In 2024, a UK finance director received a video call from his CFO asking him to transfer £200,000 to a supplier. The face was his CFO, the voice was his CFO — every pixel looked perfect. But it was a deepfake. The money was gone in minutes.

That case is why companies like Reality Defender and Pindrop exist. Their AI analyses video pixels and voice frequencies for artifacts invisible to the human eye — detecting deepfakes with 97%+ accuracy.

How you can use this: If you receive a suspicious video or voice message, ask the person a question only they would know. Real-time deepfakes cannot yet handle unexpected questions convincingly.

When scammers steal crypto, they think they are untraceable. They are not. Every single Bitcoin transaction is permanently recorded on a public ledger that never forgets.

Chainalysis and CipherTrace are blockchain forensics firms that follow the money. When a victim sends crypto to a scam wallet, these companies map every hop it takes — through mixers, through exchanges, through cross-chain bridges — until it hits a KYC exchange where the scammer cashed out.

How you can use this: If you have been scammed via crypto, do not delete the transaction hash. Save it. Law enforcement and tracing firms can use it to follow the trail — even months later.

A sinkhole is when security researchers take control of a scam domain or botnet and redirect its traffic to a server they control. Instead of stealing data, the traffic lands in a database that helps track victims and identify criminals.

The Microsoft Digital Crimes Unit and Shadowserver Foundation run some of the largest sinkhole operations in the world. When they sinkhole a domain, they can:

• Redirect victims to a warning page telling them they have been scammed
• Collect IP addresses of victims to notify ISPs
• Map the infrastructure to identify the criminal network
• Disable malware command-and-control servers

Scam call centres use VoIP numbers that route through multiple countries. But researchers have tools to trace them anyway. When you get a scam call, the number displayed is almost always fake (spoofed). But the underlying infrastructure can be traced.

Projects like ScamCallTrace and the Telephone Preference Service (TPS) work with telecom providers to identify patterns. When the same phone number is used to call 10,000 people in an hour, that is not a legitimate caller. Providers can block the number at the network level.

Scam baiters are volunteers who deliberately engage with scammers to waste their time and gather intelligence. The more time a scammer spends on one baiter, the less time they have to target real victims.

Channels like Kitboga, Scammer Payback (Jim Browning), and Atomic Shrimp have millions of subscribers. Their work has:

• Identified real scam call centre locations
• Gotten scam websites taken down
• Helped law enforcement build cases
• Hacked into scammer own computers and deleted their victim lists

UK banks now use AI systems that monitor every transaction for scam patterns. When you send a payment, the system checks hundreds of signals in under a second:

• Has this account ever paid this payee before?
• Is the amount unusual for this customer?
• Does the customer seem pressured (phone call + payment combo)?
• Is the receiving account flagged as suspicious?

Under the Contingent Reimbursement Model (CRM), most UK banks now reimburse victims of authorised push payment (APP) fraud — but only if the bank systems should have caught it.