Comment détecter une image générée par IA ?

TruthLens utilise une combinaison d'Error Level Analysis (ELA), d'analyse PRNU, de modèles de détection IA et de vérification C2PA pour identifier les artefacts caractéristiques des images générées par Midjourney, DALL-E, Stable Diffusion ou d'autres outils génératifs.

Puis-je utiliser TruthLens pour contester une fraude sur Vinted ou LeBonCoin ?

Oui. Le rapport PDF certifié généré par TruthLens inclut le hash SHA256 du fichier, l'horodatage de l'analyse, le score de probabilité et les détails forensiques. Ce document peut être soumis au service client de la plateforme ou à un avocat comme élément de preuve dans un litige.

Qu'est-ce que l'analyse ELA (Error Level Analysis) ?

L'Error Level Analysis (ELA) est une technique forensique qui analyse les niveaux de compression JPEG d'une image pour détecter les zones qui ont été modifiées ou insérées. Les zones manipulées présentent des niveaux d'erreur différents du reste de l'image, révélant ainsi les retouches ou les insertions d'éléments générés.

TruthLens peut-il détecter les deepfakes ?

Oui, TruthLens détecte les images deepfake en analysant les incohérences de bruit capteur (PRNU), les artefacts de génération IA et les métadonnées suspectes. L'analyse vidéo deepfake sera disponible en V2.

Mes images sont-elles conservées après l'analyse ?

Non. Les fichiers uploadés sont supprimés immédiatement après l'analyse. Seuls les métadonnées, le hash SHA256 et les résultats d'analyse sont conservés dans votre historique, conformément à notre politique de confidentialité RGPD.

Deepfake Video Calls: The New Wire-Transfer Fraud

A finance-team employee joins a video call. Their CFO is on screen, surrounded by several colleagues they recognize. The request is clear: execute a series of urgent, confidential transfers to finalize an acquisition. The employee complies. A few days later, the truth surfaces: none of the people on the call were real. They were all deepfakes generated in real time.

This scenario isn't fiction. A widely reported case saw a company drained of tens of millions of dollars this way. Wire-transfer fraud via fake video calls has become one of the most feared threats among finance departments. This article breaks down its mechanics, its live detection signals, and above all the procedures that neutralize it.

From CEO fraud to deepfake wire-transfer fraud

CEO fraud — or "business email compromise" in its classic form — relies on impersonating an executive to order a payment. For years, the vector was email: a spoofed address, an urgent tone, a confidentiality pretext. Finance teams learned to be wary of it.

The deepfake video call breaks through that defense. It adds proof by image and voice, exactly what the email lacked to fully convince. Where a written message left room for doubt, a familiar face speaking live removes the last hesitations. It is a new variation on an old threat, covered more broadly in our overview of deepfake scams and how to protect yourself.

The irony is cruel: the most widespread caution — "if in doubt, ask for a video call" — becomes the attack's Trojan horse. The employee feels they followed the procedure, perhaps even went the extra mile, when in fact they confirmed a fraud through the very channel meant to defeat it. Understanding this reversal is essential: defense can no longer rest on merely "seeing" your contact, but on a chain of control independent of the content shown on screen.

Anatomy of the attack, step by step

Phase 1: reconnaissance

Fraudsters gather public information: org chart, executives' names, photos, video clips from conferences or interviews, voice notes. Professional social networks and corporate websites provide most of the material. They identify an internal target — often a junior profile or someone recently arrived in accounting — and a credible pretext (an acquisition, a sensitive supplier payment, a regulatory deadline).

Phase 2: priming

The initial contact may arrive by email or message, announcing an exceptional meeting. The tone establishes urgency and secrecy from the outset. The employee is conditioned: their discretion is flattered, they are entrusted with a "strategic" mission.

Phase 3: the fake video conference

This is the heart of the attack. One or more fraudsters use real-time deepfake software to animate the faces of the impersonated executives, sometimes several at once. Audio quality is deliberately degraded ("bad connection") to mask artifacts. The target sees and hears people they believe they recognize, and receives precise instructions.

