That "Urgent" Call From Your Boss? The Voice Is Fake — And It Cost $1.33 to Make
Here's something that will reframe everything you think you know about deepfakes: the people who get fooled aren't usually fooled because they failed to spot a visual glitch. They get fooled because someone made them feel they had no time to think.
Deepfakes don't win by looking perfect — they win by creating urgency. Your best defense isn't studying the face; it's noticing when you're being rushed into a decision.
A theater company called 404 Theater figured this out. Their show, DeepFake, debuted at the Edinburgh Fringe Festival, and it isn't a documentary or a lecture with nice slides. It drops you — the audience member — directly into the role of a company's head of PR. You've got a product launch to manage. Colleagues ping you over Zoom. Documents need reviewing. Decisions need making. And quietly woven through all of it is the technology itself: deepfakes, playing out in real time, while you try to figure out who's real and what's actually happening.
That setup is not just clever theater. It's probably the most honest deepfake awareness training most people will ever encounter — because it puts you under the exact kind of pressure that makes real deepfake attacks work.
The Number That Changes Everything
Before we talk about what the show teaches, sit with this for a second.
One dollar and thirty-three cents. That's what it costs an attacker to generate a convincing fake voice or video for a social-engineering attempt. Social engineering, by the way, just means tricking a human being instead of hacking a computer — and it's been the most effective attack method for decades because humans are easier to fool than firewalls.
At $1.33 per attempt, the math becomes brutal. If a fraudster launches a thousand attacks and only one works — landing a single wire transfer or a stolen login — the return is still enormous. This isn't some rare, state-sponsored superweapon anymore. It's cheap. It scales. And it's aimed at ordinary people doing ordinary jobs. This article is part of a series — start with Your Kids Birthday Photo Is All A Stranger Needs And It Take.
To make that concrete: according to reporting by Adaptive Security, North Korean operatives used AI-generated personas — fake faces, fake voices, the works — to pass remote job interviews at U.S. technology companies. They got hired. They got inside system access. A CSIS analysis from March 2026 confirmed this is no longer a fringe threat; it's operational. These weren't glitchy, obvious fakes. They were good enough to fool trained hiring managers under normal interview conditions.
Which brings us to the question nobody is asking loudly enough: if the fake is that convincing, why do we keep teaching people to look at the pixels?
The Misconception That's Leaving You Exposed
Here's what most people believe about deepfake defense: if I look carefully enough — check for weird blinking, skin that looks waxy, lips that don't quite match the words — I'll catch it before it catches me.
It's an understandable belief. Media coverage of deepfakes has turned visual detection into a kind of parlor game. Articles teach you to spot the ear that doesn't look quite right, or the hair that blurs at the edges. It feels empowering. Like you've learned the cheat code.
But here's what's actually true: by the time a deepfake is being used to steal from you or manipulate you, you almost certainly won't be sitting quietly in good lighting, zoomed in, with time to think. You'll be at work. Busy. A message will arrive. It'll sound like your boss, or your bank, or your sister. And it will need something right now.
That urgency isn't an accident. It's the whole mechanism. According to Reality Defender, deepfake attacks are deliberately engineered to exploit authority bias (our tendency to comply with requests that seem to come from someone senior or trusted) and time pressure, which shuts down the part of your brain that slows down to ask questions. The realistic face and voice don't have to be flawless. They just have to be convincing enough that the urgency does the rest of the work.
The visual fidelity is almost a distraction. The real weapon is the clock. Previously in this series: Only 1 In 1 000 People Can Spot A Deepfake Heres The 30 Seco.
"The emotional high during the experience, coupled with substantive engagement with the technology, leads to insights that stick in people's minds and hearts in ways non-immersive training cannot achieve." — 404 Theater, on their DeepFake production, via Immersive Rumours
Why Pressure Is the Point — and Why Theater Gets It Right
Think about how most workplace security training works. You sit through a presentation. Someone shows you examples of phishing emails. You click through slides. Maybe there's a quiz. Then you go back to your actual job and forget ninety percent of it by Friday, because nothing in that training felt real.
404 Theater built something different. In DeepFake, you're not watching a simulation — you're inside one. You're making calls. Reviewing documents. Arguing a point of view about AI ethics while trying to manage a fake product launch. And the deepfake technology isn't explained to you from a safe distance; it's happening to you, in the middle of decisions you're actually trying to make.
