Rendered at 15:50:41 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
saltcured 23 hours ago [-]
Sad times are coming for a lot of families and individuals. It isn't just that technology is upending our naive ideas of trust and authenticity. This is, essentially, the broad class of "confused deputy" attacks. And the robust mitigation is to disempower the easily confused deputy, rather than to think you can block confusing signals.
A looming problem with shifts in demographics and family structure is that many people will be slipping into cognitive decline without a formal transition to address their incompetence. Sadly, there is a point where the older person really needs to permanently delegate important decision-making to a trusted third party. They should no longer be legally empowered to authorize funds transfers, sign contracts, or even make medical decisions.
We're not really setup to handle this well. Not at the systemic level of protecting people from themselves, and not at the personal level of relinquishing control over our own lives. So we often have to let the sufferer fumble along and cause a lot of damage before the protections eventually kick in.
And, ironically, these protection mechanisms can also be corrupted into another scam and form of abuse. To totally de-risk would require some kind of time travel or perfect foresight. But in the real world, the damage is often not fully reversible when it is detected after the fact.
Perseids 21 hours ago [-]
I'm usually not one to focus on technological solutions given sociological problems, but this one seems to be a good exception. If we "just wanted to" [1] all this fake calls could be stopped by requiring strong authentication/authorization. We are very much used to just anybody being able to call my number, but that doesn't need to be the case. At the very least, cold calls should be treated as skeptical in the UI as instant messengers like Signal treat first messages. Probably this isn't enough, though, as it wouldn't have prevented the cases described in the article. Cold calling someone should probably require the caller to be traceable to a real, government-ID-verified person [2]. Even if that person is being defrauded themselves ("get a thousand bucks by installing this app and clicking a few screens") is would destroy the economics of the attack, as it would make each call expensive again.
[1] Structural inertia is the killer here. It will certainly not happen until the problem is huge enough.
[2] Exceptions can of course apply to numbers that are meant to primarily be cold called, like doctors offices. The callee possibly have to be specially trained to withstand this kind of attacks.
smallmancontrov 20 hours ago [-]
Speaking of which, what happened to SHAKEN/STIR? I thought the strong authentication requirements came down the pipe years ago and they were going to start turning off (or hiding by default) routes of low reputation. That was years ago, it was supposed to take years, but here we are years later and I still get loads of spam calls. What happened?
kjellsbells 16 hours ago [-]
I worked on STIR/SHAKEN for the two biggest US operators. The techies tried very hard to make it work, and, indeed, there was a brief time when it worked pretty well, but, the incentives from Corporate were and are fundamentally misaligned.
Type A attestation is, generally, solved. Carrier A attests that the number is one of theirs, and they know that the caller is one of theirs too and attached to their network.
However: this is a fraction of calls. Carriers also sell blocks of phone numbers without the corresponding access network. This is what allows you to pick, say, a Twilio number with a local area code. In these cases the best that can be hoped for is a lesser attestation.
But it gets worse, because the operator can also sell blocks of numbers to people with no direct connection to the US carriers and who need to spoof US numbers. That call from Capital One comes from the Philippines via two or three intermediate operators, none of whom can attest to much of anything. And into that gap ride the spammers.
Furthermore, in an Experian-like twist, some carriers also realized that businesses would pay to have their calls show up as "trusted" on the recipient's phone. So the standards were enhanced to deliver 'rich call data'. However, in order to be something worth paying for you also need a baseline of calls that do not have that premium look. A scam? You decide.
Finally, one other misaligned incentive. All of this needs VoIP. Not TDM (classic legacy telephony). However, the big US carriers make bank selling TDM circuits to the hundreds of small regional telcos, and refuse to sell them SIP trunks, because it's s such an easy money maker. So again, technology loses to incentives.
These incentives, to make money from phone numbers, vastly outpace what
cptroot 18 hours ago [-]
It's worth noting that TFA addresses this in the context of the scam: When the scam depends on the emotional reaction in response to a loved one's distress, it doesn't matter if the number the scam is coming from is unfamiliar. This means that the scam can use "technically correct" numbers that pass SHAKEN/STIR with no loss in conversion.
TFA also mentions that by routing calls through older non-IP networks you lose the accurate information, although it sounds like the FCC is slowly cracking down on this.
indymike 20 hours ago [-]
It is hard to get vendors to give up revenue no matter how illegal the source of revenue is.
smallmancontrov 20 hours ago [-]
So lots of judicially-unreachable call centers under judicially-unreachable telecoms need to lose reputation score and get spam-binned by default, just like email. I thought that was going to happen by now. Did the US telecoms just chicken out?
tartoran 18 hours ago [-]
Why not fine vendors instead? They'll quickly change the tune..
sdellis 20 hours ago [-]
I never answer my phone if I don't know who is calling me.
pavel_lishin 22 hours ago [-]
I think the hardest thing to come to terms with is not that this is the new reality, or even that this is soon going to be the new reality for our older relatives, but that this is coming for almost all of us.
armchairhacker 19 hours ago [-]
I think limited rights for old people are like limited rights for children: justified because there is cognitive decline, and every individual (except children who tragically die young) gets to live some life with full rights.
The biggest problem is that it’s depressing. A child gets to look forward to growing up and having full rights, an old person is already looking forward to declining and dying and the loss of rights reflects that. Another problem is that, just as some old people are scammed, taking away rights will have other old people abused by their “caretakers” (e.g. one relative hurting them and stealing from them even against other relatives, which already happens).
So I want to see it implemented but tied with our culture restoring respect for old people, giving them a sense of purpose, and looking out for those who aren’t our relatives. Specifically including reforming retirement homes, many which take advantage of their residents, and stronger safeguards against abusive relatives who (already are seizing and) abuse POA. I’d like to hear what old people themselves think, because maybe I don’t (empathetically) understand the consequences, but although maybe outside the Overton Window logically it seems reasonable.
f1ay 17 hours ago [-]
There's also the strain and discontent that comes with being the person who is taking away the rights and putting up guardrails for your loved ones. I opted not to do so for my mother shortly before she was scammed out of her life's savings, because I thought I could train her against scams.
close04 19 hours ago [-]
Children are legally differentiated from adults purely based on age, not some formal verification. You get extra rights and obligations at 18, that’s a very objective criterion.
Declaring someone mentally unfit is anything but objective and it’s very ripe for abuse.
Terr_ 15 hours ago [-]
> Children are legally differentiated from adults purely based on age, not some formal verification.
I’m saying that old people should also be differentiated by age: once you reach some age (maybe 70 or 80, the same age for everyone) you lose certain rights. This is separate from the existing system.
YeGoblynQueenne 19 hours ago [-]
[flagged]
jdashg 20 hours ago [-]
Disempowering deputies is how you end up with customer service that can't actually provide service to customers. Low-trust societies are a huge efficiency loss, and just a general pain in the ass if you are acting in good faith.
bluefirebrand 9 hours ago [-]
Like it or not, the Earth is a very low trust community. Old people get scammed by scammers from all over. This is a global problem, not a local problem
The global community is very low trust, unfortunately. That might be an unfixable problem
coldtea 19 hours ago [-]
How much "customer service" are we getting today, and of what quality?
butlike 19 hours ago [-]
> and not at the personal level of relinquishing control over our own lives
No one wants to do that. Once you give up control of your life you're essentially dead. Why would I want to voluntarily cede my rights so I'm relegated to being pushed around in a wheel chair while all my decisions are made by others? Because it makes my children, the people too young to have any perspective on the situation, feel better?
atleastoptimal 20 hours ago [-]
I wonder what percentage of the US GDP is "Fooling old people"
aaron695 14 hours ago [-]
[dead]
offsign 1 days ago [-]
Sounds like AI is just greasing the wheels of a long established 'grandparent scam'... goes something like this:
1) voice one: young adult calls, sobbing 2) grandparent inquires with a name... "Ben, is that you?" 3) voice one: "Yes grandma, it's me, Ben... I'm in trouble, please don't tell mom 4) voice two: "Hello, I'm attorney..."
My grandmother fell victim to this almost 20 years ago, which only stopped when Western Union refused to let her continue sending wires... she was forced to call her daughter (at which point they just called my brother.)
Our takeaway (at the time)... the voice doesn't even need to be terribly accurate, since the original interaction is brief / somewhat inaudible over the tears. Typically just requires an older vulnerable adult, a lucky strike with the initial setup (e.g. grandparent actually has a grandkid), and a lot of high pressure / duress salesmanship.
pavel_lishin 22 hours ago [-]
It's not "just" greasing the wheels, because previously each call required a human being to spend the equivalent amount of time on the phone with a victim, interacting with them - you couldn't just play a cassette tape at them, you know?
And it likely requires working with other people, your "employees", who are both a liability, and a cost.
With AI, you can make a thousand calls in parallel, for significantly cheaper, out of your own basement.
This greases the wheels of voice fraud like a gatling gun greases the wheels of hitting a guy with a rock.
glaslong 1 days ago [-]
"Greasing the wheels" seems right in principle, but possibly putting the accelerant factor a bit... mildly. Like going from burning the turkey in the oven, to deep frying and burning your whole house down.
> cybercrime losses across the United States rose 26 per cent in a single year
> The FBI was candid that even these figures understate the problem. AI attribution in the report reflects only what victims recognised and reported, and most victims of a cloned-voice call never learn that a machine was involved at all.
> INTERPOL found that AI-enhanced fraud is roughly four and a half times more profitable than its traditional equivalent, and that so-called agentic AI systems can now autonomously plan and execute entire fraud campaigns, from reconnaissance through to the ransom demand.
Forgeties79 22 hours ago [-]
To build on your point, I have this comment I wrote months ago that I end up pasting (or pasting a bit altered) probably every week:
“Before LLM’s there was_____” I see this whenever an LLM’s impact is assessed. We know. The issue is scale and the ability for smaller and smaller groups (down to individuals) to execute at scale.
LLM’s are pouring massive amount of gasoline on existing issues and people just keep shrugging.
Fake news always existed. Now one dude in India can flood multiple sock puppet media accounts with right wing content/images (actual example) at a scale previously unimaginable - or in this case, can target even more vulnerable elderly populations far more effectively.
People could always die crossing a street. Still, cars changed the discussion about pedestrian safety pretty materially. People didn’t simply throw up their hands and go “people have always been able to die crossing the street.”
Terr_ 15 hours ago [-]
As the quip goes, "Quantity has a quality all its own."
Although in this case, perhaps it's more like... throughput, capacity, or parallelism.
kraquepype 19 hours ago [-]
Don't worry, it's all worth it so long as we can get braindead summaries we didn't ask for, pretend to be the 10x engineer we always wanted to be, and generate fake videos for internet points!
(sarcastic rant over)
Most of the benefits of AI are being overshadowed by the lack of regulation and reckless abandon at which they are being developed.
Given the current trajectory I don't know if that's going to change before it's too late.
Forgeties79 19 hours ago [-]
And the crux of it all is people over promising and refusing to recalibrate expectations. LLM’s are kind of incredible, but we did not develop some magical tool that can do everyone’s job for them and/or answer every question with even semi-regular accuracy. it is a far more limited tool than any company, politician, or AI evangelist is willing to admit
bluefirebrand 9 hours ago [-]
It's hard to measure but I would put money that AI is enabling a lot more harm than it is boosting productivity
If you think it is boosting productivity a lot that's fine. Just realize that it is probably enabling even more harm than that
Forgeties79 3 hours ago [-]
I’m in the harm “it causes more harm than good” camp tbh
Foobar8568 1 days ago [-]
I told my parents that I will never ask for money, doesn't matter the situation, even with live video, it's trivial to generate live audio and video nowadays.
