DeepShield logoDeepShield
Response

Incident Playbook

What to do — minute by minute — when a deepfake or AI-voice attack hits.

If it's happening right now
  1. 01Hang up or leave the call. Don't 'play along'.
  2. 02Call the person back on a number you already had saved.
  3. 03Freeze any pending wire — call your bank's fraud line.
  4. 04Alert your security / IT lead on a separate channel.
Scenarios

Pick the one that fits

CFO / Executive Wire Fraud
Video call

  • Urgent, off-cycle wire request from a senior exec
  • Camera glitches, lip-sync drift, or unnatural blinking on the call
  • Pressure to bypass dual-approval or use a new beneficiary
  • Request to keep the transaction confidential from the team

Family Emergency Voice Clone
Voice

  • Caller claims a relative is in jail, hospital, or stranded abroad
  • Voice sounds 'almost right' but emotion feels flat or looped
  • Demand for gift cards, crypto, or wire transfer within the hour
  • Caller refuses a video call or callback to a known number

Recruiter / Job Offer Deepfake
Video

  • 'Recruiter' insists on an unusual app for the interview
  • Camera lighting and background look CG or static across cuts
  • Offer arrives within 24h with a request for ID + bank details
  • Company domain is a look-alike (e.g. -careers, .co instead of .com)

Romance & Investment ('Pig-Butchering')
Video + Voice

  • Fast emotional escalation, then a 'can't-miss' investment tip
  • Video calls are short, low-light, and avoid full-face profile turns
  • Pushes you to a private trading site or a custom app
  • Withdrawals require ever-larger 'tax' or 'unlock' deposits

Escalation contacts
Internal IT / Security
security@yourcompany.in
+91 ___-___-____
CERT-In: incident@cert-in.org.in
Slack: #sec-incidents
Bank fraud line (India)
Cyber fraud helpline: 1930
RBI Sachet portal: sachet.rbi.org.in
Report to your bank within 3 days to limit liability
Account last-4: ____
Indian Law Enforcement
Cybercrime: cybercrime.gov.in
National helpline: 1930
Local police non-emergency: 112

Replace placeholders with your org's real numbers and store this page somewhere reachable from a locked phone.