That matters for one specific reason: it's the only way to build what researchers call routine under pressure — which is a much more useful skill than forensic pixel-spotting. The goal isn't to train people to be deepfake detectives. It's to train people to feel the sensation of being rushed — and pause anyway.
Think of it like a second lock on your front door. A perfect fake ID gets someone past the first check. But a second, independent check — "let me call you back on the number I already have for you" — breaks the whole attack. Not because you spotted the fake. Because you refused to act on a single channel alone.
This is the insight that security teams at companies like SoSafe have been working toward: organizations need employees who have practiced slowing down when something feels urgent, not just employees who've been told to. Telling someone "verify before you act" during a calm training session is almost useless. Having them feel the pressure of a ticking clock while a convincing fake asks for something — and still find the discipline to pause — that's what actually sticks.
What You Just Learned
- 🧠 Deepfakes are cheap and scalable — At roughly $1.33 per attempt, attackers can flood targets with convincing fakes and only need one to land.
- 🔬 The real weapon is urgency, not visual perfection — Deepfake attacks work by exploiting authority bias and time pressure, not by being pixel-perfect.
- 🎭 Immersive training builds muscle memory — Experiencing pressure in a safe setting (like theater) teaches the pause reflex better than any slide deck can.
- 💡 The defense is a second channel, not a sharper eye — Verify any urgent request through a completely separate contact method before acting on it.
The Old Attack in a New Costume
Here's the thing that should actually make you feel better: this isn't a new type of threat. It's an old type of threat wearing a very convincing mask.
Scammers have always used fake authority and manufactured urgency. The grandparent scam — where someone calls pretending to be a grandchild in trouble — has existed for decades. The "your boss needs a wire transfer done today" email has been around since email existed. What's changed is that deepfakes can now make those attacks arrive in a familiar voice. Or on a video call with a familiar face. Up next: App Store Age Verification Scotus 28 States.
The psychological levers — authority, urgency, isolation from anyone who might talk you out of it — are identical to what they've always been. We already know how to defend against those levers in theory. We slow down. We call back. We verify through a channel the attacker can't control. At CaraComp, this kind of second-channel thinking sits at the core of how we think about identity verification — because whether you're checking a face at a border, a voice on a call, or a video on a screen, a single point of verification has always been a single point of failure.
What deepfakes change is this: the moment when the fake voice or face sounds real, our instincts stop prompting us to verify. The alarm bells don't ring because nothing sounds wrong. That's the gap 404 Theater's show is training people to close — not with better detection skills, but with a reflex to pause and check, especially when nothing sounds wrong.
When a familiar face or voice asks you to do something urgent, the pressure itself is the red flag — not the pixels. Your one practical rule: always verify through a second, independent channel before you act. Not because something looks wrong. Because something feels rushed.
So here's the question to sit with tonight: if a voice you completely trusted called you right now asking for something time-sensitive — a transfer, a password, a decision — what is your second way to confirm it's really them before you move?
If you don't have an answer ready, that's not a failure. That's just an opening. The people who've thought about it for thirty seconds in advance are exactly the ones who pause when it counts — and the ones attackers give up on and move to the next target.
The deepfake doesn't need you to study it. It just needs you not to have a plan.
Ready for forensic-grade facial comparison?
Full forensic reports with detailed similarity scoring. Results in seconds.
Run My First SearchMore Education
Only 1 in 1,000 People Can Spot a Deepfake — Here's the 30-Second Habit That Actually Protects You
A 2025 study found only 1 in 1,000 people could correctly identify all deepfake content — even when told to look for it. Here's why your eyes are no longer a reliable defense, and what to do instead.
biometricsThat "Grandson" Begging You for Money Tonight? Hang Up and Call Him Back.
Nearly 9 in 10 older adults worry about deepfake scams — but most are preparing for the wrong threat. The real defense has nothing to do with your eyesight and everything to do with one simple habit.
biometricsThat "Verifying Your Identity" Spinner Is Doing 7 Things You Never See
Most people think digital identity verification is a face-to-photo comparison. It's actually a seven-step process that checks your document, your live presence, and your behavior — all in under 60 seconds. Here's what's really happening behind that "verifying your identity" spinner.
