From stolen passwords to AI deepfakes: inside the world of digital fraud

What does modern fraud actually look like? Not the Hollywood version – not a lone genius in a hoodie – but the real, industrialized, increasingly AI-powered operations that identity verification experts deal with every day?

In the first episode of the Veriff Voices Deepfakes Series, host Anisah Osman Britton sits down with two Veriff insiders to find out: Ira Bondar-Mucci, Fraud Platform Lead, and Geo Jolly, Lead Product Manager. Together, they map the fraud landscape from its most basic forms all the way to the deepfake frontier, and what any of us can do about it.

Produced by Any Other Business

Fraud 101: It’s about pretending to be someone else

Ira opens with a deceptively simple definition: fraud is someone pretending to be someone else to access something they shouldn’t have. But that simplicity masks a rapidly growing complexity. Today’s fraud spectrum runs from clumsy opportunism to sophisticated criminal enterprise, and increasingly, all of it is turbocharged by AI.

The team breaks fraud down into four broad types:

Low-effort, opportunistic fraud exploits gaps in processes rather than deploying any sophisticated tooling. A weak password, a distracted employee, a system that accepts a printed document when it shouldn’t – these are the entry points. No malicious masterplan required; fraudsters simply find the unlocked door and walk through it.

Organized fraud is a different beast entirely. Ira describes operations that look, uncomfortably, like businesses: device farms – rooms full of phones running verifications in parallel – bulk purchases of stolen identities from the dark web, VPN rotation to disguise session origins, and device spoofing to evade tracking. “There is intent to bypass, and bypass at scale,” she says.

Friendly fraud covers cases where the person committing fraud doesn’t fully realize they’re doing anything wrong. An edge case, but a real one.

AI-powered fraud cuts across all three categories and is, by far, the fastest-growing concern: deepfakes, synthetic identities, and injection attacks that can fool systems and human eyes alike.

The dark web: Fraud’s back-office

For most people, the dark web is a vague concept from a thriller. Geo demystifies it plainly: think of it as the untraceable side of the internet, where the lack of visibility from authorities creates a permissive environment for illegal activity. Stolen identity documents, forged passports, and personal data from breaches all change hands there: paid for via untraceable payment tools, not conventional banking.

But it’s not just a marketplace. The dark web – and increasingly, surface-level platforms like Telegram, TikTok, Discord, and Reddit – has become an education system for fraudsters. Ira introduces the concept of fraud as a service: ready-made fraud toolkits sold on subscription, complete with pre-built fake document templates, real-time deepfake masking software, and step-by-step guides for bypassing specific identity verification systems. Some even come with live customer support via Telegram.

“The barrier and the technical skill needed for those attacks have gone lower,” Ira says. “Fraud as a service is democratising fraud, which lets it scale at an amazingly fast pace. It’s a constant cat and mouse game.”

Dating apps: Where fraud gets personal

Of all the industries touched by identity fraud, dating apps offer the most immediate human stakes. Historically, Ira explains, the verification bar on these platforms has been very low – a photo and an email address – largely because friction in onboarding scares users away. The result: a sector that under-invested in verification precisely when it needed it most.

The consequences are deeply personal. Catfishing isn’t just about a fake profile picture. It involves building trust over weeks or months, then exploiting it for money, for personal data, or worse. And now AI has removed the last barrier: the video call. Where fraudsters once couldn’t show their face without exposure, real-time deepfake masking tools mean they can now impersonate anyone convincingly on camera. The high-profile case of a woman targeted by a scammer posing as Brad Pitt, complete with fabricated hospitalisation and requests for money, became one of the most-discussed examples of this new reality.

Geo adds a further dimension: not all misrepresentation on dating apps is criminal in intent. Insecurity drives some people to present a version of themselves that isn’t quite real, and that grey area – between personal vulnerability and deliberate exploitation – is part of what makes the problem so complex. Age verification is another active frontier, particularly around protecting younger users from accessing platforms they shouldn’t.

The good news, both guests agree, is that the dating industry is changing. Platforms are beginning to treat identity verification not as a compliance formality but as a genuine safety feature, partnering with providers like Veriff to check that profile pictures are real faces, not deepfakes.

Deepfakes: The challenge that’s different

Geo’s section on deepfakes is, perhaps, the most unsettling part of the conversation and deliberately so. What makes deepfakes uniquely threatening, he argues, isn’t just that they’re convincing. It’s that they challenge human sensory perception in a way that other fraud never has.

Three shifts define the current moment:

1. The cost of entry has collapsed. Creating a deepfake that would have required expensive specialist tools five or six years ago can now be initiated with a simple conversation with a publicly available AI model. Lower cost means higher volume.
2. Public figures are the most exposed. The more data that exists about a person – different angles, different lighting, different contexts – the easier it is to train a convincing model of them. Politicians, celebrities, and anyone with a significant public presence are disproportionately vulnerable.
3. Deepfakes erode trust in reality itself. Because convincing fakes exist, authentic footage of real people is now routinely questioned. The person communicating genuinely gets doubted. “Their trust is affected already,” Geo says, “because someone did something as a deep fake.”

Asked directly whether ordinary people can learn to spot deepfakes, Geo is honest: not reliably. Even he, having reviewed large volumes of deepfake content professionally, finds it difficult. The technology has outpaced the naked eye.

Veriff Deepfakes Report 2026

Get the Deepfakes Report and find out detection accuracy rates, gender differences in spotting fakes, and AI-powered defense strategies.

Get free report

How detection actually works

If humans can’t reliably spot deepfakes, how does Veriff? Geo explains that detection can’t rely on a single signal. Veriff’s systems assess over 1,000 data points alongside any image or video – user behavior leading up to the session, device type and location, image resolution, video quality, session length – to build a picture of the broader context. A deepfake might pass one check but fail across the combined weight of evidence.

Visual artifacts, inconsistencies that deepfake generation leaves behind, can sometimes be spotted by a trained eye, though often only by reviewing multiple frames carefully rather than at a glance.

The key principle: “Don’t treat deepfake as an isolation problem. Think of it as a broader context problem.” Organizations that rely on a single system to catch everything in one interaction are asking for a single point of failure.

Can you spot the deepfake?

AI-generated identities are getting harder to detect. Think you can spot a deepfake?

Take the quiz

What regulations and industry are doing

Geo points to emerging initiatives from tech giants, including invisible watermarks embedded in AI-generated content to identify its origin, as a positive signal. Platforms like Instagram have introduced AI content labels, allowing creators to tag their output explicitly. Dating apps are partnering with identity verification providers. There is movement.

But Geo is clear that more is needed. Just as regulations have begun to address underage access to social media, media authenticity – clear, enforceable standards for distinguishing real from synthetic content – needs to become a regulatory priority.

How to protect yourself: Practical tips

Ira and Geo close with grounded advice for individuals:

• Read the privacy policy. Understand how your data is being collected and used by any service you sign up for.
• Be mindful of your public digital footprint. The more of your face, voice, and personal documents are publicly available, the more material exists for misuse.
• Be yourself online. Misrepresenting yourself, even with no harmful intent, creates the conditions where fraud thrives.
• Enable two-factor authentication wherever it’s available.
• Use a password manager and rotate passwords regularly.

For organizations: invest in layered, context-aware detection rather than relying on a single check.

Listen to the full episode

This is episode one of the Veriff Voices Deepfakes Series. Catch the full conversation to hear Ira and Geo go deeper on each of these themes – and stay tuned for the rest of the series.