I hope they got the message.
abirch 1 days ago [-]
Fortunately for me, my parents wouldn't be able to get the live video working.
saidnooneever 1 days ago [-]
i agreed key phrases. id recommend it. something unrelated to the family and totally arbitrary, agreedupon only verbally. (or write it down for them if they are old and memory is an issue. you can remind them to read your note out loud.. easy).
this way, you do not footgun yourself in the event you'd ever need to ask something. Money isnt the only thing they can ask, and no one (i think) has a glass orb to tell their future and know for certain such a call would never happen. its easy to think it wont happen to you, i think that is most peoples' sentiment until it does. (having a need for help from family that is)
mikepurvis 1 days ago [-]
Key phrases make sense to put in place, but another easy safeguard is:
"Before you send anything to anyone, ever, call them back. Doesn't matter if it's me, the bank, a lawyer, whatever... tell them 'hang on I have another call coming in, let me just call you back in a few minutes, okay?'"
vidarh 1 days ago [-]
I overheard a cab driver being scammed by someone claiming to be HMRC (UK version of the IRS), and when he asked to call them back they managed to convince him to call them back on Viber, and he was about to when I intervened and pointed out to him that 1) what I'd overheard was blatantly a scam, 2) if he was unsure, to go to their official website and find their number...
If you're going to get people to call you back, it has the problem of ensuring that they call you back on your real number - giving reasons why they have to call you back on some other number is way too easy ("I've lost my phone", "my phone is at home", and so on)
spiddy 22 hours ago [-]
Also, make sure to use official website, not just Google search, or any chat agent question, the SEO are sometimes poisoned with scam phone numbers.
I consider myself always to be wary of scams and my trust-level is zero when they call me, but I recently almost got myself hooked on an airline support call. I google searched the support number and trusted the AI summary on top and called it, they asked me my reservation number and I happily provided. With the reservation number they have public access to the entire reservation details, they knew my name, my flight, my co-passenger details everything. I called to do a reservation for my pet which is normally not done online. their problem, they got greedy and asked me more than pet travel, iirc they said there was a problem with one of my flights, it wasn't paid and I had to repay on the call. If they just followed along instead of going by the script I would have paid the pet travel amount.
saidnooneever 10 hours ago [-]
you need to be able to call them back on your own accord. not by them giving you a number to call or calling the same nr back again
xp84 1 days ago [-]
Not a thorough safeguard, if scammers have half a brain cell they can provision a VOIP number for such a request. They’re nothing if not accommodating.
wlesieutre 23 hours ago [-]
You're supposed to call them back on a number you know is really that person/company. This ensures the person you're talking to is actually from your bank and not just calling from a random number and saying "I'm from your bank," or even spoofing a real number of your bank or a family member, because when you call back it will go to the real person and not the impostor.
This is a very useful precaution for banks, and for or calls that come from a family member's real phone number.
But scammers will just open with "I'm in trouble and my phone died" or "I'm in jail calling from a pay phone" and calling back won't do anything to help with that.
xp84 21 hours ago [-]
Yes, that's my point. There will be a "reason" why the callback needs to be another number.
Also, given at least in America, our cell phone providers STILL haven't fully blocked caller ID spoofing (last I checked, they just add some tiny icon in the rare case that the CID is trustable, and I'd bet 99.9% of people don't even know that exists!) they can spoof the initial call as your number and many targets will probably mistakenly think the CID match is good enough to just skip it, especially in this "very urgent situation" with you being held at knifepoint by the corrupt third-world cops or whatever.
coldtea 19 hours ago [-]
You call them back on the actual number - e.g. the official number of the bank, or the contact number of your friend, or the phone of your kid, etc, that you know or can find independently.
Not any old random number they give you.
ceejayoz 1 days ago [-]
"They say they're going to cut a finger off every time you hang up."
toast0 23 hours ago [-]
"I guess we'll start calling you Pinky"
xp84 1 days ago [-]
“But, Ben, you didn’t ask me for money when you called last night at 2AM. You asked for $4,000 in Fortnite gift cards to be released from Mexican prison. Thankfully 7-11 had them and was open!”
root-parent 1 days ago [-]
The best things to stop these AI voice schemes, is to agree on a family password. The cloned AI voice will not known it.
ferngodfather 1 days ago [-]
That's a great idea. What do you use as your family password?
kibwen 23 hours ago [-]
Nice try, but our password is the same as the password to my HN account, and for security HN automatically censors your password if you type it in a comment. See: *******
Joke's on you, now I know your password is 7 chars, but more importantly, I also know your password is not 7 stars.
spwa4 4 hours ago [-]
It's seven 7s, but I've never told anyone the order, so it's safe.
TonyTrapp 22 hours ago [-]
hunter2 my hunter2!
alienbaby 23 hours ago [-]
*********
Oh yeah! Neat.
pixelready 22 hours ago [-]
This thread just gave me a pang of nostalgia. I think the first time I saw this interaction was in an AOL chat room, or maybe an early MUD. I miss the good old silly internet…
root-parent 23 hours ago [-]
Nice try.
kirubakaran 23 hours ago [-]
Hey "nice try" is my family password too!
stronglikedan 1 days ago [-]
I recently did the same, and I, too, hope they got the message. We agreed that there is nothing that needs to be acted upon immediately, and that anything questionable would be discussed with the whole family first.
f1ay 11 hours ago [-]
That wasn't enough for my mom. I went through an identical scenario, and about 6 months after we had the conversation she got hit.
chrisjj 1 days ago [-]
They might not believe it - for good reason.
trhaynes 23 hours ago [-]
YC S27's ScamMyGrandparents.com lets you simulate these against your own grandparents, so you can shame and educate them when they naively wire your college trust fund to a safe account. You are able to refund either the whole amount, or keep some for yourself since they won't know any better. The cost of service is variable depending on how many homes they own.
f1ay 6 hours ago [-]
You got me dead to rights with this, because I literally bought dontscamgrandma.com earlier this week and it took a heart jumping second to catch the joke.
We're staying away from the trust funds and shame though.
ikesau 23 hours ago [-]
You got me excited, because I've wanted something like this for a while. Obviously without the actual extortion, but everything up to that point. White hat scamming, to teach our parents what it's actually like before it happens.
exolymph 21 hours ago [-]
I read this comment and was like "but what is their business model?" before I realized
red-iron-pine 2 hours ago [-]
in 2026 grift is the way of life, not crazy to see YC going that way eventually
psygn89 1 days ago [-]
I remember my JROTC instructor also running into that and how she said afterwards they have a secret phrase between them two as a way of verifying it's truly them.
throwaway89201 1 days ago [-]
It's very, very hard for untrained people to be strict about verifying any secret phrase. The attacker can make all kinds of excuses, while creating urgency, and many people quickly abandon verifying the phrase. A scene in One Battle After Another comes to mind.
Karliss 24 hours ago [-]
Scammers can also trick the victim into reversing the roles and telling password to scammer. Even banks ocassionaly get this wrong. I have had my bank call me and ask me to read numbers from number card. If a trained bank employee following a script designed by (hopefully) an expert cant get it right, the chance of elderly relative spotting mistakes in protocol is close to 0.
thwarted 23 hours ago [-]
The bank is trying to authenticate you, while you're trying to authenticate the bank. The bank calls and tries to authenticate themselves to the callee by saying "is your birthday such and such?", they're risking sharing PII with an unauthorized third-party. The solutions are a non-trivial amount of effort that no one really wants to put up with, unfortunately.
I used to have a residential mortgage with two other people and my name was stuffed into some ancillary field as a co-holder and they refused to give me any information or transact over the phone. I eventually figured out I needed to tell them to look in some extended info field, and the whole endeavor was annoying but ultimately I was appreciative of the strictness (that the entire mortgage data model—at the time (25 years ago), I don't know what it's like today—seems to assume that it will only ever be two people of opposite gender who are married will be on a mortgage was much more disappointing. The other two people were assumed to be married and the woman was seemingly by default listed as the non-primary).
FireBeyond 20 hours ago [-]
Hah, I had a background check company for a previous employer send me an email saying:
"Hi Firebeyond, we're doing a background check. Can you confirm the following info you entered into our portal?" then proceeds to list full SSN, drivers license, DOB, etc., etc., etc.
"... and can you also confirm that this is the correct email address we have on file?"
All the while they had reached out by FB Messenger to my partner (not that she was in any of the info I submitted, and this was just a standard BG check, not a security clearance) to ask her if she knew me...
Luckily, my new employer was as horrified as I was, apologized profusely, and fired the background check company.
ceejayoz 1 days ago [-]
At some point, the scam evolves to a live video of a gagged loved one being tortured. "Stop wasting my time or they lose another finger."
People aren't prepared for this shit.
masfuerte 23 hours ago [-]
I know lots of old people who have instant access to quite significant sums of money and many of them just don't need it. I don't need it. I'd be happy to opt-in to, say, a three day wait period on new payment recipients, but my bank doesn't offer that.
Symbiote 21 hours ago [-]
One of my banks as well as my investment broker have a three day wait to increase the maximum transaction limit.
I have them both set at about €150.
I think for the bank I can go to a branch to avoid the limit, but that will be with the full fraud suspicion of the teller.
xp84 1 days ago [-]
Oh, man. That does seem likely. What a world. I wonder if eventually there won’t be a human in the loop, just a model trained to make money with a strategy like that, automatedly selecting victims and a person to be impersonated for each. Pre-render a few videos, place multiple calls in parallel. Basically a turnkey Docker container that takes a bitcoin address as a parameter and fills it with stolen money.
Martinussen 1 days ago [-]
Just add video and a better voip endpoint to existing setups and you're already there. A lot of scams can be (and are) run by a small handful of people now. Phishing at scale with stuff like fake tracking links etc. is already fully automated by people in a ton of ways and can definitely handle some back-and-forth over sms/whatsapp/whatever.
trollbridge 24 hours ago [-]
Long-term, it would mean that videos like that no longer function as a proof of life nor as a credible threat.
vkou 22 hours ago [-]
That only poisons the pool for actual kidnappers, not scammers.
KludgeShySir 23 hours ago [-]
"Are you prepared to bring them down to a total of 11 fingers?!?"
saidnooneever 1 days ago [-]
lucky strike is the key here they can do this with VOIP really easily to massive amounts of numbers. its staggering amounts if you look at the traffic really. worst is if they proxy that via residential proxy services which often come from end-user / individuals phones so the traffic is hard to detect for carriers etc. since it looks like a regular VOIP app connection.
written-beyond 19 hours ago [-]
Sounds like something gogograndparent can add as a VAS
spenvo 22 hours ago [-]
This old post of mine may be of interest, where I point out: "After a bit of threat modeling, it becomes apparent that future spearphishing robocalls may not directly con you, but rather “farm” your voice data by asking you benign questions, and use that to train a voice model to penetrate more deeply into your network." A lot of this writing has been on the wall forever and many (I'm sure otherwise smart people in) mission critical industries like banking, ISPs, and more refused to even acknowledge the risks.
2021 - "Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication" https://keydiscussions.com/2021/12/07/despite-the-prevalence... ends with a section called "The next crisis: robocalls that spoof the voices of victims at scale"
franktankbank 14 hours ago [-]
Do not answer calls from random numbers. When has that ever been a benefit?
spenvo 14 hours ago [-]
Telcos need to implement STIR/SHAKEN in a binding way and it needs to be fully integrated into iOS/Android's UI. Spammers call from spoofed numbers, even numbers of, say, local schools (or from other people in your business) - so, if you get a call from a school and you've got kids, would you pick up? A couple of years ago I got a text that was "sent" from my boss (he didn't send it), etc.. The numbers aren't random.
imoverclocked 1 days ago [-]
So, you answer your phone to the scam and… now they have your voice too.
