
Generative AI Fraud: Deepfakes, Vishing and Impersonation
Criminal defense and prosecution of fraud perpetrated with generative AI: deepfakes, cloned voice (vishing), automated CEO fraud, deepnudes and digital evidence manipulation.
Last updated:
The New Frontier
Generative AI has multiplied the sophistication and volume of digital fraud. Image, video and audio models allow creating hyper-realistic deepfakes, cloning voices with minutes of audio, generating indistinguishable false documentation and automating social engineering at scale. Deepfake and cloned-voice fraud has multiplied in Spain in recent years.
This is the macro landing of our family. For specific topics see deepfake challenge, voice cloning vishing, sexual deepfakes, algorithmic expert evidence and AI digital evidence.
Most Widespread Typologies
- Non-consensual sexual deepfake.
- Deepnudes.
- CEO fraud with cloned voice.
- Targeted vishing.
- Real-time video call deepfake.
- Evidence manipulation.
- Identity impersonation for opening bank accounts.
- Romantic scam with synthetic avatar video.
Legal Framework
The Criminal Code already allows these conducts to be prosecuted: non-consensual distribution of real intimate images through the privacy offence (Art. 197.7 CP) and, where the image is fully synthetic, through the moral-integrity offence (Art. 173 CP) and related types; aggravated fraud (Arts. 248 and 250 CP) when especially sophisticated means are used; and civil-status usurpation (Art. 401 CP). A reform introducing a specific offense for sexual deepfakes and reinforcing synthetic-content labeling is also in progress. Regulation EU 2024/1689 (EU AI Act) imposes on generative AI providers obligations of transparency and identifiable watermark marking.
Digital Evidence
Expert challenge of synthetic content is the key defense piece. Forensic markers include: spectral artifact analysis in audio, lighting and blinking inconsistencies in video, absence of subtle physiological markers, metadata and EXIF analysis, and comparison with known models. We work with generative AI forensic experts in each case.
Our AI Methodology
We apply a five-phase protocol: immediate forensic capture; technical expertise with two independent experts; procedural defense adapted to type and jurisdiction; content removal through platform coordination and AEPD; patrimonial recovery in financial fraud with preventive seizure order.
Ordinary fraud versus computer fraud: why the right article matters
Not every deception carried out with generative AI fits the same offence, and the correct classification shapes the penalty, the limitation period and the whole defence strategy. When AI is used to deceive a human being —an email drafted by a language model, a cloned voice impersonating an executive, or a manipulated video that induces someone to transfer money— the conduct is ordinary fraud under Articles 248 and 250 of the Spanish Criminal Code: there is sufficient deception that produces error in the victim and a damaging act of disposal of assets. The core of the reproach is the manoeuvre that overcomes a person's will.
Computer fraud is something different. After the reform introduced by Organic Law 14/2022 (in force since January 2023), the conduct previously found in the now-repealed Article 248.2 is today set out in Article 249.1.a CC: it punishes anyone who, with intent to profit and by means of a computer manipulation or similar artifice, achieves an unauthorised transfer of an asset to the detriment of another. Here no human being is deceived; instead, the operation of an automated system is altered. Citing the old 248.2 is a technical error that should be corrected from the first written submission, because the defence is built on the offence that actually applies.
The distinction is not academic. In AI-driven fraud the boundary can be thin: a single episode may combine the deception of a person and the subsequent manipulation of a system, opening up concurrences that must be analysed case by case. Pinpointing whether the conduct attacked a person's will or the functioning of a machine is the first technical filter of any serious defence.
Concurrence with documentary forgery, identity usurpation and computer damage
AI-driven fraud rarely appears in a pure state. The manoeuvre often relies on fabricated or altered documents —invoices, contracts, certificates or doctored screenshots— which may trigger the documentary forgery offences (Articles 390 and following CC, depending on whether the document is public, official, commercial or private). Cloning a third party's voice or face to pass for them may also amount to usurpation of civil status under Article 401 CC where someone fully assumes another's identity with a degree of permanence, a figure that must not be confused with the mere one-off use of identifying data.