Phase 4: execution and dispersal

Transfers are split across several accounts, often abroad, to complicate recall of funds. The money is quickly converted or withdrawn. By the time the fraud is discovered, the sums are out of reach.

This time window is the nerve of the attack. The entire scenario aims to compress the delay between the request and the execution, because every hour the fraudsters gain reduces the chances of recall. This is also why a simple procedural cooling-off period — a few mandatory hours before any payment to a new beneficiary — defuses a considerable share of these frauds: it neutralizes the urgency, which is the very fuel of the scam.

Table: why a deepfake video call works where email fails

Psychological lever	Spoofed email	Deepfake video call
Proof of identity	Weak (spoofable address)	Strong (face and voice "recognized")
Social pressure	Moderate	High (presence of "witnesses")
Verification capacity	Employee can call back	Sense of having already "seen" the person
Human detection	Reflexes now widespread	Reflexes still rarely embedded

Detecting a deepfake during the call

Live detection is hard but not impossible. The brain often senses a diffuse unease before it can explain it: the trick is to learn to turn that signal into active verification.

Visual signals to watch

Imperfect lip-sync, especially on plosive sounds (p, b, m).
Abnormal blinking: too rare, too regular, or absent.
Unstable face contours during fast movements or rotations.
Inconsistent lighting between the face and the background.
Hands and face that never interact: a deepfake often avoids having a hand pass in front of the face, because occlusion reveals the artifact.

Audio signals

A cloned voice frequently shows a flat delivery, an absence of natural breathing, emotional intonations inconsistent with the words. To go deeper, see how to detect a cloned voice and audio deepfake.

Live liveness tests

The most effective test is to request an unpredictable action: turn the head into full profile, stand up, slowly pass a hand in front of the face, pick up an object. Real-time models still struggle with these occlusions and extreme angles. You can also ask a question only the real person would know, outside any public context.

The key is unpredictability. A fraudster can anticipate that you might ask "is it really you?" and rehearse an answer. They cannot anticipate, in the moment, a request to grab a specific object on the desk or to write a word on a sheet and show it to the camera. The more concrete, physical and spontaneous the request, the harder it is for a synthetic pipeline to keep up convincingly. Pair this with a calm, non-confrontational framing — "our policy asks me to run a quick check" — so the test does not feel like an accusation and remains usable even with a real senior executive on the line.

The frame-by-frame analysis principles, applicable after the fact to a recording, are detailed in how to detect a deepfake video: practical guide.

The anti-fraud procedures that neutralize the attack

No individual vigilance replaces a robust process. Deepfake wire-transfer fraud exploits procedural gaps more than gullibility. Here is the defensive foundation.

Systematic double validation

Any transfer above a defined threshold must be validated by two distinct people, following a separation-of-duties principle. No executive, however senior, should be able to bypass this rule. The argument "it's confidential, don't tell anyone" must be treated as a warning sign, never as an authorization.

Out-of-band confirmation

Any order received on a video call or by message must be confirmed via an independent channel: a callback on the executive's known internal line, never on the number provided during the suspicious call. This simple reflex breaks almost every scenario.

The password or validation code

Some organizations set up an internal shared code, requested for any sensitive transaction. A fraudster who doesn't know it is immediately exposed, no matter how realistic the deepfake.

Cooling-off period and allowlist

Payments to new beneficiaries are subject to a cooling-off period and reinforced validation. Habitual beneficiaries are on an allowlist, reducing the attack surface.

These mechanisms fit into a broader effort to secure flows and authenticate documents, adjacent to the controls described in banking and KYC: detecting forged documents and selfies.

The role of forensic analysis

A video call can be recorded, and a recording can be analyzed. When doubt arises — during or after the call — submitting the media to a multi-layer forensic analysis makes the suspicion objective. TruthLens detects generation artifacts, temporal inconsistencies and signals specific to synthesis models, and produces a certified report. This document has a dual value: it guides the internal decision and constitutes admissible proof before a bank, an insurer or a court.

