The phone rings. The screen says “Mom.” The voice sounds familiar. The tone is similar. The caller says there is an emergency and asks for money to be sent immediately.

But the person on the line may not be a family member. It may be a scammer using AI voice cloning technology to imitate the voice of someone the victim knows.

Google is now targeting this problem directly. On June 2, 2026, the company announced that it would introduce a “fake call detection” feature to the Phone by Google app on Android. The feature is designed to check whether an incoming call from a saved contact was actually initiated from that contact’s real device. If the call appears suspicious, Android will display a warning on the screen.

This is not just another spam-blocking feature. Traditional spam protection filters unknown numbers or known scam numbers. Fake call detection goes further by treating even familiar numbers — the calls users are most likely to trust — as potential risks. The change reflects a broader shift in the battlefield of phone fraud. Scammers no longer rely only on unfamiliar numbers. They can now imitate the numbers and voices of family members, friends, supervisors, and financial institutions at the same time.

The Grammar of Phone Fraud Has Changed

For years, people have used caller ID as a basic signal of trust. Unknown numbers were treated with caution, while saved contacts were answered with confidence. But that standard is no longer enough. With internet-based calling software, scammers can manipulate caller IDs. When AI voice synthesis is added to the attack, victims can be deceived by two trust signals at once: the number and the voice.

Google’s example is simple but realistic. The caller ID shows “Mom,” and the voice on the other end sounds like the user’s mother. In reality, however, a scammer may have used AI tools to clone the voice, create a fake emergency, and pressure the victim into sending money. Traditional voice phishing often relied on impersonating institutions or using intimidation. AI deepfake scams combine personal relationships with emotional pressure.

Impersonation scams have already created enormous social costs. The U.S. Federal Trade Commission reported that losses from impersonation scams reached $2.95 billion in 2024. INTERPOL also warned in its 2026 global financial fraud threat assessment that fraud groups are using digital technologies, automation, and generative AI to become more sophisticated and transnational. What was once a problem of a single phone call is now becoming a broader crisis of digital trust.

The Core Is Not Detecting AI Voices, but Verifying the Real Device

What makes Google’s approach interesting is that it does not try to determine whether the voice itself is real or fake. Deepfake voice detection is technically possible, but scammer techniques are also advancing quickly. A system that tries to judge whether a voice sounds authentic can easily become trapped in an endless race between detection and evasion.

Google has chosen a different path. Instead of asking whether the voice is real, it asks whether the call actually came from the contact’s real device. Google compares the process to a “digital handshake.” When someone saved in a user’s contacts places a call, and both parties are using Phone by Google, the caller’s device quietly sends a verification signal to the recipient’s device. That signal helps confirm whether the call was actually initiated from the correct device.

The process is based on RCS, or Rich Communication Services. RCS is a communications standard that expands on traditional text messaging and can support encrypted messaging and verification signals. Google says the verification process uses end-to-end encrypted RCS technology and does not expose the private content of the call.

What happens if a scammer manipulates the contact’s number and places a fake call? In that case, the scammer’s call does not include the verification signal that should come from the real contact’s device. The recipient’s device can detect this and request confirmation from the actual contact device. If the real device responds that it is not currently placing a call, the recipient will see a warning indicating that someone may be impersonating the contact’s number. The user can then hang up immediately.

From Number Trust to Device Trust

The significance of this feature lies in the changing standard of mobile security. Until now, phone security has largely relied on numbers and network-level authentication. But numbers can be spoofed. Names can be faked. Voices can be cloned. That leaves one crucial question: did this call actually begin from that person’s device?

Google’s fake call detection is an attempt to answer that question. It marks a shift from trusting the phone number to verifying the device. The basis of trust is no longer the caller name displayed on the screen, but an encrypted confirmation signal exchanged between the caller’s device and the recipient’s device.

This change points to the future direction of mobile security. Fraud detection is unlikely to remain limited to asking, “Is this number dangerous?” Instead, it will increasingly ask a broader set of questions: “Is this really the person?” “Is this the correct device?” “Has this communication path been verified?” “Does this behavior match normal patterns?”

Enabled by Default, but With Conditions

Google says fake call detection will be turned on by default. Users do not need to enable it manually to receive protection, although they can disable it in the Phone by Google app settings if they choose.

But there are clear limitations. The feature works properly only when both parties use Phone by Google. It also requires Android 12 or later and will begin rolling out globally in June 2026, starting with Pixel devices. Phone by Google is the default phone app on many Android devices, but it is not the default app across all manufacturers and regions. Users with different phone apps may need to install Phone by Google from the Play Store and set it as their default phone app to receive protection.

This condition is both a strength and a weakness. The strength is that Google designed the feature on top of RCS, an open standard that other apps and manufacturers could potentially adopt. The weakness is that it requires network effects. Verification works best when the other person is also inside the same ecosystem. In other words, the effectiveness of the feature depends not only on Google’s technology, but also on adoption by Android manufacturers, mobile carriers, and other messaging and calling app providers.