If the operation involved unauthorised access to systems or accounts, the disclosure and revelation of secrets under Article 197 and the unlawful access to information systems under Article 197 bis CC come into play; and where data or programs are deleted, damaged or altered, the computer damage offence of Article 264 CC. These offences protect distinct legal interests —privacy, public faith, property, the integrity of systems— and may therefore concur with fraud without that meaning the same fact is punished twice.
For the defence, the task is to delimit which conducts are actually charged and to resist the automatic stacking of classifications. Not every use of a manipulated document is criminally relevant forgery, nor does every use of another person's data constitute usurpation under Article 401. Arguing the concurrence —whether of offences, of norms, or instrumental— has direct consequences for the final penalty and for the limitation period applicable to the whole.
The Article 197.7 gap for intimate deepfakes when the image is fully synthetic
When fraud or blackmail relies on sexual images or videos generated with AI, it is essential to be precise about the scope of Article 197.7 CC. This provision punishes the dissemination, without consent, of intimate images or recordings obtained with the victim's agreement in a private setting, where disclosure seriously harms their privacy. Its premise is that a real image of the affected person exists and is then circulated without permission.
The difficulty arises with the fully synthetic intimate deepfake: where the content does not start from a real recording but is fabricated entirely by a generative model from the victim's face, part of the legal scholarship considers that it does not sit comfortably within Article 197.7, because the intimate image obtained with consent that the offence presupposes is missing. This is the well-known gap concerning fabricated images, distinct from the reinforced protection that the real or simulated child pornography of Article 189 does afford when the victim is a minor.
This does not mean impunity. Depending on the case, the conduct may be channelled into threats or coercion where a demand is made (Articles 169 and 172 CC), into the offence against moral integrity of Article 173, into fraud where an asset transfer is obtained, or into defamation and the civil protection of the right to one's own image. The classification requires a careful analysis of the specific content and its origin, and the defence must ensure that the facts are not forced into an offence the legislator did not design for fabricated images.
Digital evidence, secrecy of communications and limitation
In these proceedings the evidence is essentially digital: emails, server logs, metadata, traces left by AI tools, destination wallets or accounts and seized devices. Its value depends entirely on having been obtained lawfully. The secrecy of communications is protected by Article 18.3 of the Constitution, and the interception of electronic communications requires judicial authorisation under Articles 588 bis a) and following and 588 ter of the Criminal Procedure Act. The search of mass data-storage devices requires the specific authorisation of Article 588 sexies. A measure carried out without proper legal cover may lead to the nullity of the evidence and of anything derived from it.
The defence must scrutinise the chain of custody, the integrity of the forensic images, the traceability of the data and respect for the principle of proportionality in the intrusion. In the evidentiary terrain of AI-driven fraud, it is also worth challenging technical attribution: the fact that content was generated or sent from a particular device or account does not by itself prove who was behind the keyboard.
As to limitation, Article 131 CC applies according to the offence's maximum penalty. Where the maximum penalty does not exceed five years' imprisonment, the offence prescribes after five years; where it exceeds five and does not exceed ten, it prescribes after ten years. There is no intermediate three-year band for these offences. On jurisdiction, the Investigating Court of the place of commission instructs the case, and the Criminal Court tries it where the penalty does not exceed five years, or the Provincial Court where it does; the National High Court has no competence unless an expressly assigned connecting point applies. In money-mule schemes —someone who lends their account to receive and forward funds— the key is intent: knowledge of the illicit origin can support intentional money laundering, while Article 301.3 CC punishes laundering committed through gross negligence, a decisive line between conviction, mitigation and acquittal.
