The Problem
In March 2024, a woman in New Jersey received a call from her son. His voice was unmistakable—the particular cadence, the slight rasp, even the way he said “Mom.” He was in legal trouble, he said. He needed $10,000 wired immediately. She didn’t ask many questions. By the time she realized it wasn’t her son, the money was gone.
This is no longer rare. The FBI received 22,364 AI-related complaints in 2025 with $893 million in adjusted losses, according to the FBI IC3 2025 Annual Report. A significant portion of these involve synthetic voice fraud—someone cloning a voice, usually of a family member or trusted contact, and using it to manipulate money, access, or information from the target. The deepfake fraud attacks surged 1,300% in 2024 alone, according to independent security analysts including Plurall AI and TruthScan.
What makes this moment different from older phone scams is not just the sophistication. It’s that the trust signal has collapsed. A voice, for centuries, was proof of identity. You heard your father and you knew it was your father. That assumption is now broken, and most ordinary people have not yet built a replacement verification method that actually works in the moment when a loved one calls with an urgent problem.
The tension is sharp: the tools to fake a voice are now free, easy, and available to anyone with a laptop. The tools to verify whether a voice is real have accuracy rates that drop 45–50% once they leave the laboratory and meet real-world conditions, according to research published by brside, the World Economic Forum, and peer-reviewed work at WACV 2026. Meanwhile, ordinary people still have almost no reliable protocol for what to do when they receive a call that sounds like someone they trust.
This is a problem that is active right now, not speculative. It is reshaping how people verify identity in real time, and it is driving real financial and emotional harm. Understanding what is actually happening—and what actually works—is the first step toward adapting.
Why This Is Happening
Three structural forces are converging.
First: voice cloning has become a consumer product. Open-source tools like Coqui XTTS, OpenVoice, RVC, and Mozilla TTS are freely available and require only 3–5 seconds of audio to create a synthetic voice that is difficult to distinguish from the original. You can download them on a consumer laptop. A person with moderate technical skill—not expert, moderate—can clone a voice in an afternoon. The barrier to entry has moved from “expensive specialized equipment” to “free software and a few minutes of YouTube tutorials.” That is not an incremental shift. It is a structural change in who can perform voice fraud and at what cost.
Second: identity verification infrastructure has no backup for voice. For decades, banks and security teams built confidence in voice identification as a secondary factor. You call your bank, they ask security questions, they hear your voice, and that confluence of signals creates reasonable confidence that you are who you say you are. But that system had an implicit assumption: the only copy of your voice that matters is the one coming through the phone. That assumption is now false. A scammer with three seconds of audio from your LinkedIn video or a family member’s voicemail can generate a voice call that triggers all the same neural patterns of recognition in the listener. The old system has no defense against this.
Third: detection tools exist but don’t work reliably at scale. Google Android Fake Call Detection advertises 90%+ accuracy internally and is available on Android 12 and newer devices, according to Google’s official security blog. But Google has not published independent validation or false-positive rates. More importantly, state-of-the-art detection systems lose 45–50% of their accuracy when exposed to real-world deepfakes versus lab-controlled conditions, according to multiple peer-reviewed sources including brside, USENIX security publications, and NCBI research. The gap between “works in a test” and “works when a scammer is actually calling you” is enormous. There is no iOS equivalent. Most people have no detection tool at all.
The result is a crisis of identity verification precisely when trust signals are cheapest to forge and detection tools are least reliable.
What People Are Actually Doing
Ordinary people are adapting in real time, but most adaptations are defensive rather than strategic.
Hanging up and calling back. This is the most common real-world response. When someone calls claiming to be a family member or trusted contact with an urgent request, many people now hang up immediately and call the person back at a known number. This works because it re-establishes the identity chain through a separate channel—the person’s real phone number—rather than trusting the voice coming through the incoming call. It is not foolproof (a scammer could claim the person’s phone is lost and they are calling from a friend’s number), but it disrupts the scam long enough for verification to happen. This behavior is spreading, especially among people who have heard about voice cloning or who have been targeted.
Asking security questions that only the real person would know. Some families are adopting ad-hoc protocols: if someone calls claiming to be a relative with an urgent request, ask them something that only that person would know—a childhood nickname, a private joke, a specific detail about a past event. The assumption is that a voice clone plus a pre-recorded answer is harder to orchestrate than a simple voice call. This is partially effective, but it relies on the person asking the questions having a memory clear enough to catch a wrong answer under stress, which is not always reliable.
