Imagine your phone lighting up at midnight. The caller ID reads "Mom," the voice on the line sounds exactly like her, and she is asking you to wire money for a hospital deposit she does not have time to explain. Except it is not her. It is a stranger running a deepfake voice clone over a spoofed number.
Google says Android phones will soon catch that call before you answer it.
Editor
Kai T chevron_right
Table of Contents
What Google actually shipped
On Tuesday, the company announced fake call detection inside Phone by Google for Android 12 and higher, rolling out globally this month starting with Pixel. The mechanism is a silent "digital handshake" carried over Rich Communication Services. When a contact calls you, their phone sends a confirmation signal that proves the call is coming from their device. If a scammer spoofs the contact's number, that signal is missing. Your phone notices, pings the real contact's device to ask whether they are actually placing a call, and shows a warning on screen if the answer comes back as no.
The caveats are doing real work. Ars Technica reports that the verification only runs when both you and the person you think is calling have three Google apps installed: Phone by Google, Contacts, and Google Messages. Pixel and Motorola handsets ship with the trio pre-installed. Samsung, the second-largest smartphone brand in Malaysia after Xiaomi, has its own dialer that many of its customers still use, which silently breaks the handshake before it starts. The feature works smoothest in a Pixel-to-Pixel call. Most Malaysian phone calls are not Pixel-to-Pixel.
What it means for Malaysian readers
Malaysia has a phone-scam problem big enough to deserve a dedicated 24-hour hotline. The National Scam Response Centre (NSRC) logged RM1.12 billion in online-scam losses in just the first six months of 2025, averaging about RM6 million a day. The Centre moved its 997 hotline to round-the-clock operations on 1 July 2025 and now handles roughly 500 calls a day, about half of them genuine reports.
MyCERT's quarterly trackers point in the same direction. Phishing made up 68 percent of all fraud reports in Q1 2025, 69 percent in Q2, and 75 percent in Q3. Telecom fraud, which lumps Macau scams, voice phishing, and impersonation calls together, hit 28,698 incidents and RM715 million in losses across the year. Cases tied specifically to AI deepfake or voice cloning came in at about 450 with RM2.72 million in losses, a small slice today, but growing fast as voice models get cheaper to run.
Why the tool only solves part of the problem
Google's verification is genuinely useful for one specific scam pattern. Someone spoofs a relative's, boss's, or friend's number and asks for urgent help. If both phones run the Google trio, the missing handshake catches the impersonation before you take the bait. That covers the deepfake "Mom" call we opened with.
The verification cannot help with the scam Malaysians actually lose the most money to. The dominant tactic in MyCERT's incident reports is a caller impersonating a person you have never saved: the police, LHDN, a bank fraud department, MCMC, CyberSecurity Malaysia. MyCERT's resurgence alert on the pattern describes scammers calling from spoofed numbers with claims about parcels held by customs or arrest warrants, then steering victims toward a "verification" payment. An unknown number with a fake authority script never had a contact entry to verify against, so Google's check sits idle.
The bottom line
Treat the feature as one more layer, not a fix. For deepfake calls that pretend to be people you actually know, having Phone by Google, Google Contacts, and Google Messages installed on both ends is the simplest defense Android has shipped this year. For the LHDN, police, and bank impersonations that still dominate the actual Malaysian fraud bill, the advice does not change. Hang up, call back on a number you find yourself, and dial 997 if you have already paid.