Talking on the phone is now an unmitigated liability.
abirch 1 days ago [-]
A few years back, I would talk with scammers for a while to waste their time. Now I don't.
LPT: Please have a codeword or phrase that you use with your loved ones so even if the scammers use your voice, they won't know the phrase.
Hackbraten 1 days ago [-]
> LPT: Please have a codeword or phrase that you use with your loved ones
They keep refusing ideas like these on the grounds of them being “not stupid” and “able to see through such attempts immediately, 100% of the time” and “do you think we’re stupid?”
autoexec 24 hours ago [-]
They might actually be a bit stupid, but maybe they'll do it if you tell them it's because you are worried that you would fall for a scammer impersonating them. That at least would let them keep their stupid pride.
pmarreck 24 hours ago [-]
The article makes a point of explaining how the world-renowned expert on identifying deepfake scams can no longer pass his own tests.
If an expert can't distinguish, it has absolutely nothing to do with being "stupid" or not. So send them that, maybe.
If they are still stubborn about it, then thank them for contributing to the future funding of Scam the World With AI.
GolfPopper 22 hours ago [-]
Or maybe Deckard was a replicant the whole time.
madaxe_again 19 hours ago [-]
You don’t even need this. You just ask “what did we do last Tuesday”. A scammer will hang up, even if the actual answer is “I haven’t seen you in two years”.
TomK32 1 days ago [-]
I'm getting a lot of calls recently and don't give them more than a Hello and whatever music, radio show or Tour de France broadcast I'm listening to. Sometimes they hang in there for half a minute.
xp84 1 days ago [-]
Sometimes if I’m suspicious about the number now, I just answer and say nothing. A human will get confused after 5 seconds and say “Hello?Hello??” But the very shitty bots that usually call, just wait patiently for a long time for your hello, and don’t seem at all fazed by it.
pavel_lishin 22 hours ago [-]
You get actual humans calling you from unknown numbers? Lucky! I only ever get "Chase" from "Home Security Solutions" or whatever.
xp84 21 hours ago [-]
Yeah, recently I've had quite a few legitimate ones, mostly having to do with home renovations or other transactions.
I like most am deeply unsatisfied with the archaic system though of a basically unchangeable 10-digit number granting permission for anyone to fill up my phone with messages and interrupt me with calls, and hate that I have to ever answer calls from a number I don't know.
I really would like a mutual opt-in system, where you have to pre-establish consent before it's even possible to message or call you, but it seems impossible to get there from here. We can't even get the stupid cell phone companies to strongly enforce that caller ID isn't spoofed!
butlike 19 hours ago [-]
How do you meet people if it's pre-established consent. Eventually someone needs to say 'hi' without the consent of the other person. In all things.
xp84 16 hours ago [-]
Sure, I'd answer with an example of it done well. When "Instant Messaging" was a huge deal circa 2000, if you got a message from a new person on most platforms, you'd get a chat invitation. You could accept and allow them, or dismiss them and never hear from them again. (Of course this had a vulnerability if you could generate new accounts too easily, so spam activity varied depending on how easy it was to have bots sign up).
Phone calls and SMS should be like that, which, they almost could be today just with the phone OS keeping track of who you've previously "accepted."[1]
Except.
The identifiers (phone numbers) are nearly infinite, and nearly free, so the scammers just use a "new to you" number every time they call you, allowing each one to generate a new 'invitation.'
And of course to make it worse, the "numbers" are actually truly free since they can spoof any number they want all day long and to this day, most of those calls will go through and not even show a big red flag.
That last part is entirely reprehensible that our carriers haven't solved it by now, but apparently they don't want to.
[1] and also there's that sticky problem that some arbitrary company like say, a health insurance company or the state government, has 1000 departments who might call you, and they couldn't give you a full list if they wanted to.
pavel_lishin 18 hours ago [-]
In person or online.
How often have you met people over the phone in the past decade?
I will say that blocking all unrecognized numbers, though, is an unworkable idea. Any parent or caregiver knows that they need to be able to occasionally receive calls from a number they've never heard of before.
iron_ball 21 hours ago [-]
The article mentions this strategy, and points out that when confronted with an emotional emergency situation, the victims simply might not remember to use the protocol.
Not a bad idea, but not a brick wall.
dieselgate 23 hours ago [-]
[dead]
gilleain 1 days ago [-]
The only solution? Answer the phone in an over the top comedy accent, such as Simpsons characters, or just whatever comes to mind.
matltc 1 days ago [-]
A terse, altered "Hello" is all I say. Sometimes I don't say anything. Most humans would wait a few seconds then prompt with "...Hello?", whereas bots tend to hang up after ~2s silence
deepspace 19 hours ago [-]
That's my experience too. I mostly don't pick up calls from numbers that I don't recognize. On the very rare occasion that I am expecting such a call, I always stay silent after picking up. A real human will without fail start talking after a second or two.
zelphirkalt 22 hours ago [-]
When it is a human scam caller, what I sometimes do is to say "Hello" and then, when they start talking, and I can already guess they are full of shit, I act as if I am not hearing them properly and say "Hello?? Heeellooo? Hello?" Then they hang up lol.
lowbloodsugar 1 days ago [-]
Don’t you guys have phones that screen calls?
matltc 18 hours ago [-]
Yes, but false negatives fall through. I don't pay for the call screening; maybe a paid version would be more successful.
Mostly ignore unknown numbers, but if I'm expecting a call, I will pick up.
Symbiote 21 hours ago [-]
My colleagues regularly get calls from nurseries, daycare, parents at the after school club, friends of their children or their parents and so on.
They can probably ignore international calls, although only probably.
rationalist 22 hours ago [-]
Yep, if the number is not in my comtacts, it goes straight to voicemail.
amanaplanacanal 1 days ago [-]
I just don't answer the phone. If it's important, they can leave a message.
andrepd 1 days ago [-]
I actually fucking do this, and have done for a year or two. Sad state of affairs.
baxtr 1 days ago [-]
I somewhere read about a service that would use AI generated voices to combat these scam calls, basically talking to the forever. Forgot the name though...
kerridge0 22 hours ago [-]
It's Lenny
Nzen 22 hours ago [-]
Thank you [0]. I searched and all I could find was Virgin Media's Daisy [1].
> Every article published on SmarterArticles is authored and editorially controlled by Tim Green. Artificial intelligence tools are used within a structured and supervised workflow as research and drafting instruments. All arguments, framing decisions, source selections, and final publication choices remain human-directed and under my full responsibility.
There are references at the bottom, but I would have preferred direct links or footnotes within the article. Also, direct quotes are nice. I didn’t notice any glaring AI cliches.
Aurornis 1 days ago [-]
> Artificial intelligence tools are used within a structured and supervised workflow as research and drafting instruments.
This has become the highbrow way of admitting that AI is writing the articles: Calling it “drafting” is another way of saying that the article was written by AI and the person publishing it maybe reviewed it. Maybe they skimmed it and published it directly.
For what it’s worth the article felt obviously AI heavy to my first read.
pessimizer 1 days ago [-]
> Calling it “drafting” is another way of saying that the article was written by AI and the person publishing it maybe reviewed it.
I don't think that's a safe assumption. You could construct an article pretty quickly if you had a topic, a few points to hit, a conclusion and a short list of links, then fed that to the machine. All the LLM would be doing is fluffing it up with worthless words, unnecessary metaphors and maybe a pop culture reference or two so it looks like what people expect from an "article."
"Rewrite this as a slate dot com article"
If it were an email newsletter instead, there wouldn't be that fluffy expectation and you could just leave the bullet points and links as they were.
Aurornis 1 days ago [-]
> I don't think that's a safe assumption. You could construct an article pretty quickly if you had a topic, a few points to hit, a conclusion and a short list of links, then fed that to the machine. All the LLM would be doing is fluffing it up with worthless words, unnecessary metaphors and maybe a pop culture reference or two so it looks like what people expect from an "article."
We’re not disagreeing? That’s basically what I said: The AI wrote the article. Saying it drafted the article is a way of admitting it was written by AI but making it sound like it was actually a journalistic endeavor.
rda2 1 days ago [-]
Interesting, something about the phrasing and pacing felt like AI to me, but not a model I’m familiar with - I guess that’s why. Usually I close articles once I realize they’re AI written, but this one was mild enough that I finished the whole thing.
stronglikedan 1 days ago [-]
A good example of someone using AI as a tool and owning their output they should. The craftsman is still responsible for straightening the bent nail, even if it were the hammer that slipped.
aqfamnzc 1 days ago [-]
I suspect this is much more common than you're imagining. I think it'd be silly for publishers of any kind, really, to not use AI tools for things like fact checking and so on.
saaaaaam 1 days ago [-]
Interesting. To me it reeks of AI, and the first major tell was the first paragraph, at which point I stopped reading.
> No human had. The crying had been synthesised from a fragment of audio, and the daughter she thought she was rescuing existed only as a pattern of numbers in someone else's machine.
Brendinooo 1 days ago [-]
Yeah, I can't explain it but the headings feel very AI. And there are a bunch of things in the text that remind me of chats I have with Claude during the day job
>and it is worth being clear about why
>The emotional mechanism the scam exploits is not a gap in knowledge that a leaflet can fill; it is the love a person has for their grandchild, weaponised
>These are not the numbers of a credulous minority being separated from pocket money. They are the numbers of a generation's accumulated savings being drained
>that a fraud requiring the absolute frontier of machine learning can be perpetrated against an ordinary grandmother in her kitchen, at scale, for the price of nothing
(To be clear this isn't automatically disqualifying to me. But I am interested in LLM writing patterns and my ability to detect them. And in the case of this article I sense the kind of linguistic padding that has made Claude a little harder to work with in the more recent Opus point releases because it obscures the most important bits of information.)
trollbridge 23 hours ago [-]
One of the best ways to 'detect' AI is to have a job where you're stuck reading novel output from Claude, etc. all day.
vidarh 1 days ago [-]
That's pure generic "I'm getting paid by the word" article writing. If it reads to AI to you it's in part because AI has been trained on a billion articles like that.
wrs 24 hours ago [-]
Everyone suffers from this, not just the scam victims. I opened a bank account for a new business this year, and the friction for doing perfectly normal things was ridiculous due to the bank’s paranoia about scams. I couldn’t even make an initial deposit from my previous business, or transfer money to my personal account, without triggering a fraud alert and freezing the entire account (couldn’t even log into the bank website) until I could call and verify that it really was me on both ends of the transaction.
dieselgate 23 hours ago [-]
From a business perspective genuinely curious to know general location and bank name for this. In WA state I've only dealt with minor scrutiny (from credit union not bank) asking if the business is involved with cannabis otherwise it's been easy.
wrs 21 hours ago [-]
This was Chase, in WA. Part of the problem may be that I used an address on the account application that didn't match the one on the state company registration. Rather than let me update the application, they required that I update the state registration to match it ($50 fee btw). (To be clear, both addresses were current and valid.) That may have set some kind of risk flag that increased scrutiny later.
But they were specifically worried about the transfers being scams -- at least, that's what they said. They insisted on calling my other bank to verify that I was in fact the owner of the other business account. And I know there's been a big increase in things like fake real-estate scams, so paranoia is understandable.
However, the way bank fraud/risk departments work is generally completely opaque. I've previously had Bank of America refuse to open an account, with no reason given and no possible recourse. And I can't imagine a much more vanilla, boring, good-credit person than me, so I have no idea what set them off!
Animats 23 hours ago [-]
This article is about the retail version of this kind of fraud.