Refusing to make financial decisions on phone calls. Some households and small businesses are moving to a policy where money transfers, account changes, or sensitive decisions never happen over the phone alone. If someone calls claiming to be your accountant and tells you to move funds, the response is to say you will call them back and verify through email or a known channel. This is sound security practice, but it requires discipline and assumes the scammer cannot create a believable follow-up on multiple channels—which is becoming a weaker assumption as synthetic media tools improve.
Buying call-filtering apps and checking for detection flags. Some people are subscribing to enhanced call-filtering services or using Android Fake Call Detection (for Android users) to flag suspected synthetic calls. However, these tools are generating both false positives and false negatives at significant rates. A person might see a “potential fake call” flag and dismiss a real call from a family member whose number is spoofed or whose connection is poor, creating its own kind of identity verification failure.
Older adults are becoming more isolated. The less documented but real adaptation: some older people, particularly those without strong technical literacy, are becoming more cautious about taking unexpected calls at all, fearing that any urgent request could be a scam. This trades financial fraud risk for emotional and informational isolation. Some are becoming more dependent on adult children to make decisions or verify calls, which shifts the problem rather than solving it.
What is striking is that none of these adaptations are based on actually detecting a synthetic voice. They all work around the problem by re-establishing trust through a different channel, asking questions a bot cannot answer, or refusing to act on voice alone. This tells you something important: people have already recognized that voice alone is not enough. They are not waiting for perfect detection tools. They are changing behavior.
The Build Opportunity
The verification gap is real and the solutions are partial. But there are clear openings for tools, practices, and infrastructure that can make verification easier and more reliable.
1. Verification protocols for small businesses and families. A simple, low-tech offering could be a service or toolkit that helps small organizations (family offices, small accounting firms, medical practices, local nonprofits) establish verified contact protocols. The core idea: create a simple record of “how we verify identity” before an emergency happens. For a family, this might be a shared note that lists the real phone numbers and email addresses where each person can be reached, plus one security question per family member. For a business, it might be a policy that all urgent financial requests must be confirmed through a separate channel (email from a verified address, callback to a known number) before any action is taken. This is not technology—it is coordination. But coordination that happens in advance, before scammers call, is far more effective than scrambling during the attack.
2. Multi-channel verification infrastructure for service providers. Hospitals, banks, utility companies, and government agencies receive calls from people claiming to be customers and requesting account changes, password resets, or sensitive information. A more robust offering would be a service that requires verification through multiple channels for high-risk requests. If someone calls claiming to be a customer, the service triggers a confirmation request through a second channel (email, SMS to a registered device, push notification on an app) before any change is made. This is not new—many services do this—but it could be standardized, made cheaper, and offered as a plug-in for small businesses that cannot build this themselves.
3. Open-source voice verification tooling that acknowledges its own limits. The current generation of detection tools (Google’s Fake Call Detection, commercial deepfake detection APIs) claim high accuracy without publishing independent validation. There is an opportunity for a genuinely transparent tool: open-source software that analyzes an incoming call for synthetic voice markers, but displays its confidence level honestly. Instead of “This is a real call” or “This is fake,” it could show “This call shows synthetic markers: 67% confidence. We recommend independent verification before acting.” This honesty about uncertainty would be more useful than false certainty, and it would push the burden of final verification back to the human user where it belongs.
4. Education and decision-making infrastructure for high-risk populations. Older adults, small business owners, and people under stress are the primary targets of synthetic voice fraud. An offering that combines simple education (how voice cloning works, what to do if you think you are being scammed) with a decision-making framework (a flowchart or checklist that helps someone decide whether to act on a voice call) could reduce harm. This could be offered through community centers, local libraries, senior organizations, or packaged as a simple app. The goal is not to prevent all fraud, but to reduce the stress and isolation that comes from not knowing how to verify.
5. Law enforcement and fraud reporting infrastructure that feeds back into prevention. Victims of synthetic voice fraud are often too embarrassed to report it, or they report it to local police who have no expertise in digital fraud. A clearer, simpler reporting pathway—perhaps through a nonprofit or a coordinated national hotline—could aggregate data on how scammers are operating, which phone numbers they use, which voices they clone, and which approaches work. That data could feed back into alerting systems for families and businesses. This is a coordination problem, not a technology problem, but it is solvable.
None of these require perfect detection tools or unbreakable verification. They all work within the constraint that voice alone is not enough, and they all create friction for scammers while minimizing false positives for ordinary people.