
The year 2025 delivered a surge of deepfake schemes that were more convincing and brazen than ever before, leveraging global celebrities, political figures, and trusted institutions with startling efficiency. From highly convincing Warren Buffett deepfakes to an award-winning AI-manipulated ad campaign, 2025’s fraud landscape was rife with simulated identities.
Cheaper, faster, and easier-to-use generative AI tools expanded opportunities for creative production, education, and accessibility. Yet the same AI tools armed criminal networks with the ability to fabricate persuasive media at scale, overwhelming unprepared consumers and institutions.
Regulators spent much of 2025 trying to catch up. Financial authorities across multiple regions issued repeated warnings as reports of deepfake-driven fraud surged, while cybersecurity companies scrambled to update detection systems already straining under the speed of innovation.
Even today, many organizations are trying to decipher what went wrong last year in pursuit of answering one fundamental question: How can we prevent AI deepfake fraud in 2026 and beyond?
Below, we break down the five deepfake fraud cases that most clearly defined the landscape of 2025. We’ll then analyze what we can learn from them in 2026.
In August 2025, the BBC published an in-depth report featuring rare testimony from a North Korean defector known as "Jin-su." His account sheds light on a vast and lucrative scheme run by Pyongyang to secretly place state-sponsored IT workers inside Western companies.
Over several years, Jin-su used dozens of fake identities to secure remote IT jobs across the U.S. and Europe as part of a coordinated operation designed to funnel millions of dollars back to North Korea. According to UN estimates, these secret IT workers generate between $250M and $600M annually for the regime.
Workers like Jin-su operate in teams abroad, often in China, Russia, or Africa, where internet access is unrestricted. They impersonate Westerners to bypass sanctions and secure higher pay. Jin-su’s strategy was to pose as Chinese and persuade people in countries like Hungary or Turkey to lend their identities, before eventually obtaining UK or U.S. profiles to target higher-paying jobs.
"With a little bit of chat, people in the UK passed on their identities so easily," Jin-su said.
Once hired, many workers stick to regular IT duties. However, some have gone further, stealing sensitive data or hacking employers to demand ransom. The case exposes a broader and growing reality: **candidate fraud is on the rise everywhere**, with fraudulent applicants slipping into hiring pipelines using stolen identities, fabricated credentials, and AI-generated personas at a scale that poses serious risks to businesses across industries.
In May 2025, Coinbase revealed it had suffered a serious data breach after cybercriminals bribed overseas customer support agents to steal sensitive customer data.
The breach originated on December 26, 2024. In May, attackers demanded a ransom of $20 million in exchange for not revealing the sensitive information. Coinbase refused to pay the ransom and instead cooperated with law enforcement, while also pledging a $20 million reward fund for information leading to the attackers' arrest and conviction.
The stolen data included names, email addresses, phone numbers, and in some cases images of government-issued IDs submitted for KYC verification, affecting approximately 70,000 customers. Rather than relying on external hacking, the attackers went straight for the human layer, targeting support agents with cash bribes and turning them into accomplices.
San Francisco-based Coinbase estimated the incident could ultimately cost up to $400 million to remedy, making it one of the most high-profile security breaches in the history of crypto trading. The scheme had a clear downstream goal: attackers used the stolen data to impersonate Coinbase support staff, calling customers to claim their accounts had been compromised and tricking them into transferring their funds directly to the attackers. The case became a stark reminder that fraud prevention cannot stop at the firewall.
In early 2025, a woman in Los Angeles fell victim to a sophisticated deepfake romance scam in which fraudsters used AI-generated videos impersonating Steve Burton, the actor from General Hospital. Over several months, the fake “Burton” cultivated an online relationship with the victim, gaining her trust through deepfake videos and ultimately convincing her to transfer her entire life savings of over $80,000 via a combination of gift cards, Zelle, and bitcoin.
The scam didn’t stop there. The fraudsters continued to request money from the victim under the guise of purchasing a joint beach house. To fund this venture, the victim sold her family’s condo for $350,000—well under market value.
“I want to live the rest of my life with you,” reads a message from the fraudsters, just one among hundreds sent by “Burton” intended to gain trust. “You’re my wife.”
The real Steve Burton estimated that his likeness has been used to defraud fans hundreds of times: “I see people come to my appearances and look at me like they’ve had a relationship online for a couple years, and I’m like, ‘No, I’m sorry. I don’t know who you are,’ and you just see, it’s so sad, you see the devastation.”
Police and cybersecurity experts described this case as part of a “rapidly expanding pattern” of emotional exploitation, where criminals leverage synthetic intimacy and recognizable faces to bypass normal skepticism.
In November 2025, Berkshire Hathaway issued a press release warning people about popular deepfake videos featuring the Oracle of Omaha himself, Warren Buffett.
In these videos, which circulated on platforms like TikTok and YouTube, a deepfake Buffett pitched “exclusive investment opportunities.” ****According to Investopedia, many of these clips employed voice cloning and lip‑sync technology to simulate the billionaire speaking directly to viewers. These fake versions of Buffett recommended crypto funds or high‑yield schemes, promising miraculous returns.
"Individuals who are less familiar with Mr. Buffett may believe these videos are real and be misled by the contents," Berkshire said. "Mr. Buffett is concerned that these types of fraudulent videos are becoming a spreading virus.”
The issue drew swift and serious pushback. Berkshire Hathaway’s public warning in November 2025 urged people to exercise extreme caution with unsolicited investment offers. And, in a notable coda, Berkshire Hathaway itself used a deepfake of Buffett to open the Q&A at its May 2026 annual shareholders' meeting, further highlighting how AI tools have revolutionized our perception of reality.