Impersonating CEOs is a thing, and the dollar amounts are much larger.
The attackers created AI-generated video and audio replicas of the CFO and other executives of the global engineering firm. These deepfakes were deployed in a live video call – not as a pre-recorded video, but as a real-time conference with multiple participants. The finance employee saw and heard his superiors in what appeared to be a normal conference situation. The instructions came through clearly and consistently. Urgency was created by framing the situation as a supposed corporate acquisition. Within a single session, he approved 15 individual transfers to various accounts in Hong Kong.[1] That fraud yielded US$25 million.
Arrange a secret phrase in advance- ideally generated randomly. Stick it up on the wall of the aging parent or grandparent- maybe in the bedroom, where guests are unlikely to go. Make it innocuous-looking (hidden in plain sight). Require that phrase to be said to prove identity. Reset it if it ever gets used on a call legitimately.
ButlerianJihad 19 hours ago [-]
Personally, I require all my aging grandparents to carry a Yubikey, with an identical one always stored in a safe-deposit box. Then, on demand, they simply mate their Yubikey with a specially-prepared GrapheneOS device, open their Firefox app, and connect to the dedicated mesh network, run by and for aging grandparents. Then they run their right ring finger over the fingerprint sensor, but it must be done in a Morse-code pattern that matches their unique tattoo (I am unable to divulge the location or encoding of this tattoo). Once these conditions are met, their physical presence is confirmed by the Yubikeys of at least 2 other aging grandparents of equal or higher reputation.
It's really simple and straightforward, and there is no need to really document the workflow here, because all the aging grandparents are extensively trained and drilled every two weeks, by the aging great-grandparents who've been using this same exact system for the past 50 years.
ButlerianJihad 18 hours ago [-]
Seriously though, I'd like to make two points:
1: Your family members already have shared "secrets" if they communicate regularly. It could be pet names, terms of endearment, shared experiences, unique monikers for things. It's language that is already familiar and you already use quite often. You should leverage that, and rely on that familiarity in a crisis, rather than trying to contrive something special for crisis-only ID. The attackers' greatest weapon is your own confusion, your own willingness to believe, and creating a sense of urgency. Your attackers' 3 greatest weapons. Don't panic.
2: My maternal grandmother was widowed and lived alone for decades. She had certain ways of knowing things. For example, every time we'd come home, she would test the doorknob. If some stranger had come and tried to jiggle the doorknob, we could tell by its feel. Just a simple mechanical giveaway. When Mom and/or Dad came by, they rang the doorbell by a special pattern. It wasn't complex, but it was distinct and recognizable from inside. It wasn't a securely encrypted ID, just a "secondary ring" that was unlike a stranger's touch on the doorbell button. And, of course, my parents can always interpret the antics of their indoor cat, in regards to who is approaching the house by car or on foot...
pmarreck 18 hours ago [-]
LOL.
laszlojamf 1 days ago [-]
AI definitely amplifies this problem, but it's not like it didn't exist before. Old people get scammed the old way all the time too. My mom calls me every once in a while asking about some freebie offer that she gets emailed from sketchy domains claiming to be spotify or something.
Not saying that "there's nothing we can do" or anything, but it does feel like this is one of those instincts that you develop growing up with the internet. Like, my first instinct reading that (and I hope getting that call) would be "what the hell is the lawyer doing at the scene". You have to treat _everything_ coming through your phone as potentially untrusted. I don't have any data on this, but it feels like my friends, and especially younger people, do that automatically.
The primary defence against all phishing is to tell yourself: nothing is ever really that urgent. Nothing is ever that good.
reddit_clone 23 hours ago [-]
A friend and his wife _almost_ fell victim to this last year, in Texas.
I think it is a standard script now. Call comes from police department. 'Your son hit a pregnant woman. He is about to be booked. You need to pay $$$$ yada yada'. With an authentic sounding voice conversation from their son.
In spite of several red flags (in hindsight) they withdrew $15K from bank, and somehow at the last minute pulled back.
Edit: Scammers know how to push the right buttons.
milesvp 19 hours ago [-]
Does anyone know if Ben Jordan's AI generated music algorithm would work here to spot fake voices? He's looking for compression artifacts introduced from the training data in the output music. I'd expect similar compression was used for training general voice data. Only issue I can think of is the compression of the audio link most of these scams are going to be using might mask the training data compression.
linsomniac 21 hours ago [-]
A year ago I promoted the idea among my wife's family that we should establish a sign/countersign system for the family and use it regularly so that in the event of something like this we could positively identify a legit request.
Would have come in handy when our niece was traveling in Asia and asked for money a few times, but in this case it wasn't a scam.
I got no traction with it, which I was a bit surprised by because one of the family members works at the Puzzle Palace.
Cider9986 19 hours ago [-]
A shared TOTP in an app could also work.
linsomniac 19 hours ago [-]
My concern there is that the friction is too high: it wouldn't be something that family members would use in casual conversation, and could also be written off by the AI: "They won't give me my phone", "I lost my phone", etc...
"Did you see that game last night" replied to with "The Visitors are my favorite team" is something you could say instead of "hi" as a family.
revolvingthrow 1 days ago [-]
The problem described in the article is unsolvable, given that a mid-range desktop from a few years ago can easily clone a voice that's convincing enough and there are no guardrails to those. Some silly KYC laws might limit a highschool kid making deepfakes of his crush, but once a model exists it's trivial to spread it around, and for organized groups to get ahold of those. Similar will happen with images, it's just that nobody with any serious money bothered releasing image gen models that compete with gemini or chatgpt -- but it's just a question of time. A year or three, what difference does it really make?
As the cost goes down to near-zero you can scale it up almost infinitely, especially if the profits are high enough to get some smart people working on the problem, which going by the article is already the case ("INTERPOL's finding that AI-enhanced fraud is four and a half times more profitable than the traditional kind"; incidents rose by 26% last year). If AI does succeed on mutilating white collar work enough there will be a large supply of knowledge workers that might just join International Scam Co. rather than have their families go homeless. Drowning man clutching at straw and all.
So if technologically it's impossible to prevent and societally it's impossible to prevent (like the attorney that got pwned same as the grandma), I'm not sure if there exists an answer that isn't worse than the thing it's supposed to prevent. I suppose we'll soon be in a situation where nothing we don't directly perceive in real life is provably true. That journalism and media in general seem to be in a deep crisis of trustworthiness means that you won't even get the benefit of the chain-of-trust as a proxy for whether something is or isn't real.
Ignoring everything happening outside of your immediate surroundings is a choice, and probably even good for people's mental health, but my gut feeling is that it does make humanity as a whole dumber and disempowered. What does corruption matter if nobody cares, or even hears about it? It was AI generated by $current_enemy anyway; nothing to see here, citizen.
cogman10 1 days ago [-]
> The problem described in the article is unsolvable
Well, not completely unsolvable. But nobody would like the solution.
What all these scams rely on is a way to transfer money in an irrevocable fashion. Restrict that in meaningful ways and you end a lot of the abilities for these scams to operate.
You could, for example, outlaw gift cards as a start. You could force the likes of Western Union to have a holding period before releasing money. Crypto would be hard as any regulation against it is pretty easily circumvented, but you could outlaw crypto currency exchanges (I'd worry less about crypto though as it's pretty hard for grandma to reliably setup).
loumf 1 days ago [-]
Also cash? Scammers will (and do) send a mule to your house to pick up boxes of cash.
cogman10 1 days ago [-]
You certainly could.
There's a reason scammers rely heavily on things like gift cards, it's because hiring mules is expensive and creates a trail police can follow back to the scammers. It requires them to be in the same locale as the person they are scamming. Mailing cash is also pretty dicey for the scammers because you have to send the mail to a valid address. That becomes something police can trace.
If you wanted to completely eliminate scams then yeah, you'd also outlaw cash.
fhdkweig 24 hours ago [-]
> (I'd worry less about crypto though as it's pretty hard for grandma to reliably setup).
Difficulty in setting up a money transfer is not a hindrance. I have heard stories of scammers walking someone through the entire process to getting a mortgage on a house on the A&E Intervention episode of Greg. If they think you have money and they think you are gullible, they will devote time and effort to getting it.
SoftTalker 1 days ago [-]
Also education. No court or attorney is going to demand payment of any fines or bail in gift cards or send a courier to pick up cash.
High schools should teach how to spot a scam. As others have observed, this is not a new one, it's just gotten more high-tech and convincing. This is one of many practical things our schools should teach about that they just don't.
cogman10 19 hours ago [-]
Education can only do so much. And, really unfortunately, as people age their brains don't work as well as they once did in their youth.
That's the primary reason why so many scammers target old people. It's less to do with education and more to do with the fact that as people age they become naturally more trusting.
SoftTalker 14 hours ago [-]
When does that start. Because at 60 I'm far less trusting than I was at 30. Seen too much of the worst of people and less and less of the best.
natebc 24 hours ago [-]
> (I'd worry less about crypto though as it's pretty hard for grandma to reliably setup)
These scumbags send grandma to a Bitcoin ATM.
trollbridge 23 hours ago [-]
Most usage of Bitcoin ATMs (they're actually "reverse ATMs"0 in America is for these scams. Eliminating them would be a great start; they really have no legitimate purpose.
A while ago, some police department simply seized them and the cash inside and reimbursed victims with the proceeds thereof.
natebc 21 hours ago [-]
I didn't know that they (the reverse ATMs) were being outlawed until i saw a Kitboga + AARP interview on youtube the other day.
Yet all of this can be easily defeated with soft language. The basic check "what's the password/verification word" will defeat this every time. This is basically opsec that we taught my grandparents, who were in their 90s. Its doable.
tantalor 1 days ago [-]
Yes but that's more of a mitigation than prevention. It's an additional step, you have to remember to do it, and under the pressure of the situation you might easily forget to do it.
greygood 23 hours ago [-]
Code words break down emotionally. Many seniors do not reliably trust their own memory during a frightening call
hyperhello 1 days ago [-]
So they trick the kid out of the password first by calling them and pretending to be the parent.
_cs2017_ 24 hours ago [-]
How is that possible?
The procedure is:
1. Kid tells password to parent in person.
2. From then on: when kid calls parent, if kid requests anything sensitive, parent ask for the password, and kid must provide it.
3. Password is never mentioned over the phone in any other situation.
How would anyone be able to extract the password from the kid?
hyperhello 23 hours ago [-]
"Kid/Grandma, someone is trying that scam where they pretend to be you on a call!"
"Oh my gosh Dad/Son! You know we have a password for that!"
"Yes -- actually, use it now so WE BOTH KNOW YOU'RE NOT A SCAM!"
"Sure, Dad/Son! It's DOUBLE CHEESEBURGER!"
"Thanks!"
xp84 1 days ago [-]
Hilarious. “Hey, someone who says they’re you is calling me. Remind me again what the password is that they’re supposed to say?”
“Grandma the password is ‘Integra’ but I can just tell you now, it’s not me calling you, it must be a sca—“
“Thanks got it byeeeeee” <scammer calls grandma>
chrisjj 1 days ago [-]
But kid knows not to give password to a caller.
TacticalCoder 1 days ago [-]
I don't know about that but finding excuses for the scum of this earth is certainly not a solution.
Take Europe for example: nobody dies of hunger in Europe. And yet there are plenty of thieves. People stealing tens of thousands, hundreds of thousands, millions of EUR aren't doing it to "feed their families".
Think of the situation today. Think of the victims today. Instead of thinking of tomorrow's hypothetical situation where supposedly all the honest fathers out of work would join the crime syndicate, think of today's victims.