The Next Step After STIR/SHAKEN

Efforts to prevent caller ID spoofing already exist. One of the best-known examples is STIR/SHAKEN, an authentication framework designed to verify at the telecom network level whether a caller ID has been manipulated. Google has also integrated STIR/SHAKEN authentication in several countries.

But STIR/SHAKEN alone is not enough. Network-level caller ID authentication is important, but scammers continue to look for ways around it. When AI voice cloning is combined with contact impersonation, users may trust a call simply because the number looks familiar. Google’s fake call detection is designed to fill that gap. Rather than relying only on the telecom network, it uses real-time verification signals between user devices to move beyond the question of whether the number is right and toward the question of whether the real device is making the call.

This means the layers of security are becoming more detailed. Network authentication, app-based detection, device-to-device verification, AI-based spam analysis, and user warnings all need to work together. As scammers combine multiple technologies, defensive systems must also become multilayered rather than relying on a single mechanism.

Google’s Security Strategy: Connecting Messages, Calls, and Verified Business Identity

Google is positioning this feature as part of its broader long-term strategy against fraud. AI-powered scam detection in Google Messages helps identify malicious texts and fraudulent messages. Phone by Google already includes scam call detection. Gmail supports brand logos and sender authentication through BIMI. RCS for Business verifies business senders so that users can better understand which company they are communicating with.

The keyword running through these efforts is verified identity. In the past, digital communication often assumed trust by default. People trusted phone numbers, sender names in emails, and links inside text messages. But as generative AI and automation tools spread, the default is shifting from trust to suspicion. Platforms must now verify and warn users before users are forced to make the judgment on their own.

Fake call detection targets one of the most sensitive areas of this problem. Phone calls create more emotional pressure than texts or emails. The voice of a family member, an urgent instruction from a supervisor, or a warning from a financial institution can shorten the user’s time to think. Real-time warnings during calls can therefore become an important defensive line against fraud.

This Is Not Someone Else’s Problem for Korea

Although the feature is aimed at the U.S. and global Android markets, it carries significant implications for Korean society as well. Voice phishing has long been a major social problem in Korea. Family impersonation, institutional impersonation, and financial institution impersonation have repeatedly appeared as common fraud tactics. If AI voice cloning is added to these methods, the damage could become far more sophisticated.

Traditional voice phishing prevention campaigns have emphasized messages such as “Be careful with unknown numbers,” “Government agencies do not ask for money,” and “Hang up and call back if you are suspicious.” But the next stage will require a new warning: “Be careful even with familiar numbers.” When a call comes from a family member’s number and the voice sounds similar, personal caution alone may not be enough. Technical verification will be necessary.

Older adults, teenagers, and financially vulnerable groups may be especially exposed to AI impersonation calls. This is why default activation matters. A security feature that users must manually find and enable may fail to reach the people who need it most. Google’s decision to turn fake call detection on by default is meaningful from a consumer protection perspective.

Limits and Challenges

Still, this feature will not solve every problem. First, both contacts must use Phone by Google for the verification process to work as intended. If the other person uses an iPhone or a different calling app, the same type of device verification may not be available. Second, because the feature is based on RCS, the actual user experience may vary depending on the country, carrier, and device manufacturer. Third, scammers are likely to search for other attack routes as technical defenses improve. Messaging apps, video calls, social media direct messages, and malicious app installation attempts may all become alternative channels.

Another challenge is false positives and user trust. Security warnings are useless if they appear too rarely, but they are also ignored if they appear too often. If warnings appear repeatedly on legitimate calls, users may turn the feature off. If suspicious calls are missed, trust in the feature may decline. Google will need to balance accuracy and user experience carefully.

Privacy is also an important issue. Google says the feature uses end-to-end encrypted RCS technology and does not analyze call content. Even so, users may still wonder who verifies their call information, what signals are exchanged between contact devices, and whether any data is stored. Transparent explanations and verifiable policies will be as important as the technical safeguards themselves.

Conclusion: In the Age of AI Scams, Trust No Longer Comes From the Voice

The greatest danger in the age of AI deepfakes is not the technology itself. It is the collapse of trust. The signals people have long relied on — a family member’s voice, a friend’s number, a supervisor’s instruction, or a financial institution’s warning — can now be manipulated. Scammers no longer approach as strangers. They approach in the voice of someone familiar.

Google’s fake call detection is a technical response to this shift. Its message is clear: do not trust the voice blindly, do not rely only on the number, and verify whether the call actually began from the real device. It shows that the standard of mobile security is moving from caller ID to device authentication.

The next phase of security competition will not be limited to who has the largest database of spam numbers. It will be about who can verify identity faster, protect users more naturally, and build standards across a broader ecosystem.

Google emphasizes that it designed the feature around RCS, an open standard. That leaves room for other manufacturers and app providers to participate. If this approach spreads across the industry, AI voice phishing protection could become not just a feature of one app, but a basic security layer of mobile communications infrastructure.

The phone remains one of the most immediate and emotional forms of communication. That is why it remains one of the most powerful attack channels for scammers. In an era when AI can steal a voice, users can no longer rely on their ears alone. Trust must come not from the voice, but from a verified signal.