THE FIELD GUIDE

Know the Playbook

Everything a family needs to understand deepfake attacks, in one place.

The drill rehearses. The Field Guide explains. Together they are the system. Read this in one sitting, or return when you need to understand a specific attack. You can come back to it from anywhere in the drill.

Human Actually essays and updates are on Substack.

The System Map carousel — first slide — The System Map — a 9-slide carousel explaining the family defenses.Download all 9 slides (PDF)

SWIPE THROUGH THE SYSTEM MAP

← swipe →

SWIPE THROUGH THE VERIFICATION PLAYBOOK

← swipe →

Section 01

ATTACK SURFACES

The Five Surfaces

Every deepfake attack on a family targets one of these.

An attack surface is anywhere your family is reachable. The goal of this drill is not to eliminate surfaces — you can't — but to know which ones exist and what a protocol looks like for each. Most families have five, and most have never named any of them.

The Family Voice

Any voice in your household that appears online long enough to be cloned.

Commercial voice cloning can work from a short clip — often under two minutes of clean audio for many tools, depending on the tool and quality bar. TikToks, YouTube videos, podcast appearances, school presentations, and voicemails all count. Your child's voice, your parents' voices, and your own are all potential training data. The target of the cloned voice is usually someone else — your bank, your kid's school, your parent.

IN THE WILD ——

A grandmother hears her grandson's voice saying he's in jail and needs bail. The voice was cloned from a sports highlight reel his high school posted on Instagram.

$893 million

FBI IC3 losses to AI-enabled fraud, 2025

The Trusted Contact

Any institution or person your family would act on word from — without verifying.

Schools, pediatricians, banks, employers, coaches, churches. Attackers impersonate these trusted entities because the emotional response is automatic — you don't pause to verify the school calling about your child. Every trusted contact is also an attack surface.

IN THE WILD ——

In January 2023, Jennifer DeStefano, a mother in Scottsdale, Arizona, received a call from what sounded exactly like her 15-year-old daughter crying for help — followed by a man demanding $1 million ransom. The voice was a clone. She later testified about the experience before the U.S. Senate Judiciary Committee.

The Trusted Device

The specific number, email, or account your family treats as proof of identity.

Phone numbers can be spoofed in under a minute. Email accounts get compromised. WhatsApp numbers can be cloned. The device or channel is not the person — but most families treat a text from mom's number as if it came from mom. This is the assumption attackers exploit.

IN THE WILD ——

A child at soccer practice receives a text from "mom's number" asking them to go with an unfamiliar adult. The number was spoofed from public directory information.

The Urgent Moment

The specific window of the day when your family's defenses are lowest.

Friday at 4:45pm. 1:47pm during a meeting. 11pm when a teenager is alone in their room. 7am when elderly parents are still sleepy. Attackers research timing. The urgency in the message is often real — in the sense that the attacker genuinely wants you to act before the moment passes. Your defense has to survive urgent moments, not just calm ones.

IN THE WILD ——

Business wire fraud is most commonly reported on Friday afternoons, when finance staff are trying to close out before the weekend and the CEO is unreachable.

The Private Content

What your family has posted, what's been scraped, and what's training the next deepfake.

Photos used for facial deepfakes. Voice from TikToks. Biographical detail from LinkedIn. Family relationships from Facebook. None of this is private anymore. An attacker's profile of your family can be built in an afternoon from public sources. The goal is not to post nothing — it's to know what's out there and build protocols that assume the attacker has this information.

IN THE WILD ——

Scam calls to grandparents frequently include the specific name of the grandchild, the city they live in, and the college they attend. All three are typically on the family's Facebook or LinkedIn.

Section 02

ATTACKER TACTICS

The Six Tactics

Every deepfake attack uses one or more of these. Recognize the tactic and the attack breaks.

The specific story changes — a sick child, an overdue invoice, a threatening message — but the tactics don't. An attacker has a small number of moves. Learning the moves is how you recognize the next attack, not just the last one.

Channel Control

The attacker chooses the channel you respond on. That channel is the one they control.

Every attack arrives on a channel. The channel is the attacker's choice, not yours. If they called from a number, that number is theirs. If they emailed from an address, that address is theirs. Responding on the channel they chose puts the entire verification under their control. The defense is always to verify on a different channel — one you already had before the attack.

