Last updated: July 2026

Deepfake fraud is no longer a fringe threat. In 2026 it is a routine attack vector that shows up in contact centers, hiring pipelines, and finance workflows every day. Below are the figures security and fraud leaders are quoting this year, each tied to its primary source, grouped by what they actually tell you.If you remember one thing, make it this: the tools to fake a voice, a face, or an ID document are now cheap, fast, and good enough to fool almost anyone. That moves the burden off your people. The question is no longer “can an agent spot the fake,” it is “can your process verify the real person.”

The deepfake fraud numbers at a glance

Figure Stat Source (year)
11% Share of global fraudulent activity that is now deepfakes in 2026, up from 6.5% in 2024 Sumsub (2026)
$893M US losses from AI-enabled fraud reported to the FBI in 2025, its first year tracking AI FBI IC3 (2026)
23% Cloud intrusions where voice phishing was the top way in during 2025 Mandiant M-Trends (2026)
6.5% Share of all fraud attempts that are now deepfakes, up from 0.1% three years earlier Signicat (2024)
2,137% Rise in deepfake fraud attempts over three years Signicat (2024)
0.1% People who could reliably identify deepfakes in a controlled test iProov (2025)
1,300%+ Rise in deepfake fraud attempts in 2024, from about one a month to seven a day Pindrop (2025)
3 seconds Audio needed to clone a voice at roughly 85% accuracy McAfee (2023)
$25.6M Loss in the Arup deepfake CFO video-call scam Hong Kong police via CNN (2024)
$40B Projected US GenAI fraud losses by 2027, up from $12.3B in 2023 Deloitte (2024)
30% Enterprises that will distrust standalone identity verification by 2026 Gartner (2024)

How common are deepfake attacks now?

Deepfakes account for about 6.5% of all fraud attempts, or 1 in 15, up from 0.1% three years earlier. That is a 2,137% increase, according to Signicat’s fraud research with Consult Hyperion. A category that was a rounding error in 2021 is now a measurable share of the fraud your team sees, and it keeps climbing. Sumsub’s 2025-2026 report puts deepfakes at about 11% of global fraudulent activity.

The regional data tells the same story. In North America, deepfake fraud rose about 1,100% year over year in early 2025, and synthetic identity document fraud rose about 311%, according to Sumsub’s identity fraud research. Synthetic documents and synthetic faces are climbing together.

Can anyone actually spot a deepfake? Barely

No. When iProov tested 2,000 US and UK consumers in 2025, only 0.1% correctly identified every real and fake sample, and that was after being told to look for fakes. People caught high-quality deepfake video just 24.5% of the time. McAfee found 70% of people were not confident they could tell a cloned voice from a real one.

This is why “the caller sounded right” is no longer evidence of anything. Human instinct was the last line of defense at the help desk, and it does not hold. For what that looks like on a live call, see Your help desk agent can’t tell it’s not you anymore.

Where do deepfakes hit hardest? The contact center

The call center is the front line. Deepfake fraud attempts jumped more than 1,300% in 2024, from roughly one a month to about seven a day, according to Pindrop’s 2025 Voice Intelligence and Security Report. Pindrop also measured a 475% rise in synthetic voice attacks at insurers and a 149% rise at banks.

The shift shows up at the top of the threat reports too. In Mandiant’s M-Trends 2026, voice phishing was the second most common way attackers broke in during 2025, and the single most common route into cloud environments at 23%, ahead of email phishing.

It lands there because that is where a synthetic voice meets a human who is measured on speed and trained to help. Password resets, MFA resets, and account recovery are the exact moments attackers target.

How fast and cheap is voice cloning?

Fast enough that it is not a barrier. A convincing voice clone needs as little as 3 seconds of audio to reach about 85% accuracy, and McAfee’s researchers hit a 95% match with only a few more samples. Anyone with a voicemail, a webinar clip, or a few seconds of social video has the raw material.

The exposure is already broad. In McAfee’s survey of 7,000 people, 1 in 4 said they had experienced an AI voice cloning scam or knew someone who had, and 1 in 10 said they had been personally targeted. Of those who lost money, 77% lost real funds.

What is deepfake fraud costing?

Enough to change budgets. The clearest single case is Arup, the engineering firm whose finance worker was tricked into sending $25.6 million after a video call where every other participant, including the CFO, was a deepfake. Hong Kong police reported the loss across 15 transfers.