Beyond the single incident, systematizing this analysis builds institutional memory. Each verified case documents the fraudsters' patterns — the pretexts used, the channels exploited, the beneficiary accounts targeted — and feeds back into training and detection rules. An organization that treats every suspicious call as a learning opportunity, rather than an embarrassment to bury, hardens itself over time. Forensic verification is therefore not only a reaction tool but a component of a continuous improvement loop.

You can submit a suspicious recording or visual to TruthLens to get a reasoned verdict. Integrated into a global corporate policy, this verification capability reinforces the system described in protecting your business against fraudulent AI content.

Building a culture of resistance

Technology and procedures aren't enough without an internal culture that legitimizes doubt. Three principles structure this culture:

Slowing down is a right, not a fault. An employee who suspends a suspicious payment protects the company and must be supported.
Authority doesn't exempt from control. The more a request comes "from the top," the more the procedure matters.
Training creates the reflex. Regular simulations — fake transfer requests, fake calls — embed the right behaviors far better than a memo.

The limits of real-time detection

It would be dangerous to promise that an attentive eye is always enough to unmask a live deepfake. Three reasons explain why.

First, model quality is improving fast, and yesterday's visible artifacts are disappearing. Second, fraudsters deliberately degrade the stream — "my camera is lagging," "the connection is bad" — precisely to mask the clues. Finally, the context of pressure and hierarchy inhibits vigilance: challenging an executive mid-meeting takes a courage few employees dare summon without a clear framework.

This is why live detection should be considered a backup line of defense, never the main one. It can raise suspicion; it must not carry the decision alone. The decision must always be able to fall back on a procedure that does not depend on the quality of the deepfake.

Combining perception and instrument

When a call has raised doubt, the good practice is twofold: suspend any execution, then make the suspicion objective. If the call was recorded, the recording can be submitted to forensic analysis. This combination — human reflex first, instrumented analysis as confirmation — offers a robustness neither approach achieves alone. The after-the-fact analysis methods are detailed in how to detect a deepfake video.

Building an incident response plan

Beyond prevention, every organization must know how to react fast and without improvisation when fraud is suspected or confirmed.

The first minutes

Freeze pending payments to the beneficiaries involved.
Preserve the evidence: the video recording, connection logs, preparatory emails and messages.
Contact the bank immediately to attempt a recall of funds, whose chances fall by the hour.

The following hours

Have the recording analyzed to document the synthetic nature of the participants.
File a complaint and notify the relevant authorities.
Inform internally the impersonated individuals and the exposed teams, to prevent a second-tier attack.

A certified authenticity report eases each of these steps, whether convincing a bank to act fast or substantiating a legal file. This plan fits naturally into the global policy described in protecting your business against fraudulent AI content.

FAQ

Can a real-time deepfake really mimic several people on a call?

Yes. Current tools can animate several impersonated faces simultaneously, creating the illusion of a meeting populated with "witnesses." It is precisely this collective staging that increases social pressure and disarms the target's suspicion.

What is the most reliable detection signal during a call?

The liveness test: requesting an unexpected action such as passing a hand in front of the face or turning the head into full profile. Real-time models still handle occlusions and extreme angles poorly. Combined with out-of-band confirmation, this reflex neutralizes most attacks.

Is double validation enough on its own?

It is the most effective measure, but it must be combined with out-of-band confirmation and a ban on exceptions. A double validation that can be bypassed "because the CEO asked in person" loses all its value. The system's strength lies in its non-negotiable nature.

How can you prove afterward that it was a deepfake?

By submitting the recording to a forensic analysis. TruthLens identifies synthesis artifacts and delivers a certified, timestamped report, usable for filing a complaint, declaring to an insurer or initiating a fund-recall procedure with the bank.