Callback Sabotage

The attacker preemptively disables the callback channel.

"My phone is broken." "I'm in a meeting, call this number instead." "Don't call back, just reply here." Every attack includes a line that discourages verification through the channel you trust. Recognizing this language is itself the defense — any message that tells you not to call back on a known number is almost certainly an attack.

IN THE WILD ——

"Don't call me at my normal number, the battery is dying. Reply to this WhatsApp."

Urgency Manufacture

The attacker creates time pressure so you don't stop to think.

Urgency is the attacker's primary weapon. Every financial delay rule works because time is what attackers cannot extend. A scam that needs to happen in the next ten minutes cannot survive a 24-hour hold. When a message requires you to act immediately, the urgency is the clue — real emergencies usually have more slack than attackers claim.

IN THE WILD ——

"Send before the bank closes at 5." "The kidnapper said 20 minutes." "The vendor payment is due today or we lose the account."

Authority Projection

The attacker performs expertise, role, and familiarity to short-circuit verification.

They know names. They know processes. They know your child's school's front office greeting. They know your CEO's phone manner. This is not coincidence — it's research, usually from public sources, and it's the core of social engineering. Authority projection is why a well-trained attacker can seem more legitimate than a real institution. The defense is not to judge legitimacy by performance — it's to verify through a channel the attacker cannot impersonate.

Social Proof Fabrication

The attacker manufactures signals that other people have already complied.

"Three other parents already paid." "The rest of the team has already sent theirs." "Your coworkers processed this yesterday." Social proof is a cognitive shortcut your brain uses to make decisions in groups. Attackers fabricate it. The group chat where "other parents" have replied is often compromised or invented. The defense is to verify individually, out of the channel where the social proof is being staged.

RELATED ——

school_fundraiser_venmo financial_delay

Isolation Pressure

The attacker instructs the target not to tell anyone.

"Don't tell your parents." "This is confidential — don't mention it to finance." "The police said not to discuss it." Every manipulative system, from cults to abusers to scammers, uses isolation. The target is convinced that seeking outside verification is itself a mistake. Children are especially vulnerable to this tactic, which is why the Freeze Word exists — to give children explicit permission to override the instruction not to tell.

IN THE WILD ——

Sextortion messages almost universally include "don't tell your parents" in the first threat.

RELATED ——

teen_extortion freeze_word

Section 03

THE DEFENSES

The Five Defenses

Your protocol is a system. Each rule defeats specific tactics.

Each rule in your Family Safety Protocol defeats one or more attacker tactics. Understanding the "why" is how you know the rule will still work against an attack you haven't seen yet. The system is more important than any single rule.

See the system map above for which tactics each defense defeats.

The Safe Word

Defeats voice cloning, video deepfakes, and text spoofing in one move.

Voice and face can be cloned. A pre-arranged word cannot. The safe word is knowledge only real family members share, never written digitally, never said in public. It works because it belongs to a category attackers cannot synthesize — private information co-created by your family. Test it by asking: could someone who studied our public life guess this? If yes, choose another.

RELATED ——

authority_projection callback_sabotage

The Callback Rule

Defeats channel control by moving verification off the attacker's channel.

The rule is simple: any urgent request, from any channel, is verified by calling back on a number you already have. Not a number in the message. Not a number you just googled. A number saved in your phone before the attack started. This single rule defeats most deepfake attacks, because it moves the verification onto infrastructure the attacker does not control.

The Financial Delay

Defeats urgency manufacture by removing time pressure entirely.

Any request for money, wire transfer, gift cards, or account access gets a mandatory delay — one hour, twenty-four hours, or forty-eight hours, depending on your family's rule. Legitimate requests survive delays. Attacks do not. If someone insists the transaction must happen immediately, that insistence is the signal. Legitimate businesses, schools, and family members all tolerate a callback.

RELATED ——

urgency_manufacture social_proof

The Pickup Protocol

Defeats attacks that target children when they are alone.

The child-targeted attack surface is different because the child is not in a position to verify. The pickup protocol has two parts: a pre-authorized list at the school that phone calls cannot modify, and a safe word that any legitimate pickup person must know. The protocol converts a high-pressure decision (a child alone with a stranger claiming to be from home) into a simple check (do they know the word).

