear remote job interviews. **Disinformation and reputational attacks:** Fake endorsements or speeches from public figures are often created to promote scams or manipulate markets. **Falsifying evidence for claims and disputes:** Attackers use deepfakes to create convincing “proof” for chargebacks, refunds, and insurance claims. **Sextortion / blackmail:** These scams usually target younger people and often start on social platforms. **Fake accounts and bot farms:** Fraudsters use generated faces and videos to create fake accounts. **Account takeovers:** Deepfakes are used to impersonate legitimate users during account recovery or password reset flows. ## Myths about detection ### Myth #1: Most deepfakes are laggy There are now models that can produce deepfakes with basically zero lag time. ### Myth #2: If it’s laggy, people won’t believe it Lag just looks like a bad internet connection. ### Myth #3: Many deepfakes look obvious Yes, sometimes deepfakes do have weird eyes, bad teeth, or look like poor photoshop. ### Myth #4: Metadata proves an image is real/fake Metadata can be edited or stripped. ### Myth #5: Liveness checks are foolproof Liveness checks are only as strong as where, when, and how they’re deployed. ## Best practices for deepfake detection 1. **Look for spoofing tools:** Watch for signs of virtual cameras, emulators, or screen-share feeds. 2. **Watch for video inconsistencies:** Compare what’s happening in the video to the user’s environment. 3. **Ask for actions that can’t be pre-rendered:** Challenge users to do something unpredictable. 4. **Compare images against known reference media:** Match the video or image against verified ID photos. 5. **Watch for small behavioral tells:** Look for odd blinking, stiff posture, or small freezes when the model updates. 6. **Cross-check device and session signals:** If the same device ID, browser fingerprint, or IP range shows up across multiple users, you’re likely dealing with coordinated or synthetic activity. 7. **Check background audio:** Deepfake tools often miss subtle sounds. 8. **Push to a second device:** If you suspect someone is using a deep fake model, and they appear to be on a laptop, ask them to switch to their smartphone. 9. **Build layered defenses:** Combine document verification, selfie or live video checks, device intelligence, behavioral biometrics, and human review. ## Leverage Sardine for deepfake detection Sardine can help you detect deepfakes during onboarding, step-up verifications, login flows, and live video conferencing. Our own HR team uses this technology to catch fake job applicants attempting to game our interview process. ## Frequently Asked Questions (FAQ) **What is a virtual camera?** A software-based camera feed that replaces the real webcam output with a pre-recorded or AI-generated video. **What is a face swapping tool?** Software that overlays one person’s face onto another’s in real time or during video creation. **What regulations have been created to combat deepfake fraud?** Several countries are tightening rules around synthetic media. **How do you triage a suspected deepfake case quickly?** Start with the strongest technical signals. **When do you auto-deny, step-up, or route to manual review?** Use rule-based thresholds driven by model confidence. **How do you train interviewers or support agents to run live challenges?** Treat live challenges as structured verification, not casual conversation.