Today’s deepfake projects are using generative neural networks so refined that visual or audio glitches are nearly undetectable to the average viewer. The result: a near‑perfect illusion of authenticity. The technical barrier has collapsed now that a decent smartphone or laptop armed with AI tools is enough to produce convincing fraud.
In May 2025, a video campaign began circulating online that used a manipulated clip from DeAndrea Salvador’s 2018 TED Talk—originally addressing energy poverty in the U.S.—to promote Whirlpool appliances in Brazil.
The AI-altered footage changed both Salvador’s voice and the slides, recasting her original commentary about low-income Americans’ energy struggles into a pitch about “low-income communities in São Paulo.” The ad, produced by a São Paulo–based subsidiary of a global marketing agency, won awards at the Cannes Lions International Festival of Creativity.
Claiming reputational harm and unauthorized use of her likeness, Salvador filed a lawsuit in U.S. federal court against Whirlpool, the agency, and its subsidiaries. According to The Washington Post, the suit argues that the AI-manipulated video misrepresented her identity and views without consent, illustrating the potential for thought leaders to be exploited by generative AI.
The case has already had tangible outcomes: the ad was pulled from circulation, and the agency surrendered two Cannes Lions awards.
The U.S. lost $712 million to deepfake-related scams in 2025. And those losses are not slowing down in 2026. Surfshark research estimates that deepfake scams accrued $96 million between January and April of 2026.
Here’s what we can learn from what we’ve already seen in early 2026 compared to 2025.
In 2026, fraudsters have set their sights on impersonating corporate authority figures as opposed to just celebrities. We should expect to see many more instances of deepfakes featuring CEOs and thought leaders, especially those in a position to provide investment advice, like Warren Buffett.
In January 2026, the Bombay Stock Exchange issued an urgent warning after deepfake videos of its CEO spread online, promoting fraudulent stock tips and promises of “supernormal profits.” This instance directly mirrors the Buffett deepfake fraud from 2025.
The utilization of institutional authority as a means of deception, particularly in the context of investment fraud, signals a dangerous new phase. The trust being exploited is no longer just parasocial, but civic and financial. When a fabricated Zoom call can convincingly feature a prominent executive alongside central bank officials, no public figure's credibility is safe from weaponization.
Fraudsters are increasingly sequencing deepfake video, voice cloning, and social engineering across multiple platforms, creating far more convincing campaigns. Victims don’t receive just one isolated request for funds. They’re contacted by email, followed up with via voice chat, and met with on Zoom to seal the deal, with each touchpoint reinforcing the reality of the last.
Case in point: In May 2026, the Singapore Police Force revealed that a victim had transferred $3.8 million U.S. dollars to a scammer posing as Prime Minister Lawrence Wong. The fraudster sent an exploratory text requesting the victim’s presence on a Zoom call, and then used deepfake technology to simulate the likeness of Wong and other government officials on a live video call. Thereafter, a “lawyer” reached out requesting funds related to the Strait of Hormuz.
This level of orchestration, involving fake officials, fake meetings, but real geopolitical context, would have been extraordinarily difficult to pull off one year ago. Today it is becoming a repeatable playbook. The lesson is clear: in 2026, organizations and individuals must remain vigilant across all touchpoints and verify identity across the communication lifecycle.
In 2026, the remote hiring process has become one of the most exploited entry points for deepfake fraud, exacerbating systemic issues identified in 2025. Generative AI tools can now produce hyper-tailored resumes, fabricated credentials, and deepfake candidates capable of passing live video interviews in real time.
In March 2026, a suspected deepfake job applicant was caught infiltrating a hiring interview at a Japanese IT company. The fraudster was detected only after frame-by-frame analysis revealed unnatural hairline boundaries, brief eye misalignment, and mismatched lip movements. Okta has identified more than 6,500 similar cases globally, the majority believed to be linked to North Korean IT workers seeking remote access to foreign systems and sensitive data—similar to the story of Jin-su.
The stakes go beyond a bad hire. Once inside, fraudulent employees can exfiltrate data, install malware, or hold systems for ransom. Without the proper guardrails around candidate identity verification (IDV), employers will increasingly onboard individuals who are not who they claim to be, handing bad actors the keys to sensitive infrastructure from day one.
Deepsight, the world's most accurate deepfake detection system, reliably detects and blocks deepfakes, injected virtual cameras, and synthetic identity attacks. Validated by Purdue University, it operates in real time with no added friction for legitimate users.
Deepsight detects identity at three distinct layers: perception, integrity, and behavior.
A world-class, multi-modal AI examines thousands of data points across multiple frames, motion, and depth data to detect deepfakes and physical spoofs in the captured selfie.
It analyzes subtle biometric cues, including light reflection off skin, iris presentation, blurriness around the face, texture anomalies, and cross-modal inconsistencies typical of generative AI tools. It detects >99.99% of deepfakes and synthetic ID images.
Deepsight detects fraudulent verification attempts by analyzing device signals, such as virtual emulators, jailbroken or rooted devices, and fingerprint anomalies.
It also verifies camera integrity by detecting virtual cameras and tampered video feeds, blocking injection attacks before the capture process even starts.
Deepsight monitors user behavior in real time to identify fraudulent patterns, including bot-like activity, motion anomalies, and fraud-farm-like interaction patterns.
Incode was named a Leader in the 2025 Gartner® Magic Quadrant™ for Identity Verification. Download the report to learn more.