The Freeze Word

Defeats isolation pressure by giving a child explicit permission to break silence.

The freeze word is different from the safe word. The safe word verifies that someone IS family. The freeze word tells any trusted adult — teacher, coach, neighbor — to call the child's parents immediately without asking questions. It defeats isolation because the child doesn't have to decide whether to tell someone. They've already rehearsed a single word that does the telling.

RELATED ——

isolation_pressure

Section 04

THE SCENARIO CATALOG

Every Scenario

The eight most common family-targeted deepfake attacks, documented.

These are the patterns currently in circulation. Your family saw five during the drill, based on who's in your household. The other three target situations your family may face later. All eight follow the tactics above — once you recognize the pattern, you recognize the next attack before it arrives. This section is dynamically rendered from SCENARIOS in data/scenarios.ts — do not duplicate content.

VOICEMAIL

The School Pickup Call

It's 1:47pm. You're in a meeting. Your phone buzzes — a voicemail from your child's school. You step out to listen.

ATTACK SURFACE: The Trusted Contact / The Trusted Device
TACTICS USED: Channel Control Authority Projection Urgency Manufacture
DEFENSE: CALLBACK RULE: Verify on a number you already have, not one you were just given.

Run this scenario →

RETELLING

The Grandparent Wire

Your mother is 74 and lives alone. She calls you, upset. She got a call from 'you' an hour ago saying you were in a car accident in another city, the other driver is threatening to sue, and you needed $2,400 wired immediately before the bank closed. She wired it.

ATTACK SURFACE: The Family Voice / The Trusted Device
TACTICS USED: Callback Sabotage Urgency Manufacture Authority Projection
DEFENSE: SAFE WORD RULE: Establish it before the emergency. During the emergency is too late.

Run this scenario →

TEXT

The Teen Extortion Message

Your 16-year-old comes to you upset. Someone has been messaging them on Instagram for three weeks — someone who seemed like a peer from a nearby school, sent video messages, seemed completely real. Last night the messages changed.

ATTACK SURFACE: The Private Content / The Urgent Moment
TACTICS USED: Isolation Pressure Urgency Manufacture
DEFENSE: TEEN AWARENESS RULE: Spontaneous video calls are a reality check. Any online relationship that refuses them is not what it says it is.

Run this scenario →

VOICEMAIL

The Friday Afternoon Wire

It's Friday at 4:45pm. You get a WhatsApp voice message from your CEO's number. You've worked with her for three years. The voice is unmistakably hers.

ATTACK SURFACE: The Urgent Moment
TACTICS USED: Channel Control Urgency Manufacture Authority Projection
DEFENSE: FINANCIAL DELAY RULE: Any wire transfer request through an unusual channel requires a verbal callback before processing. No exceptions. Not even on Friday at 4:45.

Run this scenario →

TEXT

The 'I'm Sending Someone' Text

Your 11-year-old is at soccer practice. You're stuck in traffic. They get a text from your number.

ATTACK SURFACE: The Family Voice / The Trusted Device
TACTICS USED: Channel Control Urgency Manufacture
DEFENSE: CHILD PROTOCOL: Memorized number + trusted adult + practiced safe word. All three, before anything goes wrong.

Run this scenario →

VOICEMAIL

The Pediatrician Callback

You get a voicemail from what sounds like your pediatrician's office. They say there was an issue with a recent lab result and they need you to confirm your insurance and date of birth to release the results.

ATTACK SURFACE: The Trusted Contact / The Trusted Device
TACTICS USED: Channel Control Authority Projection
DEFENSE: CALLBACK RULE (medical): Call the number on the provider's official website or your patient portal. Never the number in the voicemail.

Run this scenario →

VIDEOCALL

The FaceTime From a Relative

You get an unexpected FaceTime request from a number labeled as your brother's. You answer. The video is slightly laggy. He says he lost his wallet traveling abroad and needs you to send money through Zelle right now — his flight leaves in an hour.

ATTACK SURFACE: The Trusted Device
TACTICS USED: Channel Control Urgency Manufacture
DEFENSE: VIDEO RULE: Video is not verification. Hang up, call back on a known number, use the safe word.

Run this scenario →

TEXT

The Coach's Venmo Request

Your daughter's soccer coach runs a group chat for team parents. You get a text in the chat from the coach's number asking parents to Venmo $85 each for new uniforms by tonight. Three other parents have already replied 'done.'