The national tally is now official. The FBI’s Internet Crime Complaint Center logged about $893 million in AI-enabled fraud losses in 2025, the first year it tracked AI as its own category. The projection runs higher still. Deloitte’s Center for Financial Services estimates GenAI could push US fraud losses to $40 billion by 2027, up from $12.3 billion in 2023, a 32% compound annual growth rate. Arup is what one incident looks like, the FBI figure is the current national floor, and Deloitte’s is the trend line.

Are enterprises ready? Mostly not

No, and the vendors’ own customers know it. Gartner predicts that by 2026, 30% of enterprises will no longer consider identity verification and authentication reliable on its own, because deepfakes on face biometrics make it hard to tell a live person from a synthetic one. Gartner also noted injection attacks, which bypass the camera entirely, rose 200% in 2023.

The readiness gap is the other half of the story. Signicat found only 22% of organizations have put measures in place to counter AI-driven identity fraud. Most teams now agree their existing checks fall short. Most have not yet closed the gap.

What the numbers point to

Every figure above traces back to the same weakness. Legacy defenses test what a person knows or what a camera sees, and GenAI beats both. Knowledge-based questions fail because the answers are online. Biometric and liveness checks fail because synthetic faces and injected video streams defeat them. That is the shift toward Identity Impersonation Detection: verifying the real person against authoritative sources instead of trusting a secret or a face.

Trusona built ATO Protect for that job. When a caller asks for a password reset, an MFA reset, or account recovery, the agent triggers a verification that confirms the person’s real, government-issued identity in real time. It is designed to resist GenAI deepfakes and to flag the technical tells of an attack, including SIM swap and man-in-the-middle activity, with no pre-registration, no app download, and no stored PII. The reasoning behind the approach is in the Identity Impersonation Detection white paper.

Frequently asked questions

What percentage of fraud is now deepfake-related? About 6.5% of all fraud attempts, or 1 in 15, up from 0.1% three years earlier, according to Signicat. That is a 2,137% increase over three years.

How much audio does it take to clone a voice? As little as 3 seconds of clear audio can produce a voice clone with about 85% accuracy, according to McAfee. A few more samples push that to 95%.

Can people tell the difference between real and deepfake content? Rarely. An iProov study found only 0.1% of people could reliably identify deepfakes, and even high-quality deepfake video was caught just 24.5% of the time.

Where do deepfake attacks hit enterprises hardest? Contact centers and help desks. Pindrop recorded a 1,300% rise in deepfake fraud attempts in 2024, to about seven a day, aimed at agents during password resets, MFA resets, and account recovery.

Is voice phishing really a top way attackers get in? Yes. Mandiant’s M-Trends 2026 found voice phishing was the second most common initial access vector in 2025, and the most common for cloud intrusions at 23%, ahead of email phishing.

How much is deepfake and GenAI fraud expected to cost? The FBI logged about $893 million in AI-enabled fraud losses in 2025, its first year tracking AI as a category. Deloitte projects US GenAI fraud losses could reach $40 billion by 2027, up from $12.3 billion in 2023. Individual incidents already run high: the Arup deepfake scam cost $25.6 million.

How do you stop deepfake fraud at the help desk? Verify the real person, not their trivia or their voice. ATO Protect confirms a caller’s government-issued identity in real time before any high-risk action, and flags SIM swap and man-in-the-middle signals.

Sources

  • Signicat, The Battle Against AI-Driven Identity Fraud (2024)
  • iProov deepfake detection study (2025)
  • Pindrop, 2025 Voice Intelligence and Security Report
  • McAfee, Beware the Artificial Impostor (2023)
  • Deloitte Center for Financial Services, deepfake banking fraud analysis (2024)
  • Gartner press release on identity verification and deepfakes (2024)
  • Sumsub, Identity Fraud Report 2025-2026
  • FBI Internet Crime Complaint Center, 2025 Internet Crime Report (2026)
  • Mandiant (Google Cloud), M-Trends 2026
  • Hong Kong police via CNN, Arup deepfake scam (2024)

The faster your team can answer “is this really who they say they are,” the less any of these numbers can hurt you. See how ATO Protect works.

Audited. Verified. SOC2 Certified.