PROMOSI 50% bermula sekarang!
Pesta Buku • Beli Buku Online Murah (Kedai Buku Online Malaysia)
  • Home
  • Shop
  • Blog
  • My Account
Menu
  • Home
  • Shop
  • Blog
  • My Account
RM0.00 Cart
Log In
Sign Up
  • Home
  • Blog
  • Article
  • How to Spot a Deepfake: A Malaysian Beginner’s Verification Checklist
 

How to Spot a Deepfake: A Malaysian Beginner’s Verification Checklist

by Muhamad Hariz Adnan / Saturday, 18 July 2026 / Published in Article
Deepfake Detection Malaysia ebook cover with a Malaysian reader verifying suspicious synthetic media

To spot a deepfake, do not begin by trying to prove that a face or voice was generated. First pause the requested action, write down the exact claim, and verify the person or organisation through a channel you already trust. Visual clues, metadata, provenance records and detector scores can support that process, but none should replace independent confirmation when money, credentials, safety or reputation is at stake.

That distinction matters in Malaysia because AI impersonation is no longer just a film effect. In a January 2026 scam alert, the Royal Malaysia Police described criminals imitating the voices of relatives or friends, using fake emergencies and urgent payment instructions, and using deepfake audio or video. The safest response is therefore a decision workflow, not a contest between your eyes and an algorithm.

How to spot a deepfake: the short Malaysian checklist

  1. Pause the consequence. Do not transfer money, reveal a code, install an app, share a document or amplify the clip while you check.
  2. State the claim. Write one neutral sentence: who is supposedly speaking, what they want, the deadline and what happens if you refuse.
  3. Switch channels. Call a saved number, use an official app, type the organisation’s domain manually or follow an established internal approval process.
  4. Trace the source. Look for the complete recording, earliest credible upload, official statement and surrounding context.
  5. Inspect the media carefully. Record repeatable observations without turning one glitch into a verdict.
  6. Use technical tools as supporting evidence. Check scope, privacy terms and limitations before uploading anything.
  7. Choose the safest reversible action. Hold, escalate, preserve and document while uncertainty remains.

This order is deliberate. A perfectly authentic video can still be attached to a false caption, old event, cloned account or fraudulent payment link. A synthetic clip can also contain a claim that is easy to disprove through an official source. Start with the decision that prevents harm.

Step 1: separate the media from the request

When an urgent message arrives, attention narrows. You may begin watching the speaker’s mouth or replaying the voice while overlooking the real risk: a new bank account, a request for a one-time code, an unfamiliar download or pressure to keep the conversation secret.

Write a clean sentence such as: “The supplier says its bank account changed and wants payment before 3 p.m.” That sentence immediately reveals the useful checks. Does the supplier’s contract name that account? Did the request follow the normal vendor-change process? Can the known contact confirm it by telephone? Those checks work whether the attached video is synthetic, edited, authentic or never analysed.

Use a 60-second stop card

  • What action am I being asked to take?
  • Which identity is being claimed?
  • What deadline, secrecy or emotion is creating pressure?
  • Which known route can confirm the request?
  • Who should act as a second reviewer?

A simple reply is enough: “I cannot act on an urgent request from this channel. I will call back using the number already in my records.” In Bahasa Malaysia: “Saya tak boleh terus bertindak atas permintaan segera melalui saluran ini. Saya akan hubungi semula menggunakan nombor yang memang ada dalam rekod.”

Step 2: verify identity and control, not appearance

A familiar face does not prove that the account is controlled by the familiar person. A correct display name, old profile history or genuine previous messages can coexist with account compromise. Likewise, caller ID and a recognisable voice can be copied or manipulated.

Use an independent route that existed before the suspicious interaction:

  • a saved family number and a second family contact;
  • an employer directory or known switchboard;
  • the official banking app or the number printed on the card;
  • a manually typed government, regulator, university or company domain;
  • an established two-person payment or data-release process.

Do not call the number or scan the QR code supplied inside the suspicious message. If the real person cannot be reached and the consequence is high, that is a reason to hold the action, not a reason to trust the incoming media.