ATTACK SURFACE: The Urgent Moment
TACTICS USED: Social Proof Fabrication Urgency Manufacture
DEFENSE: FINANCIAL DELAY RULE (community): Group-chat money requests need out-of-channel verification before payment. Social proof in the chat is not verification.

Run this scenario →

Section 05

CALIBRATION

What Still Works

Not everything is deepfakeable. These defenses are still real.

Fear without grounding is useless. The point of understanding deepfake attacks is not to conclude that nothing can be trusted — it's to know which verifications still work. Your protocol is built on the things attackers cannot currently do at scale.

Long real-time voice conversations

Voice clones degrade in back-and-forth conversation, especially with unexpected questions.

Pre-recorded cloned voicemails are nearly perfect. Real-time cloned conversation — where the attacker must respond to your questions in the cloned voice — is still hard. It requires either a skilled human operator who can route answers through the clone, or a rapidly improving but imperfect real-time model. Asking unexpected, specific questions ("what did you have for dinner last night?") will often break the clone or force delays that reveal the attack.

Spontaneous video calls

Real-time video deepfakes exist but are fragile, expensive, and rare outside targeted attacks.

Pre-recorded deepfake video is easy. Real-time video deepfake that holds up under scrutiny is not. Current tools produce artifacts when the caller moves quickly, turns sideways, or is asked to do something unscripted like show a specific object. The defense: spontaneous video calls (ones the attacker didn't expect) are still a useful verification. A relationship that refuses spontaneous video calls is the red flag.

In-person verification

Physical presence is still real.

"Let's meet in person." "Come by the school." "I'll swing by your office." An attacker cannot be in two places. Every scam relies on the target never converting the interaction to physical proximity. This is why elder scams always involve wired money — if the target could hand the cash to the grandchild in person, the scam fails.

Private family knowledge

Things your family co-created privately cannot be scraped.

The safe word you chose tonight. The specific memory your grandmother shares only with you. The inside joke from the camping trip. This is the information that does not exist in public data. Attackers cannot know it because it was never anywhere to be known. This is the foundation your entire protocol stands on.

Section 06

AFTER-ACTION

What to Do Now

Specific steps, specific agencies, specific timelines.

If you're reading this section because something has already happened, stop and act now. Read only the relevant subsection. The first 24 to 72 hours matter most.

Elder wire fraud

Money was wired by a family member who believed they were helping you or a relative.

Call the sending bank immediately — wire reversal windows are narrow; the FBI's Financial Fraud Kill Chain operates on a 72-hour window, and every hour after the transfer reduces recovery odds. Say the word "fraud" clearly and ask what recall or recovery options exist — recovery rules vary by institution and wire path. Also file with the FTC at reportfraud.ftc.gov and the FBI's IC3 at ic3.gov. If the amount was large, contact local police for a report number (banks sometimes require this). Do not contact the scammer again, including to ask for the money back — that only confirms you are a live target.

Teen extortion

A minor received threats demanding money or additional content.

Do not pay. Payment always escalates. Report to the National Center for Missing & Exploited Children's CyberTipline at cybertipline.org. Report to the FBI at ic3.gov. Preserve all messages — screenshot with usernames and timestamps visible before blocking. Tell the teen explicitly that nothing they share with you will get them in trouble — the shame of disclosure is what the attacker relies on most.

Business wire fraud

A company wire was sent based on a deepfake request.

Contact the sending bank as fast as you can — the FBI's IC3 Financial Fraud Kill Chain has helped freeze substantial sums when qualifying wires are reported quickly (often discussed alongside a 72-hour reporting window for certain international paths; rules and minimums vary by program year — confirm current IC3 guidance). File with ic3.gov immediately. Notify your internal security team if your company has one. Document the request (voicemail, email, text) and how verification failed. These cases are often interstate or international, which is why federal reporting matters.

Child nearly picked up

Someone attempted to retrieve your child under false pretenses.

File a police report. Request the school review security camera footage. Alert the school's other parents via official channels, not informal ones. Contact the FBI's local field office if the attempt was sophisticated — child-targeted deepfake attacks are tracked federally. Reinforce the pickup protocol with your child and with the school. Update the authorized pickup list.