Deepfake video call simulations
A deepfake video call simulation is a live, operator-run exercise: an admin joins a real video call (Zoom, Teams, Google Meet, Webex, GoTo Meetings, Slack huddle, Telegram, or Signal) wearing a real-time face- and voice-swap so they appear and sound like someone the target trusts, a CEO, a board member, an IT admin, and tries to get the target to comply with a request (authorize a payment, hand over credentials, grant access). It is distinct from the Deepfake Videos library, which generates standalone pre-rendered video assets rather than running a live impersonated call. In the console, this feature is labeled Deepfake Video Call in the sidebar.
When you launch a campaign, the platform spins up a dedicated real-time face- and voice-swap session for your workspace, and your browser joins that session so the operator can run the call.
Prerequisites
- Deepfake video calls are a paid feature that must be enabled for your workspace. Trial workspaces can build a campaign in draft but cannot launch it; the launch button shows an upgrade prompt instead.
- Only one live deepfake or voice-impersonation session can run at a time per workspace. The platform checks for an existing session first and blocks with a message like "A deepfake session already exists" or "…is already being used by another admin" if one is active.
- For Telegram or Signal delivery, the operator needs an active account on that platform and a mobile device for pairing.
How to use it
- From the console sidebar, open Deepfake Video Call and select Create New Campaign.
- Delivery Channel: pick the platform the call will run on (Zoom, Slack, Microsoft Teams, Telegram, Signal, Google Meet, Webex, or GoTo Meetings). For platforms that need a meeting link (Zoom, Teams, Meet, Webex, GoTo Meetings), add the meeting details via the modal that opens. Switching platforms clears any meeting details you already entered.
- Scenario Setup, filled in across four sub-sections:
- Exercise Configuration: the use case (Tabletop Exercise, Red Team / Penetration Test, Security Awareness Training, …) and the target audience (pick from a list or type a custom one).
- Impersonated Identity Details: the impersonated person's name and job title (e.g. "Craig Jones", "Head of HR"), someone the target audience knows and trusts.
- Attack Configuration: the target department, the attack objective (wire transfer, credential harvesting, data exfiltration, access provisioning, malware delivery, vendor payment redirect, gift card / crypto purchase, info disclosure, physical bypass), and one or more social-engineering tactics (urgency, authority, pretexting, familiarity, fear, helpfulness, confidentiality, technical jargon, reciprocity, social proof).
- Generated Scenario: an AI-drafted scenario name and description built from the fields above; regenerate with the wand icon or edit manually.
- Scenario Summary: review the configuration, then Launch. This creates or updates the campaign and requests browser notification permission so you're alerted when the live session is ready.
- Once the session is ready, the operator joins the live session UI (face and voice swap active) and conducts the call on the chosen platform.
- After the call, log the outcome: an operator fills in the Target Vulnerability assessment (outcome + vulnerability level + a written observation), optionally using AI to draft the summary from the scenario and outcome.
- Call recordings appear on the campaign detail page (thumbnail + duration per recording) for later review.
Configuration & options
| Platform | Needs meeting details | Needs an active account + mobile pairing |
|---|---|---|
| Zoom | Yes | No |
| Microsoft Teams | Yes | No |
| Google Meet | Yes | No |
| Webex | Yes | No |
| GoTo Meetings | Yes | No |
| Slack (huddle/call) | No | No |
| Telegram | No | Yes |
| Signal | No | Yes |
| Field | What it does |
|---|---|
| Use case | Frames why the exercise is run (tabletop demo, red-team attack, awareness training, …) |
| Target audience / department | Who the scenario is aimed at, for reporting and targeting |
| Impersonated name / title | Identity the operator wears via the face and voice swap |
| Attack objective | The compliance outcome the exercise is testing for |
| Social engineering tactics | Multi-select tags describing the pressure techniques used |
Gotchas & limitations
- This is a live, human-operated call, not an autonomous AI call: an admin has to actually join and run the session in real time (unlike the fully-automated AI vishing calls). Budget operator time accordingly.
- Shared live-session slot. Deepfake and voice-impersonation campaigns draw from the same single live-session slot per workspace; you can't run a deepfake call and a voice-impersonation call at the same time, and a second admin can't join a session someone else already started.
- Leaving the tab ends or cancels the session. Closing the browser tab or navigating away tears the live session down: if it already produced a recording it is ended, otherwise it is cancelled. Don't rely on just closing the tab to pause and resume later.
- Trial workspaces can draft but not launch: attempting to launch on a trial workspace shows an upgrade prompt instead of provisioning a session.
- Changing the delivery platform wipes meeting details you'd already entered for the previous platform, a banner warns about this in the Delivery Channel step.
- Telegram and Signal require the operator to have an active account and a paired mobile device; there's no headless path for those two channels.
Troubleshooting / FAQ
Why can't I launch my campaign? Either the workspace is on a trial plan (draft-only), or another deepfake or voice-impersonation session is already active for this workspace, only one live session can run at a time, and only the admin who started it can use it until it ends.
I switched the meeting platform and my meeting link disappeared, is that a bug? No, switching the delivery channel intentionally clears previously entered meeting details, since a different platform needs a different link/format.
Do I need anything installed to run Telegram or Signal simulations? Yes, those two channels require an active account on the platform and a mobile device for pairing; the other channels (Zoom, Teams, Meet, Webex, GoTo Meetings, Slack) don't.
Related
- Callback phishing
- WhatsApp phishing campaigns
- Concepts overview
- AI Act compliance