Step 3: trace the complete source and context

A short clip may remove the sentence before or after the dramatic moment. A screenshot may reproduce a real logo while changing the beneficiary, contact details or web destination. An authentic flood video may be posted with the wrong year or location. These problems are often better detected through source tracing than face analysis.

Search a distinctive phrase, compare the account handle and domain, look for the full event recording and check the organisation’s official channels. For images, a reverse search may reveal earlier uses. For video, compare more than one frame and note the first credible publication you can find.

Record precise observations: “At 00:18, the audio continues while the mouth is hidden by a cut” is more useful than “the lip sync is fake.” Ordinary editing, dubbing, network delay, low light, stabilisation and messaging-app compression can create strange-looking results.

Step 4: understand what technical signals can and cannot prove

Metadata

Metadata may show creation fields, software names, timestamps or device information. It may also be missing, altered or stripped by screenshots, exports and platforms. Record the exact field and tool used. Absence of metadata is neutral; it does not prove a fake.

Content Credentials and provenance

The Coalition for Content Provenance and Authenticity describes Content Credentials as records of origin and edits for compatible digital media. They can help a reviewer inspect signer information and declared changes. They do not certify that every claim in an asset is true, and their absence is not proof of manipulation.

AI detectors

A detector may be designed for a particular manipulation, generator, file type or quality range. A score can change after cropping, recompression, screen recording or format conversion. Before relying on a result, ask whether the service covers this media type, whether your input meets its documented requirements, how false results are handled and what happens to uploaded files.

Use at least one independent method that does not depend on the detector. Do not publicly accuse a person because a consumer tool displayed a high percentage. A false positive can harm an innocent person; a false negative can create misplaced confidence.

Three Malaysian scenarios

A family emergency voice note

A caller sounds like your sibling and says a passport was taken overseas. They need RM2,000 within ten minutes and tell you not to call your parents. End the call, use the saved family number, contact a travelling companion or airline through an official route, and involve a second relative. Familiarity and urgency are not independent proof.

A deepfake investment advertisement

A public figure appears to promote a fixed-return investment and the video displays a QR code. The Securities Commission Malaysia has warned about deepfake investment scams that impersonate prominent people or reputable companies. Do not use the link or code. Identify the legal entity and product, check the SC’s official services and verify the beneficiary through established channels.

A changed supplier account

An email thread contains accurate invoice history and a short video from the account manager confirming a new beneficiary. Call the known vendor contact, require the formal bank-change process and obtain a second approval. A compromised thread can contain genuine history and a synthetic confirmation.

Want the full workflow? Deepfake Detection Malaysia includes 20 editable templates, 18 case labs, role-specific playbooks, a 14-day plan and direct Malaysian reporting sources in one 73-page PDF.

Privacy, dignity and responsible reporting

Verification can create a second harm if sensitive media is uploaded to unknown services, reposted for public voting or used to accuse the wrong person. Confirm that you are authorised to process the file. Read retention, training, sharing and deletion terms. Use the least data and smallest audience needed to reach a decision.

When a private person, child or employee is depicted, protect identity and limit redistribution. Preserve the original location, surrounding context, dates, accounts and requested action where lawful. Keep a working copy for notes rather than editing the original. If you issue a correction, link to the official source without repeating the harmful media more widely than necessary.

When and where to escalate in Malaysia

If money or credentials may have moved, contact the relevant bank or service immediately and follow current official scam-response guidance. The PDRM alert identifies the National Scam Response Centre number 997 and Semak Mule as Malaysian resources; confirm current availability and operating details on official sources at the time of the incident.

For an investment promotion, stop payment and verify the entity through the Securities Commission Malaysia’s official Investment Checker and scam guidance. For account impersonation, report through the platform’s current channel and notify the affected organisation through an independently found route. For threats, exploitation, intimate imagery or immediate danger, stop analysis and use appropriate platform, safeguarding, emergency or law-enforcement routes.

Frequently asked questions

Can I spot every deepfake by looking?

No. Some synthetic media has visible artefacts and some does not. Authentic media can also look strange after compression. Verify identity, source, claim and requested consequence.

Does a live video call prove identity?

No. A call can be staged, compromised or synthetically altered. High-risk requests still require a known-channel callback and normal controls.

Does missing metadata mean a file is fake?