Projecting your own insecurity about the future to excuse scummy behavior by the scum of this earth is of no help.
There are people, right now, who have a roof. Who have a family. And who are fucking scums stealing the hard earned money of others because they choosed the easy life of crime.
Zero tolerance for such motherfuckers. I care about the victims and you should too.
technothrasher 1 days ago [-]
> Take Europe for example: nobody dies of hunger in Europe.
Nobody? France, as the most extreme example, has a rate of 1.52 per 100K. That's about a thousand people a year. That is certainly a small percentage of the population, but it isn't "nobody".
Obviously there are people who help themselves to others' money if given the chance no matter the circumstances. But if the circumstances change so that people DO start going hungry or homeless, which is a rather obvious side effect of AI-but-not-AGI maximalism brightly espoused by our overlords sama and amodei of the "I can’t wait to make half the knowledge workers worldwide obsolete" variety, the scale of the problem will obviously get worse, as well as the type of people you can get involved if you’re in the international scam market.
rightbyte 1 days ago [-]
> scum of the earth
> fucking scums
> Zero tolerance for such motherfuckers
Who watches the watchers etc.
We will just end up with some jingoist dude that will go after us instead.
Slow reforms to regulate the banking industry with this "identity theft" nonsense...
tantalor 1 days ago [-]
Could be prevented by more advanced "AI detection", especially on calls from unknown numbers.
It doesn't even have to be based on watermarking. It could be as simple as, "hold on a sec your AI countermeasure was listening and noticed you got this suspicious call, please be aware this may be a scam. Here is what you should do next..."
fantasizr 1 days ago [-]
I've been waiting for a steelman argument why building the world's best deepfake machine is a good thing. Unironically cryptography could verify identity for all comms.
m463 21 hours ago [-]
This makes me REALLY question "this call may be recorded for quality purposes"
Now other businesses are starting to reference their privacy policy at the beginning of a call, which leads me to think there are many more uses popping up for our recorded voice.
I'm sure a certain percentages of recordings of our voice "to stop fraud" might be used to start fraud.
ambicapter 21 hours ago [-]
Maybe a good time to bring up (again) the fact we don't impose enough liability risk on companies that collect data willy-nilly.
attila-lendvai 21 hours ago [-]
> It requires, second, regulating the supply of the weapon. [...]
i guess even local models can do this now, especially in non-interactive mode.
so, i have a hard time reading this part as mere naivitee, as opposed to enemy propaganda in support of mandatory digital ID's for everything. or for straight out criminalizing "unauthorized" compute altogether?
semiquaver 18 hours ago [-]
This article is 100% LLM generated according to pangram, which is a bit funny given its topic. I didn’t need the detector though; It is pretty grating, sounds like Claude Opus with its talk of “load-bearing” and such.
titanomachy 22 hours ago [-]
> most victims of a cloned-voice call never learn that a machine was involved at all. They believe, as Sharon Brightwell initially believed, that they spoke to their own child.
This doesn’t make any sense. At some point they will speak to their child and learn that the call wasn’t real.
f1ay 9 hours ago [-]
So, full disclosure I’m a sec founder in the space, and was already planning on launching a solution deepfake “grandparent scams” right before hacker summer camp but this post was too on the nose to ignore so I ended up moving it up and launching the waitlist for dontscamgrandma.com tonight.
Long story short, some fraud associated events cropped up last year at work and I was concerned about my mom getting scammed, so we kitchen tabled it and I told her flat out will never ever call you asking for money" and walked her through some quick scenarios and left it there.
About 5 months later, someone called literally screaming, pretending to be me having just gotten into a car accident and killing a pregnant woman, then the phone transferred over to a 'lawyer' and she ended up getting scammed out of most of her life savings.
It sat really poorly with me, so I quit my dayjob at the end of last year and started silversight.ai to solve the ai scam / fraud problem for b2b, but I’ve been wanting to roll out something for regular people from the beginning. This post was the bump I needed to validate that other people were feeling the pressure.
So thanks for posting.
We have more features in the pipe, but as of today dontscamgrandma is backed by an engine that does regular recurring real time phone based training scenarios with an AI that roleplay's common grandparent scams with your loved one with the goal of getting them to recognize and defend themselves from sketchy calls.
One reasonably effective defense: "Okay, let me call you right back." Yes, there's always the whole "my phone is dead, I borrowed someone else's" or "I'm calling from a jail payphone", so I think it might become common practice to start making authentication phrases or "tell me something only we know".
Another pillar of basic trust that's being eroded on an industrial scale. Sigh.
jonathanlydall 1 days ago [-]
In practice this often doesn't work.
Article said the imposter in this case claimed her phone had been confiscated.
Fraudsters tend to also plan things such that the impersonated person can't be reached by phone at that time, either by choosing a time when they somehow know they're unavailable (e.g. impersonated person posted on social media they're boarding a plane) or in one case (12 years ago though) my SIL's parent's landline was bombarded with spam calls until they decided to leave the phone off the hook at which point the scammers phoned bank who couldn't reach the parents on their main line, of course this was the bank's problem (and there was probably an inside person facilitating) so they got their money back, but still a major inconvenience for the victim.
Probably the only sure advice is to be exceptionally wary of phone calls with supposed extreme time pressures to send the money now.
ryandrake 1 days ago [-]
> Probably the only sure advice is to be exceptionally weary of phone calls with supposed extreme time pressures to send the money now.
Quick note: you mean “wary” instead of “weary” there.
jihadjihad 1 days ago [-]
It's a very common error that happens in both written and spoken language. I've wondered if it's because weary is kind of "in between" wary and leery, like an incorrect mashup, or something.
jonathanlydall 1 days ago [-]
Appreciated and fixed. I'm a native English speaker, but I think not a word I often write.
pjc50 1 days ago [-]
> Another pillar of basic trust that's being eroded on an industrial scale.
Remember, trust is like a rainforest: takes a long time to grow, provides a valuable ecosystem essential to human life, but can also be burned down for a quick profit.
wccrawford 1 days ago [-]
The example in the article says the police took her phone. Then her "attorney" gets on to talk instead.
Yes, having a secret code is probably the right answer. My wife's family always has, but mine doesn't. I suppose we should probably fix that.
sudb 1 days ago [-]
For extra security against these text-to-speech model zero-shot clones, you might also want to use made-up gibberish words for which the pronunciation can't be reliably inferred from the spelling
ActionHank 1 days ago [-]
I mostly answer unknown calls with monotone "hello" and then wait for their introduction before talking normally.
ghaff 1 days ago [-]
I mostly just don't answer them unless it seems like something that may be legit.
DANmode 1 days ago [-]
This is the only way to avoid validating your number for spam lists,
and receiving more.
fhdkweig 24 hours ago [-]
I answer with silence. I wait for them to speak first. Not even once has a scammer ever spoken first. I say nothing, they say nothing for a full minute before they hang up.
jonathanlydall 1 days ago [-]
I think it's a somewhat South African cultural thing, but when I get calls from businesses or spammers, the first thing the caller tends to say is "Hello, how are you?", which is completely stupid when you're calling someone who wouldn't know who you are, so it tends to immediately make me annoyed that they don't know that they should have introduced themselves first.
As 99% of the time these are spam calls, I used to respond with something like "I'm fine, but who are you / do I know you?", but that was pretty much always inefficient as that might say their name (which from a spammer is useless information), maybe a sales pitch "how much do you spend on x?" or maybe something deliberately misleading about their company and saying something like <major brand name> even though they're some independent sales crowd getting commission selling contracts for them.
Eventually I found that the most effective response is "Sorry. Where are you calling from and what is this in regard to?" which I've found without fail seems to surprise, disarm them and immediately elicit whether the call is a waste of my time. At which point I either become very friendly (because it's a call I'm expecting) or I simply respond with "Sorry, not interested, goodbye." and immediately put down the phone.
I just want the disruption to be as minimal as possible and to not let myself even get an emotional reaction from it, so I don't want to get annoyed at them, never mind wasting time telling them off, besides, I suspect that my ruthlessly efficient getting rid of them without them even having a chance to try their pitch is received as a super cold shoulder, akin to being told to f-off.
dwa3592 1 days ago [-]
me and my wife made up a word in 2024 for this. the word doesn't exist in any language. we say it to each other all the time. even if i give you the spelling for it, you will say it wrong. i recommend everyone to do something similar. i should do it with my parents too.
briffle 1 days ago [-]
our family has had a special 'code word' we have had since the kids were in elementary school. If someone ever needed to pick up our kids from school (they never did) our kids were taught to ask for that word.
This is a good reminder that we should review that, since its been 10 years or so.
jasondigitized 1 days ago [-]
This. All of this is a solved problem. It's just not a thing that most families do and do regularly. Code word, insider info, etc. "Oh I am so sorry you got arrested Tommy. Before I wire the $, where did we go on vacation last year?'
croes 1 days ago [-]
Family OTP helps against passphrase leakage
intended 1 days ago [-]
The opening example is of a person listening to their daughter’s voice on an unknown number, how would calling them back help? Or am I missing something obvious?
etchalon 1 days ago [-]
We're gonna need two-way passwords for conversations.
Fun.
butvacuum 1 days ago [-]
> Welcome to Voice Print Identification. When you see the red light turn on please state in the following order: Your destination, Your nationality, and your Full Name.
LiteUser 18 hours ago [-]
Moon, American, Floyd, Heywood R.
inferhaven 23 hours ago [-]
Super interesting read, makes me wonder if audio data poisoning could be employed en masse to help defend against this kinda stuff
christkv 1 days ago [-]
We all have a safe word in the family just for this issue to identify if it´s the real person or not.
xp84 1 days ago [-]
Someone else pointed out how easy it would be to make a video of anyone having a finger cut off, or similar torture, to scare the victim into believing that the “grandchild” forgot their password and needs you to override the password protocol to save their other 9 fingers. I have to agree. That’s like 80¢ of compute to do. If that’s effective even 30% of the time, it means “just have a password” doesn’t make you safe.
reactordev 1 days ago [-]
What’s terrible is each time I am forced to call the bank, the more they try to tell me voice ID is secure and want me to provide my voice to authenticate. Never. Did ya’ll never play Uplink? With voice cloning as good as it is now, there’s no way a voice ID is secure enough for authentication.
tjoff 1 days ago [-]
My voice is my passport.
(never heard of anyone actually using that in real life, sounds uttery insane)
Yeah my bank does the same except don’t think there is an opt out.
Kinda crazy
reactordev 1 days ago [-]
Spam 0, you’ll eventually get some customer service agent
Havoc 22 hours ago [-]
Fancy private bank so getting a human isn't the issue
...but I know one of the signals they use for authentication is voice analysis in background...which I do not love.
reactordev 22 hours ago [-]
That’s the sneaky bit they don’t tell you when you hear the “This call may be monitored or recorded” part.
Havoc 9 hours ago [-]
Alas this was set up before good voice cloning happened. So was very much an active plan not covert. I asked if it can be disabled but apparently no.
Not end of world - it’s not the primary Auth means but still not ideal.
f1ay 8 hours ago [-]
If I'm not mistaken, that's how pindrop does it. Ambient noise analysis
saltcured 22 hours ago [-]
I find so many of these things utterly insane. Much like the way a fax of a signed document is considered legally meaningful. I think we have to stop pretending any kind of digital media presentation of a document, face, voice, etc. can be authenticated by its content.
We really need to get to the point where any legally-binding digital authentication MUST be rooted in an in-person identity-proofing and authenticator binding ritual. Something you perform in front of a trained official, where physical inspection and local demonstration/activation of the authenticator is possible. This should be the basic standard to associate digital authenticators used in KYC legal and financial scenarios. The outcome should be some kind of standard digitally-signed certificate which can then be presented to KYC-compliant vendors to link the authenticator to a legal identity when establishing or maintaining financial accounts and records.