Penalties & Consequences: Generative AI Fraud: Deepfakes, Vishing and Impersonation
| Type / Scenario | Criminal Penalty |
|---|---|
| Sexual deepfake (Arts. 197.7 and 173 CP) | Non-consensual distribution of real intimate images is prosecuted under the privacy offence (197.7); a fully synthetic deepfake is channelled into moral integrity (173) and related offences, as 197.7 requires a real image. |
| Aggravated fraud (Arts. 248 and 250 CP) | 1 to 6 years' imprisonment when cloned voice or deepfake is used in CEO fraud exceeding €50,000. |
| Identity impersonation (Art. 401 CP) | 6 months to 3 years' imprisonment for civil status usurpation. |
| Privacy offense (Art. 197 CP) | 1 to 4 years' imprisonment when there is personal data discovery or distribution. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Defense Strategy: Generative AI Fraud: Deepfakes, Vishing and Impersonation
Urgent 72h action
Capture, rapid expert analysis and distribution blocking in first 72h, key to limit damage.
Private prosecution
Appearance as private prosecution to drive investigation and obtain seizure order.
Ex delicto civil claim
Moral and patrimonial damages claim within the same criminal procedure.
AEPD coordination
Parallel claim before AEPD for illicit personal data processing, with autonomous sanction.
Cybercrime in Spain: Hacking, Phishing & Digital Fraud — Defence Guide
Cybercrime encompasses illegal access to computer systems (Art. 197 bis CP), computer damage and ransomware (Art. 264 CP), phishing and digital fraud (Art. 249.1.a CP), and the production or distribution of hacking tools (Art. 197 ter). Spain's prosecution of cybercrime has intensified dramatically, with specialised units in the National Police (BIT) and Guardia Civil (GDT) leading investigations. Defence requires a unique combination of criminal law expertise and advanced technical knowledge.
Penalty Table: Cybercrime
| Offence | Article | Description | Penalty |
|---|---|---|---|
| Illegal access to systems | Art. 197 bis | Unauthorised access breaching security measures | 6 months – 2 years |
| Interception of data | Art. 197 bis.2 | Intercepting non-public data transmissions | 3 months – 2 years |
| Production/supply of hacking tools | Art. 197 ter | Creating or distributing tools designed for cybercrime | 6 months – 2 years |
| Computer damage (basic) | Art. 264.1 | Deleting, damaging or making data inaccessible | 6 months – 3 years |
| Aggravated damage (critical infrastructure) | Art. 264.2 | Affecting essential services or critical infrastructure | 2 – 5 years prison |
| Cyber fraud (phishing) | Art. 249.1.a | IT manipulation to obtain unlawful transfer of assets | 6 months – 3 years |
Key Defence Strategies
IP Attribution Challenge
An IP address does not identify a person. Shared Wi-Fi networks, VPNs, Tor exit nodes and NAT configurations mean multiple users may share one IP. The prosecution must prove the accused was the actual user at the relevant time.
Chain of Digital Custody
Digital evidence is extremely fragile. If the police failed to image the hard drive with a write-blocker, if hash values don't match, or if evidence was handled improperly, the defence can seek exclusion of the entire digital evidence chain.
Authorised Security Testing
Ethical hacking and penetration testing carried out with the system owner's authorisation is legal. If the defendant had a written engagement contract, bug bounty agreement or responsible disclosure policy, there is no criminal offence.
Lack of 'Breaching Security Measures'
Art. 197 bis requires that security measures were breached. If the system had no password, no firewall, or the access point was public, the element of 'breaching security' may be absent, negating the offence.
Key Case Law
The Supreme Court confirmed that 'access' requires effectively entering the system, not merely attempting it. The prosecution must prove: (1) access occurred, (2) it was unauthorised, and (3) security measures were breached. Port scanning alone does not constitute the offence.
The Court ruled that ransomware attacks may constitute a concurrent offence of computer damage (Art. 264) and extortion (Art. 243 CP). The encryption of data satisfies the 'damage' element even if data is technically recoverable upon payment.
In phishing operations, the Court distinguished between the organiser and the 'money mule' (account holder). The mule's liability depends on proof of knowledge that the funds were illicit. Wilful blindness may suffice, but mere negligence does not.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.