No. Platforms, screenshots and exports often remove metadata. Treat absence as missing evidence, not proof.

Should I share the clip to warn others?

Usually share the correction and official source, not the harmful media. Limit exposure when a private person or child is depicted.

What if I already paid or disclosed a code?

Contact the bank or affected service immediately, secure accounts, preserve records and follow current official Malaysian response routes. Speed matters, but do not invent a recovery process or rely on an unofficial “helper.”

A calm conclusion

The strongest deepfake response is not a perfect visual guess. It is a process that survives convincing media: pause the action, state the claim, move to a known channel, trace context, use technical signals carefully, protect the people involved and document a reversible decision.

For a complete beginner system, get the RM9.99 Deepfake Detection Malaysia ebook. It provides the full verification model, 20 reusable templates, 18 case labs, Malaysian reporting routes and a 14-day practice plan.

Author: Dr. Muhamad Hariz Bin Muhamad Adnan

Official sources

  • Royal Malaysia Police: AI scam alert, 26 January 2026
  • Securities Commission Malaysia: warning on deepfake investment scams
  • Securities Commission Malaysia: scam guidance
  • NIST: introductory deepfake guide
  • C2PA: Content Credentials overview

Sources reviewed on 18 July 2026. Reporting routes, platform behaviour, hours and policies can change; verify current official information before acting.

  • Tweet
Tagged under: Malaysia, responsible AI

About Muhamad Hariz Adnan

Dr Hariz is the founder of Pestabuku. He is a lecturer, trainer, and researcher of Artificial Intelligence, Data Science, Information Technology, Computer Science, and Web Development.

What you can read next

Kisah kegagalan orang berjaya
Gol yang bijak atau dungu
Temuduga dan Jawapan_pestabuku.com.my
Contoh Soalan Temuduga dan Jawapan (soalan lazim interview)

Subcribe to us

Recent Posts

  • Vibe Coding Malaysia beginner AI-assisted web apps PDF ebook mockup

    What Is Vibe Coding? A Safe Beginner Workflow for Malaysians

    Learn what vibe coding is and follow a safe Mal...
  • AI Presentation Malaysia clear credible slides PDF ebook mockup

    How to Make a Presentation with AI: A Malaysia Beginner Workflow

    Learn how to make a presentation with AI using ...
  • AI Agents Malaysia safe workplace automation PDF ebook mockup

    What Is an AI Agent? A Malaysian Beginner’s Guide to Safe First Use

    Learn what an AI agent is, how it differs from ...
  • AI in Education Malaysia practical teacher guide ebook mockup

    How Malaysian Teachers Can Use AI Responsibly in the Classroom

    How Malaysian teachers can use AI responsibly f...
  • NotebookLM Malaysia ebook mockup

    How to Use NotebookLM for Studying: A Malaysian Student Guide

    A beginner-friendly guide for Malaysian student...

Recent Comments

  • Shahron adli bin Hamzah on Contoh Format dan Resume Terbaik Abad Ini (Resume Terkini)
  • Renni Una on Contoh Format dan Resume Terbaik Abad Ini (Resume Terkini)
  • NUR SARALISA BINTI TAUFIK on Contoh Format dan Resume Terbaik Abad Ini (Resume Terkini)
  • Muhammad Munif Bin Abdul Manaf on Contoh Format dan Resume Terbaik Abad Ini (Resume Terkini)
  • Muhammad Afif bin Azman on Contoh Format dan Resume Terbaik Abad Ini (Resume Terkini)

Archives

  • July 2026
  • May 2025
  • March 2020
  • January 2020
  • May 2019
  • January 2019
  • December 2018

Categories

  • Article
  • Karier
  • Kepimpinan
  • Usahawan

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Sign Up for Our Newsletter

Profile

  • My Account
  • My Profile

Shop

  • Resume

About/Help

  • How to Download
  • Shipping
  • Ticket
  • Contact Us

Support

  • Hotline: 0102574037
  • Email: autosoft.my@gmail.com

Stay Connected

Stay connected and get interesting news & coupon

Icon-facebook Twitter Youtube Icon-instagram-1
Pesta Buku • Beli Buku Online Murah (Kedai Buku Online Malaysia)
Copyright © 2022 Pestabuku. All rights reserved.