Perhaps there could be tiered certificates, where a high-stakes one would require this to be done in a secure facility where you expose yourself to risk of immediate arrest if presenting falsifiable identity claims. A more typical and decentralized version might be an upgrade of the notary public system in the US. Some kind of public digital ledger should record these certifications as well as revocations done by complementary rituals.
For social or informal accounts without KYC goals, some of this same machinery could be adopted. Simply modify or downgrade the identity-proofing part of the ritual as appropriate. This could link into other strategies like PGP web-of-trust or lesser kinds of identifiers like possession of phone numbers, email addresses, etc.
There would need to be criminal liability for officials misbehaving and certifying such identity and authenticator bindings without performing the requisite identity-proofing procedures.
reactordev 16 hours ago [-]
I agree but this can be done today with current tech. All you need to do is incorporate the full picture.
Something you are (biometrics, voice id, whatever)
Something you know (PIN, super secret password, your dog's mothers maiden name)
Something you have (MFA, AuthCode, PushNotif)
And even then, be cautious of anything that would be deemed an "admin" operation. Such as transfering of funds, issuing a check, or adding an external account.
fouc 1 days ago [-]
name and shame the bank
eclipticplane 1 days ago [-]
Schwab still does voice passwords. "At Schwab, my voice is my password"
If they were still around i would have to warn them for sure! Crazy stuff this new future!
geor9e 1 days ago [-]
I fear this whenever I acidentally say too many words to a telemarketer/scam call.
codedokode 1 days ago [-]
What are legitimate uses for copying someone's voice without permission? I see none. Those scientists are just helping criminals to fully automate scamming and governments to create fake videos.
AStrangeMorrow 1 days ago [-]
Well of course as you pointed out the legitimate one would be copying voices WITH permission (yours, someone you know who gives authorization, through contracts for movies/bots etc). The model can’t differentiate between voices for which you have permission or not.
But more generally while recordings might be copyrighted, the voice itself isn’t so copying a voice isn’t a crime, at least as it currently stands. You cannot however use said voice for deceptive practices. You can however for advertisement (needs permission). And in the US you can for satire, at least in the US, withOUT permission (falls under the 1st amendment).
codedokode 24 hours ago [-]
Maybe the voice should be copyighted or protected then, I do not want anyone use to my voice, let them use their own boring afwully sounding voice. I am sure such models are used in 99% cases for illegal purposes or creating fake news.
Also, one's likeness (like face image) should also be protected from being used by anyone.
fhdkweig 23 hours ago [-]
Parody for one. Trey Parker and Matt Stone (of South Park) created a nice one that clones faces (but uses celebrity impersonators for voices).
They can do the parody using their own voices. There is no need for cloning someone's real voice.
arbuge 1 days ago [-]
"They kidnapped my daughter? That's terrible. Yes, I'll definitely pay the ransom but to get access to my bank account I need you to write a poem about corn and a curl script in PHP. Please go ahead."
One regulation i would like to see is some auditory fingerprint in an AI voice where any person can immediately recognize their speaking to a clanker but it's not unpleasant.
It should be illegal to "impersonate" a human voice.
gattr 24 hours ago [-]
That ship has sailed, no? Plenty of code for voice generation out there already, you'd basically have to ban general computing.
logifail 24 hours ago [-]
These scammers are breaking the law already, why would breaking yet another law matter to them?
zuluworksai 1 days ago [-]
i wish i could still warn them...
chrisjj 1 days ago [-]
> ... the hardest for its victims to be believed about — because the evidence, by design, sounds exactly like someone they love.
Uh? Surely this makes believing the victims easy not hard to believe.
Its like revenge porn. "It's not me. It's a deepfake" is easy to believe.
jongjong 18 hours ago [-]
I'm kind of glad now that I had some really bad experiences in my career and experienced negative-trust environments.
When I told my parents some of what happened to me in my career, initially, I don't think they fully believed me because people in my stories behaved so differently than they're used to. My parents lived in an environment where they could expect reciprocity and money wasn't so difficult to come by that it would be worth risking prison time.
I kind of believe that a lot of people are essentially forced into fraud. I don't believe that they are necessarily bad people. A lot of people are just trying to get by.
So it's very important to convey to family members what kind of world we live in. I think most of my family members are essentially conspiracy theorists now.
neuroelectron 22 hours ago [-]
Yet the government refuses to do anything about the massive amount of phone spam we get every day which is an open door to AI voice cloning. But won't anybody please think about the telecom profits?
lowbloodsugar 1 days ago [-]
> It requires, second, regulating the supply of the weapon
Heavy sigh. The “weapon” is software. It cannot be regulated unless we live in the fascist dystopia where I have to ask the governments approval to run any piece of software.
jabrown44 16 hours ago [-]
[flagged]
farceSpherule 23 hours ago [-]
[dead]
intended 1 days ago [-]
[dead]
onetokeoverthe 23 hours ago [-]
[dead]
ThrowawayTestr 1 days ago [-]
They make you give a voice sample now when you're arrested. You need to do so in order to use the phone.
dec0dedab0de 1 days ago [-]
who is they?
ThrowawayTestr 1 days ago [-]
The US government
mrngld 1 days ago [-]
We (the people) have pushed body cams on almost all law enforcement at this point, which had a noble enough motivation behind it -- but we also have pushed for and have various public disclosure laws (also well intended!) that mean those body cams are torrents of data entering the public sphere if anyone simply asks for it.
Now in the era of AI, this means anyone in the vicinity of an officer has a voice sample in the public domain, plus potentially their image.
Complex issue. I like body cams, I like freedom of information laws, but don't love this particular outcome.
dec0dedab0de 1 days ago [-]
But which US governments? There are thousands of them, and they all have different policies.
A looming problem with shifts in demographics and family structure is that many people will be slipping into cognitive decline without a formal transition to address their incompetence. Sadly, there is a point where the older person really needs to permanently delegate important decision-making to a trusted third party. They should no longer be legally empowered to authorize funds transfers, sign contracts, or even make medical decisions.
We're not really setup to handle this well. Not at the systemic level of protecting people from themselves, and not at the personal level of relinquishing control over our own lives. So we often have to let the sufferer fumble along and cause a lot of damage before the protections eventually kick in.
And, ironically, these protection mechanisms can also be corrupted into another scam and form of abuse. To totally de-risk would require some kind of time travel or perfect foresight. But in the real world, the damage is often not fully reversible when it is detected after the fact.
[1] Structural inertia is the killer here. It will certainly not happen until the problem is huge enough.
[2] Exceptions can of course apply to numbers that are meant to primarily be cold called, like doctors offices. The callee possibly have to be specially trained to withstand this kind of attacks.
Type A attestation is, generally, solved. Carrier A attests that the number is one of theirs, and they know that the caller is one of theirs too and attached to their network.
However: this is a fraction of calls. Carriers also sell blocks of phone numbers without the corresponding access network. This is what allows you to pick, say, a Twilio number with a local area code. In these cases the best that can be hoped for is a lesser attestation.
But it gets worse, because the operator can also sell blocks of numbers to people with no direct connection to the US carriers and who need to spoof US numbers. That call from Capital One comes from the Philippines via two or three intermediate operators, none of whom can attest to much of anything. And into that gap ride the spammers.
Furthermore, in an Experian-like twist, some carriers also realized that businesses would pay to have their calls show up as "trusted" on the recipient's phone. So the standards were enhanced to deliver 'rich call data'. However, in order to be something worth paying for you also need a baseline of calls that do not have that premium look. A scam? You decide.
Finally, one other misaligned incentive. All of this needs VoIP. Not TDM (classic legacy telephony). However, the big US carriers make bank selling TDM circuits to the hundreds of small regional telcos, and refuse to sell them SIP trunks, because it's s such an easy money maker. So again, technology loses to incentives. These incentives, to make money from phone numbers, vastly outpace what
TFA also mentions that by routing calls through older non-IP networks you lose the accurate information, although it sounds like the FCC is slowly cracking down on this.
The biggest problem is that it’s depressing. A child gets to look forward to growing up and having full rights, an old person is already looking forward to declining and dying and the loss of rights reflects that. Another problem is that, just as some old people are scammed, taking away rights will have other old people abused by their “caretakers” (e.g. one relative hurting them and stealing from them even against other relatives, which already happens).
So I want to see it implemented but tied with our culture restoring respect for old people, giving them a sense of purpose, and looking out for those who aren’t our relatives. Specifically including reforming retirement homes, many which take advantage of their residents, and stronger safeguards against abusive relatives who (already are seizing and) abuse POA. I’d like to hear what old people themselves think, because maybe I don’t (empathetically) understand the consequences, but although maybe outside the Overton Window logically it seems reasonable.
Declaring someone mentally unfit is anything but objective and it’s very ripe for abuse.
Often but not always: https://en.wikipedia.org/wiki/Emancipation_of_minors
The global community is very low trust, unfortunately. That might be an unfixable problem
No one wants to do that. Once you give up control of your life you're essentially dead. Why would I want to voluntarily cede my rights so I'm relegated to being pushed around in a wheel chair while all my decisions are made by others? Because it makes my children, the people too young to have any perspective on the situation, feel better?
1) voice one: young adult calls, sobbing 2) grandparent inquires with a name... "Ben, is that you?" 3) voice one: "Yes grandma, it's me, Ben... I'm in trouble, please don't tell mom 4) voice two: "Hello, I'm attorney..."
My grandmother fell victim to this almost 20 years ago, which only stopped when Western Union refused to let her continue sending wires... she was forced to call her daughter (at which point they just called my brother.)
Our takeaway (at the time)... the voice doesn't even need to be terribly accurate, since the original interaction is brief / somewhat inaudible over the tears. Typically just requires an older vulnerable adult, a lucky strike with the initial setup (e.g. grandparent actually has a grandkid), and a lot of high pressure / duress salesmanship.
And it likely requires working with other people, your "employees", who are both a liability, and a cost.
With AI, you can make a thousand calls in parallel, for significantly cheaper, out of your own basement.
This greases the wheels of voice fraud like a gatling gun greases the wheels of hitting a guy with a rock.
> cybercrime losses across the United States rose 26 per cent in a single year
> The FBI was candid that even these figures understate the problem. AI attribution in the report reflects only what victims recognised and reported, and most victims of a cloned-voice call never learn that a machine was involved at all.
> INTERPOL found that AI-enhanced fraud is roughly four and a half times more profitable than its traditional equivalent, and that so-called agentic AI systems can now autonomously plan and execute entire fraud campaigns, from reconnaissance through to the ransom demand.
“Before LLM’s there was_____” I see this whenever an LLM’s impact is assessed. We know. The issue is scale and the ability for smaller and smaller groups (down to individuals) to execute at scale.
LLM’s are pouring massive amount of gasoline on existing issues and people just keep shrugging. Fake news always existed. Now one dude in India can flood multiple sock puppet media accounts with right wing content/images (actual example) at a scale previously unimaginable - or in this case, can target even more vulnerable elderly populations far more effectively.
People could always die crossing a street. Still, cars changed the discussion about pedestrian safety pretty materially. People didn’t simply throw up their hands and go “people have always been able to die crossing the street.”
Although in this case, perhaps it's more like... throughput, capacity, or parallelism.
(sarcastic rant over)
Most of the benefits of AI are being overshadowed by the lack of regulation and reckless abandon at which they are being developed.
Given the current trajectory I don't know if that's going to change before it's too late.
