Bay Area mom out thousands after scammers use AI to mimic daughter's voice

A friend’s parents were recently targeted by AI scammers that impersonated family members. This shocked me because her parents are pretty poor, and I imagine it’s not free to make targeted scams like this. So, why were they targeted?

My guess is that my friend is listed on a company website as an executive, and scammers are using company pages to find targets worth spending money on. Scams like these aren’t free, but they’re cheap enough to cast wide nets. The nets are only going to get wider as AI becomes cheaper and more available.

Security by obscurity, as effective as it was, is coming to an end. AI enables scammers to spear phish indiscriminately.

TOTP can be used today to authenticate a couple to each other over an untrusted medium.

It’s rather high friction; you have to set it up in advance, and then read a six digit number over the phone. And I am not sure that it mitigates the threats… in this situation, I suspect it wouldn’t. It could even make the situation worse if the daughter is genuinely in trouble but can’t access the authenticator.

But I can’t think of a better solution. Any other ideas?

66 trackers blocked in Brave on this website. Can someone explain what all these trackers are needed for versus on websites with less? Facebook or Discord or Twitter only have 1 or 0 blocked and I'm sure they are tracking my just as much.

This seems to be partly a technological problem. We will soon need secured, authenticated modes of communication that can verify a person’s voice.

A similar problem is emerging for photos and videos. We also soon need cryptographically signed devices in order to be used in journalism or to be admissible in court.

Otherwise we are going back 150 years where we depend on in-person communication and eyewitness accounts.

[dead]

This is why we need to prevent data breaches by not collecting the data in the first place as well as move to non-persistant identifiers for contacts. Nobody could scam you if you only used Signal usernames or SimpleX addresses because you just change them for each contact and they don't get breached because services don't ask for them.

This scam wouldn't have been possible if the scammer couldn't easily look up someone's name, pay a few dollars, and see where they live, their phone numbers, email addresses, and family members. It's not as much of a problem in Europe because of the GDPR, but in France their government cybersecurity is nonexistant so everything has been breached repeatedly so it's the same effect.

It's insane this type of data broker hasn't been banned and why I will never register to vote.

Every piece of data you give away is a liability, not just for the services tracking you, which some people might defend, but for cybercrime and data breaches.