If you think it is boosting productivity a lot that's fine. Just realize that it is probably enabling even more harm than that
I hope they got the message.
this way, you do not footgun yourself in the event you'd ever need to ask something. Money isnt the only thing they can ask, and no one (i think) has a glass orb to tell their future and know for certain such a call would never happen. its easy to think it wont happen to you, i think that is most peoples' sentiment until it does. (having a need for help from family that is)
"Before you send anything to anyone, ever, call them back. Doesn't matter if it's me, the bank, a lawyer, whatever... tell them 'hang on I have another call coming in, let me just call you back in a few minutes, okay?'"
If you're going to get people to call you back, it has the problem of ensuring that they call you back on your real number - giving reasons why they have to call you back on some other number is way too easy ("I've lost my phone", "my phone is at home", and so on)
I consider myself always to be wary of scams and my trust-level is zero when they call me, but I recently almost got myself hooked on an airline support call. I google searched the support number and trusted the AI summary on top and called it, they asked me my reservation number and I happily provided. With the reservation number they have public access to the entire reservation details, they knew my name, my flight, my co-passenger details everything. I called to do a reservation for my pet which is normally not done online. their problem, they got greedy and asked me more than pet travel, iirc they said there was a problem with one of my flights, it wasn't paid and I had to repay on the call. If they just followed along instead of going by the script I would have paid the pet travel amount.
This is a very useful precaution for banks, and for or calls that come from a family member's real phone number.
But scammers will just open with "I'm in trouble and my phone died" or "I'm in jail calling from a pay phone" and calling back won't do anything to help with that.
Also, given at least in America, our cell phone providers STILL haven't fully blocked caller ID spoofing (last I checked, they just add some tiny icon in the rare case that the CID is trustable, and I'd bet 99.9% of people don't even know that exists!) they can spoof the initial call as your number and many targets will probably mistakenly think the CID match is good enough to just skip it, especially in this "very urgent situation" with you being held at knifepoint by the corrupt third-world cops or whatever.
Not any old random number they give you.
https://web.archive.org/web/20230620135556/http://bash.org/?...
proof of pudding: *******
Oh yeah! Neat.
We're staying away from the trust funds and shame though.
I used to have a residential mortgage with two other people and my name was stuffed into some ancillary field as a co-holder and they refused to give me any information or transact over the phone. I eventually figured out I needed to tell them to look in some extended info field, and the whole endeavor was annoying but ultimately I was appreciative of the strictness (that the entire mortgage data model—at the time (25 years ago), I don't know what it's like today—seems to assume that it will only ever be two people of opposite gender who are married will be on a mortgage was much more disappointing. The other two people were assumed to be married and the woman was seemingly by default listed as the non-primary).
"Hi Firebeyond, we're doing a background check. Can you confirm the following info you entered into our portal?" then proceeds to list full SSN, drivers license, DOB, etc., etc., etc.
"... and can you also confirm that this is the correct email address we have on file?"
All the while they had reached out by FB Messenger to my partner (not that she was in any of the info I submitted, and this was just a standard BG check, not a security clearance) to ask her if she knew me...
Luckily, my new employer was as horrified as I was, apologized profusely, and fired the background check company.
People aren't prepared for this shit.
I have them both set at about €150.
I think for the bank I can go to a branch to avoid the limit, but that will be with the full fraud suspicion of the teller.
2021 - "Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication" https://keydiscussions.com/2021/12/07/despite-the-prevalence... ends with a section called "The next crisis: robocalls that spoof the voices of victims at scale"
Talking on the phone is now an unmitigated liability.
LPT: Please have a codeword or phrase that you use with your loved ones so even if the scammers use your voice, they won't know the phrase.
They keep refusing ideas like these on the grounds of them being “not stupid” and “able to see through such attempts immediately, 100% of the time” and “do you think we’re stupid?”
If an expert can't distinguish, it has absolutely nothing to do with being "stupid" or not. So send them that, maybe.
If they are still stubborn about it, then thank them for contributing to the future funding of Scam the World With AI.
I like most am deeply unsatisfied with the archaic system though of a basically unchangeable 10-digit number granting permission for anyone to fill up my phone with messages and interrupt me with calls, and hate that I have to ever answer calls from a number I don't know.
I really would like a mutual opt-in system, where you have to pre-establish consent before it's even possible to message or call you, but it seems impossible to get there from here. We can't even get the stupid cell phone companies to strongly enforce that caller ID isn't spoofed!
Phone calls and SMS should be like that, which, they almost could be today just with the phone OS keeping track of who you've previously "accepted."[1]
Except.
The identifiers (phone numbers) are nearly infinite, and nearly free, so the scammers just use a "new to you" number every time they call you, allowing each one to generate a new 'invitation.'
And of course to make it worse, the "numbers" are actually truly free since they can spoof any number they want all day long and to this day, most of those calls will go through and not even show a big red flag.
That last part is entirely reprehensible that our carriers haven't solved it by now, but apparently they don't want to.
[1] and also there's that sticky problem that some arbitrary company like say, a health insurance company or the state government, has 1000 departments who might call you, and they couldn't give you a full list if they wanted to.
How often have you met people over the phone in the past decade?
I will say that blocking all unrecognized numbers, though, is an unworkable idea. Any parent or caregiver knows that they need to be able to occasionally receive calls from a number they've never heard of before.
Not a bad idea, but not a brick wall.
Mostly ignore unknown numbers, but if I'm expecting a call, I will pick up.
They can probably ignore international calls, although only probably.
[0] https://en.wikipedia.org/wiki/Lenny_(chatbot)
[1] https://news.virginmediao2.co.uk/o2-unveils-daisy-the-ai-gra...
> Every article published on SmarterArticles is authored and editorially controlled by Tim Green. Artificial intelligence tools are used within a structured and supervised workflow as research and drafting instruments. All arguments, framing decisions, source selections, and final publication choices remain human-directed and under my full responsibility.
There are references at the bottom, but I would have preferred direct links or footnotes within the article. Also, direct quotes are nice. I didn’t notice any glaring AI cliches.
This has become the highbrow way of admitting that AI is writing the articles: Calling it “drafting” is another way of saying that the article was written by AI and the person publishing it maybe reviewed it. Maybe they skimmed it and published it directly.
For what it’s worth the article felt obviously AI heavy to my first read.
I don't think that's a safe assumption. You could construct an article pretty quickly if you had a topic, a few points to hit, a conclusion and a short list of links, then fed that to the machine. All the LLM would be doing is fluffing it up with worthless words, unnecessary metaphors and maybe a pop culture reference or two so it looks like what people expect from an "article."
"Rewrite this as a slate dot com article"
If it were an email newsletter instead, there wouldn't be that fluffy expectation and you could just leave the bullet points and links as they were.
We’re not disagreeing? That’s basically what I said: The AI wrote the article. Saying it drafted the article is a way of admitting it was written by AI but making it sound like it was actually a journalistic endeavor.
> No human had. The crying had been synthesised from a fragment of audio, and the daughter she thought she was rescuing existed only as a pattern of numbers in someone else's machine.
>and it is worth being clear about why
>The emotional mechanism the scam exploits is not a gap in knowledge that a leaflet can fill; it is the love a person has for their grandchild, weaponised
>These are not the numbers of a credulous minority being separated from pocket money. They are the numbers of a generation's accumulated savings being drained
>that a fraud requiring the absolute frontier of machine learning can be perpetrated against an ordinary grandmother in her kitchen, at scale, for the price of nothing
(To be clear this isn't automatically disqualifying to me. But I am interested in LLM writing patterns and my ability to detect them. And in the case of this article I sense the kind of linguistic padding that has made Claude a little harder to work with in the more recent Opus point releases because it obscures the most important bits of information.)
But they were specifically worried about the transfers being scams -- at least, that's what they said. They insisted on calling my other bank to verify that I was in fact the owner of the other business account. And I know there's been a big increase in things like fake real-estate scams, so paranoia is understandable.
However, the way bank fraud/risk departments work is generally completely opaque. I've previously had Bank of America refuse to open an account, with no reason given and no possible recourse. And I can't imagine a much more vanilla, boring, good-credit person than me, so I have no idea what set them off!
The attackers created AI-generated video and audio replicas of the CFO and other executives of the global engineering firm. These deepfakes were deployed in a live video call – not as a pre-recorded video, but as a real-time conference with multiple participants. The finance employee saw and heard his superiors in what appeared to be a normal conference situation. The instructions came through clearly and consistently. Urgency was created by framing the situation as a supposed corporate acquisition. Within a single session, he approved 15 individual transfers to various accounts in Hong Kong.[1] That fraud yielded US$25 million.
[1] https://www.securitytoday.de/en/2026/04/04/deepfake-attacks-...
It's really simple and straightforward, and there is no need to really document the workflow here, because all the aging grandparents are extensively trained and drilled every two weeks, by the aging great-grandparents who've been using this same exact system for the past 50 years.
1: Your family members already have shared "secrets" if they communicate regularly. It could be pet names, terms of endearment, shared experiences, unique monikers for things. It's language that is already familiar and you already use quite often. You should leverage that, and rely on that familiarity in a crisis, rather than trying to contrive something special for crisis-only ID. The attackers' greatest weapon is your own confusion, your own willingness to believe, and creating a sense of urgency. Your attackers' 3 greatest weapons. Don't panic.
2: My maternal grandmother was widowed and lived alone for decades. She had certain ways of knowing things. For example, every time we'd come home, she would test the doorknob. If some stranger had come and tried to jiggle the doorknob, we could tell by its feel. Just a simple mechanical giveaway. When Mom and/or Dad came by, they rang the doorbell by a special pattern. It wasn't complex, but it was distinct and recognizable from inside. It wasn't a securely encrypted ID, just a "secondary ring" that was unlike a stranger's touch on the doorbell button. And, of course, my parents can always interpret the antics of their indoor cat, in regards to who is approaching the house by car or on foot...
Not saying that "there's nothing we can do" or anything, but it does feel like this is one of those instincts that you develop growing up with the internet. Like, my first instinct reading that (and I hope getting that call) would be "what the hell is the lawyer doing at the scene". You have to treat _everything_ coming through your phone as potentially untrusted. I don't have any data on this, but it feels like my friends, and especially younger people, do that automatically.
The primary defence against all phishing is to tell yourself: nothing is ever really that urgent. Nothing is ever that good.
I think it is a standard script now. Call comes from police department. 'Your son hit a pregnant woman. He is about to be booked. You need to pay $$$$ yada yada'. With an authentic sounding voice conversation from their son.
In spite of several red flags (in hindsight) they withdrew $15K from bank, and somehow at the last minute pulled back.
Edit: Scammers know how to push the right buttons.
Would have come in handy when our niece was traveling in Asia and asked for money a few times, but in this case it wasn't a scam.
I got no traction with it, which I was a bit surprised by because one of the family members works at the Puzzle Palace.
"Did you see that game last night" replied to with "The Visitors are my favorite team" is something you could say instead of "hi" as a family.
As the cost goes down to near-zero you can scale it up almost infinitely, especially if the profits are high enough to get some smart people working on the problem, which going by the article is already the case ("INTERPOL's finding that AI-enhanced fraud is four and a half times more profitable than the traditional kind"; incidents rose by 26% last year). If AI does succeed on mutilating white collar work enough there will be a large supply of knowledge workers that might just join International Scam Co. rather than have their families go homeless. Drowning man clutching at straw and all.
So if technologically it's impossible to prevent and societally it's impossible to prevent (like the attorney that got pwned same as the grandma), I'm not sure if there exists an answer that isn't worse than the thing it's supposed to prevent. I suppose we'll soon be in a situation where nothing we don't directly perceive in real life is provably true. That journalism and media in general seem to be in a deep crisis of trustworthiness means that you won't even get the benefit of the chain-of-trust as a proxy for whether something is or isn't real.
Ignoring everything happening outside of your immediate surroundings is a choice, and probably even good for people's mental health, but my gut feeling is that it does make humanity as a whole dumber and disempowered. What does corruption matter if nobody cares, or even hears about it? It was AI generated by $current_enemy anyway; nothing to see here, citizen.
Well, not completely unsolvable. But nobody would like the solution.
What all these scams rely on is a way to transfer money in an irrevocable fashion. Restrict that in meaningful ways and you end a lot of the abilities for these scams to operate.
You could, for example, outlaw gift cards as a start. You could force the likes of Western Union to have a holding period before releasing money. Crypto would be hard as any regulation against it is pretty easily circumvented, but you could outlaw crypto currency exchanges (I'd worry less about crypto though as it's pretty hard for grandma to reliably setup).
There's a reason scammers rely heavily on things like gift cards, it's because hiring mules is expensive and creates a trail police can follow back to the scammers. It requires them to be in the same locale as the person they are scamming. Mailing cash is also pretty dicey for the scammers because you have to send the mail to a valid address. That becomes something police can trace.
If you wanted to completely eliminate scams then yeah, you'd also outlaw cash.
Difficulty in setting up a money transfer is not a hindrance. I have heard stories of scammers walking someone through the entire process to getting a mortgage on a house on the A&E Intervention episode of Greg. If they think you have money and they think you are gullible, they will devote time and effort to getting it.
High schools should teach how to spot a scam. As others have observed, this is not a new one, it's just gotten more high-tech and convincing. This is one of many practical things our schools should teach about that they just don't.
That's the primary reason why so many scammers target old people. It's less to do with education and more to do with the fact that as people age they become naturally more trusting.
These scumbags send grandma to a Bitcoin ATM.
A while ago, some police department simply seized them and the cash inside and reimbursed victims with the proceeds thereof.
https://www.youtube.com/watch?v=6A4uKSvFU40
Kitboga is a dang hero.
The procedure is:
1. Kid tells password to parent in person. 2. From then on: when kid calls parent, if kid requests anything sensitive, parent ask for the password, and kid must provide it. 3. Password is never mentioned over the phone in any other situation.
How would anyone be able to extract the password from the kid?
"Oh my gosh Dad/Son! You know we have a password for that!"
"Yes -- actually, use it now so WE BOTH KNOW YOU'RE NOT A SCAM!"
"Sure, Dad/Son! It's DOUBLE CHEESEBURGER!"
"Thanks!"
“Grandma the password is ‘Integra’ but I can just tell you now, it’s not me calling you, it must be a sca—“
“Thanks got it byeeeeee” <scammer calls grandma>
Take Europe for example: nobody dies of hunger in Europe. And yet there are plenty of thieves. People stealing tens of thousands, hundreds of thousands, millions of EUR aren't doing it to "feed their families".
Think of the situation today. Think of the victims today. Instead of thinking of tomorrow's hypothetical situation where supposedly all the honest fathers out of work would join the crime syndicate, think of today's victims.
Projecting your own insecurity about the future to excuse scummy behavior by the scum of this earth is of no help.
There are people, right now, who have a roof. Who have a family. And who are fucking scums stealing the hard earned money of others because they choosed the easy life of crime.
Zero tolerance for such motherfuckers. I care about the victims and you should too.
Nobody? France, as the most extreme example, has a rate of 1.52 per 100K. That's about a thousand people a year. That is certainly a small percentage of the population, but it isn't "nobody".
https://www.worldlifeexpectancy.com/cause-of-death/malnutrit...
Eh, maybe.
Some of those may be hospice-style scenarios, where starvation is technically the cause of death at times. https://www.ccjm.org/content/ccjom/70/6/548.full.pdf
Obviously there are people who help themselves to others' money if given the chance no matter the circumstances. But if the circumstances change so that people DO start going hungry or homeless, which is a rather obvious side effect of AI-but-not-AGI maximalism brightly espoused by our overlords sama and amodei of the "I can’t wait to make half the knowledge workers worldwide obsolete" variety, the scale of the problem will obviously get worse, as well as the type of people you can get involved if you’re in the international scam market.
> fucking scums
> Zero tolerance for such motherfuckers
Who watches the watchers etc.
We will just end up with some jingoist dude that will go after us instead.
Slow reforms to regulate the banking industry with this "identity theft" nonsense...
It doesn't even have to be based on watermarking. It could be as simple as, "hold on a sec your AI countermeasure was listening and noticed you got this suspicious call, please be aware this may be a scam. Here is what you should do next..."
Now other businesses are starting to reference their privacy policy at the beginning of a call, which leads me to think there are many more uses popping up for our recorded voice.
I'm sure a certain percentages of recordings of our voice "to stop fraud" might be used to start fraud.
i guess even local models can do this now, especially in non-interactive mode.
so, i have a hard time reading this part as mere naivitee, as opposed to enemy propaganda in support of mandatory digital ID's for everything. or for straight out criminalizing "unauthorized" compute altogether?
This doesn’t make any sense. At some point they will speak to their child and learn that the call wasn’t real.
Long story short, some fraud associated events cropped up last year at work and I was concerned about my mom getting scammed, so we kitchen tabled it and I told her flat out will never ever call you asking for money" and walked her through some quick scenarios and left it there.
About 5 months later, someone called literally screaming, pretending to be me having just gotten into a car accident and killing a pregnant woman, then the phone transferred over to a 'lawyer' and she ended up getting scammed out of most of her life savings.
It sat really poorly with me, so I quit my dayjob at the end of last year and started silversight.ai to solve the ai scam / fraud problem for b2b, but I’ve been wanting to roll out something for regular people from the beginning. This post was the bump I needed to validate that other people were feeling the pressure.
So thanks for posting.
We have more features in the pipe, but as of today dontscamgrandma is backed by an engine that does regular recurring real time phone based training scenarios with an AI that roleplay's common grandparent scams with your loved one with the goal of getting them to recognize and defend themselves from sketchy calls.
Pretty excited to share it. Feedback welcomed https://dontscamgrandma.com
Another pillar of basic trust that's being eroded on an industrial scale. Sigh.
Article said the imposter in this case claimed her phone had been confiscated.
Fraudsters tend to also plan things such that the impersonated person can't be reached by phone at that time, either by choosing a time when they somehow know they're unavailable (e.g. impersonated person posted on social media they're boarding a plane) or in one case (12 years ago though) my SIL's parent's landline was bombarded with spam calls until they decided to leave the phone off the hook at which point the scammers phoned bank who couldn't reach the parents on their main line, of course this was the bank's problem (and there was probably an inside person facilitating) so they got their money back, but still a major inconvenience for the victim.
Probably the only sure advice is to be exceptionally wary of phone calls with supposed extreme time pressures to send the money now.
Quick note: you mean “wary” instead of “weary” there.
Remember, trust is like a rainforest: takes a long time to grow, provides a valuable ecosystem essential to human life, but can also be burned down for a quick profit.
Yes, having a secret code is probably the right answer. My wife's family always has, but mine doesn't. I suppose we should probably fix that.
and receiving more.
As 99% of the time these are spam calls, I used to respond with something like "I'm fine, but who are you / do I know you?", but that was pretty much always inefficient as that might say their name (which from a spammer is useless information), maybe a sales pitch "how much do you spend on x?" or maybe something deliberately misleading about their company and saying something like <major brand name> even though they're some independent sales crowd getting commission selling contracts for them.
Eventually I found that the most effective response is "Sorry. Where are you calling from and what is this in regard to?" which I've found without fail seems to surprise, disarm them and immediately elicit whether the call is a waste of my time. At which point I either become very friendly (because it's a call I'm expecting) or I simply respond with "Sorry, not interested, goodbye." and immediately put down the phone.
I just want the disruption to be as minimal as possible and to not let myself even get an emotional reaction from it, so I don't want to get annoyed at them, never mind wasting time telling them off, besides, I suspect that my ruthlessly efficient getting rid of them without them even having a chance to try their pitch is received as a super cold shoulder, akin to being told to f-off.
This is a good reminder that we should review that, since its been 10 years or so.
Fun.
(never heard of anyone actually using that in real life, sounds uttery insane)
Kinda crazy
...but I know one of the signals they use for authentication is voice analysis in background...which I do not love.
Not end of world - it’s not the primary Auth means but still not ideal.
We really need to get to the point where any legally-binding digital authentication MUST be rooted in an in-person identity-proofing and authenticator binding ritual. Something you perform in front of a trained official, where physical inspection and local demonstration/activation of the authenticator is possible. This should be the basic standard to associate digital authenticators used in KYC legal and financial scenarios. The outcome should be some kind of standard digitally-signed certificate which can then be presented to KYC-compliant vendors to link the authenticator to a legal identity when establishing or maintaining financial accounts and records.
Perhaps there could be tiered certificates, where a high-stakes one would require this to be done in a secure facility where you expose yourself to risk of immediate arrest if presenting falsifiable identity claims. A more typical and decentralized version might be an upgrade of the notary public system in the US. Some kind of public digital ledger should record these certifications as well as revocations done by complementary rituals.
For social or informal accounts without KYC goals, some of this same machinery could be adopted. Simply modify or downgrade the identity-proofing part of the ritual as appropriate. This could link into other strategies like PGP web-of-trust or lesser kinds of identifiers like possession of phone numbers, email addresses, etc.
There would need to be criminal liability for officials misbehaving and certifying such identity and authenticator bindings without performing the requisite identity-proofing procedures.
Something you are (biometrics, voice id, whatever)
Something you know (PIN, super secret password, your dog's mothers maiden name)
Something you have (MFA, AuthCode, PushNotif)
And even then, be cautious of anything that would be deemed an "admin" operation. Such as transfering of funds, issuing a check, or adding an external account.
https://www.schwab.com/voice-id
So... This has to be a Sneakers reference, right?
But more generally while recordings might be copyrighted, the voice itself isn’t so copying a voice isn’t a crime, at least as it currently stands. You cannot however use said voice for deceptive practices. You can however for advertisement (needs permission). And in the US you can for satire, at least in the US, withOUT permission (falls under the 1st amendment).
Also, one's likeness (like face image) should also be protected from being used by anyone.
https://en.wikipedia.org/wiki/Sassy_Justice
https://www.youtube.com/@SassyJustice/videos
Full video at https://www.youtube.com/watch?v=9WfZuNceFDM
Inspired by this headline I saw in the news today... haven't read the full article yet: https://arstechnica.com/security/2026/07/now-defenders-are-e...
It should be illegal to "impersonate" a human voice.
Uh? Surely this makes believing the victims easy not hard to believe.
Its like revenge porn. "It's not me. It's a deepfake" is easy to believe.
When I told my parents some of what happened to me in my career, initially, I don't think they fully believed me because people in my stories behaved so differently than they're used to. My parents lived in an environment where they could expect reciprocity and money wasn't so difficult to come by that it would be worth risking prison time.
I kind of believe that a lot of people are essentially forced into fraud. I don't believe that they are necessarily bad people. A lot of people are just trying to get by.
So it's very important to convey to family members what kind of world we live in. I think most of my family members are essentially conspiracy theorists now.
Heavy sigh. The “weapon” is software. It cannot be regulated unless we live in the fascist dystopia where I have to ask the governments approval to run any piece of software.
Now in the era of AI, this means anyone in the vicinity of an officer has a voice sample in the public domain, plus potentially their image.
Complex issue. I like body cams, I like freedom of information laws, but don't love this particular outcome.
The federal government.