I think it is a standard script now. Call comes from police department. 'Your son hit a pregnant woman. He is about to be booked. You need to pay $$$$ yada yada'. With an authentic sounding voice conversation from their son.
In spite of several red flags (in hindsight) they withdrew $15K from bank, and somehow at the last minute pulled back.
Edit: Scammers know how to push the right buttons.
2021 - "Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication" https://keydiscussions.com/2021/12/07/despite-the-prevalence... ends with a section called "The next crisis: robocalls that spoof the voices of victims at scale"
The attackers created AI-generated video and audio replicas of the CFO and other executives of the global engineering firm. These deepfakes were deployed in a live video call – not as a pre-recorded video, but as a real-time conference with multiple participants. The finance employee saw and heard his superiors in what appeared to be a normal conference situation. The instructions came through clearly and consistently. Urgency was created by framing the situation as a supposed corporate acquisition. Within a single session, he approved 15 individual transfers to various accounts in Hong Kong.[1] That fraud yielded US$25 million.
[1] https://www.securitytoday.de/en/2026/04/04/deepfake-attacks-...
Would have come in handy when our niece was traveling in Asia and asked for money a few times, but in this case it wasn't a scam.
I got no traction with it, which I was a bit surprised by because one of the family members works at the Puzzle Palace.
i guess even local models can do this now, especially in non-interactive mode.
so, i have a hard time reading this part as mere naivitee, as opposed to enemy propaganda in support of mandatory digital ID's for everything. or for straight out criminalizing "unauthorized" compute altogether?
Not saying that "there's nothing we can do" or anything, but it does feel like this is one of those instincts that you develop growing up with the internet. Like, my first instinct reading that (and I hope getting that call) would be "what the hell is the lawyer doing at the scene". You have to treat _everything_ coming through your phone as potentially untrusted. I don't have any data on this, but it feels like my friends, and especially younger people, do that automatically.
The primary defence against all phishing is to tell yourself: nothing is ever really that urgent. Nothing is ever that good.
This doesn’t make any sense. At some point they will speak to their child and learn that the call wasn’t real.
Inspired by this headline I saw in the news today... haven't read the full article yet: https://arstechnica.com/security/2026/07/now-defenders-are-e...
Uh? Surely this makes believing the victims easy not hard to believe.
Its like revenge porn. "It's not me. It's a deepfake" is easy to believe.
Heavy sigh. The “weapon” is software. It cannot be regulated unless we live in the fascist dystopia where I have to ask the governments approval to run any piece of software.
A looming problem with shifts in demographics and family structure is that many people will be slipping into cognitive decline without a formal transition to address their incompetence. Sadly, there is a point where the older person really needs to permanently delegate important decision-making to a trusted third party. They should no longer be legally empowered to authorize funds transfers, sign contracts, or even make medical decisions.
We're not really setup to handle this well. Not at the systemic level of protecting people from themselves, and not at the personal level of relinquishing control over our own lives. So we often have to let the sufferer fumble along and cause a lot of damage before the protections eventually kick in.
And, ironically, these protection mechanisms can also be corrupted into another scam and form of abuse. To totally de-risk would require some kind of time travel or perfect foresight. But in the real world, the damage is often not fully reversible when it is detected after the fact.
1) voice one: young adult calls, sobbing 2) grandparent inquires with a name... "Ben, is that you?" 3) voice one: "Yes grandma, it's me, Ben... I'm in trouble, please don't tell mom 4) voice two: "Hello, I'm attorney..."
My grandmother fell victim to this almost 20 years ago, which only stopped when Western Union refused to let her continue sending wires... she was forced to call her daughter (at which point they just called my brother.)
Our takeaway (at the time)... the voice doesn't even need to be terribly accurate, since the original interaction is brief / somewhat inaudible over the tears. Typically just requires an older vulnerable adult, a lucky strike with the initial setup (e.g. grandparent actually has a grandkid), and a lot of high pressure / duress salesmanship.
Talking on the phone is now an unmitigated liability.
> Every article published on SmarterArticles is authored and editorially controlled by Tim Green. Artificial intelligence tools are used within a structured and supervised workflow as research and drafting instruments. All arguments, framing decisions, source selections, and final publication choices remain human-directed and under my full responsibility.
There are references at the bottom, but I would have preferred direct links or footnotes within the article. Also, direct quotes are nice. I didn’t notice any glaring AI cliches.
Now other businesses are starting to reference their privacy policy at the beginning of a call, which leads me to think there are many more uses popping up for our recorded voice.
I'm sure a certain percentages of recordings of our voice "to stop fraud" might be used to start fraud.
Another pillar of basic trust that's being eroded on an industrial scale. Sigh.
As the cost goes down to near-zero you can scale it up almost infinitely, especially if the profits are high enough to get some smart people working on the problem, which going by the article is already the case ("INTERPOL's finding that AI-enhanced fraud is four and a half times more profitable than the traditional kind"; incidents rose by 26% last year). If AI does succeed on mutilating white collar work enough there will be a large supply of knowledge workers that might just join International Scam Co. rather than have their families go homeless. Drowning man clutching at straw and all.
So if technologically it's impossible to prevent and societally it's impossible to prevent (like the attorney that got pwned same as the grandma), I'm not sure if there exists an answer that isn't worse than the thing it's supposed to prevent. I suppose we'll soon be in a situation where nothing we don't directly perceive in real life is provably true. That journalism and media in general seem to be in a deep crisis of trustworthiness means that you won't even get the benefit of the chain-of-trust as a proxy for whether something is or isn't real.
Ignoring everything happening outside of your immediate surroundings is a choice, and probably even good for people's mental health, but my gut feeling is that it does make humanity as a whole dumber and disempowered. What does corruption matter if nobody cares, or even hears about it? It was AI generated by $current_enemy anyway; nothing to see here, citizen.
It should be illegal to "impersonate" a human voice.
And it likely requires working with other people, your "employees", who are both a liability, and a cost.
With AI, you can make a thousand calls in parallel, for significantly cheaper, out of your own basement.
This greases the wheels of voice fraud like a gatling gun greases the wheels of hitting a guy with a rock.
Remember, trust is like a rainforest: takes a long time to grow, provides a valuable ecosystem essential to human life, but can also be burned down for a quick profit.
Fun.
We really need to get to the point where any legally-binding digital authentication MUST be rooted in an in-person identity-proofing and authenticator binding ritual. Something you perform in front of a trained official, where physical inspection and local demonstration/activation of the authenticator is possible. This should be the basic standard to associate digital authenticators used in KYC legal and financial scenarios. The outcome should be some kind of standard digitally-signed certificate which can then be presented to KYC-compliant vendors to link the authenticator to a legal identity when establishing or maintaining financial accounts and records.
Perhaps there could be tiered certificates, where a high-stakes one would require this to be done in a secure facility where you expose yourself to risk of immediate arrest if presenting falsifiable identity claims. A more typical and decentralized version might be an upgrade of the notary public system in the US. Some kind of public digital ledger should record these certifications as well as revocations done by complementary rituals.
For social or informal accounts without KYC goals, some of this same machinery could be adopted. Simply modify or downgrade the identity-proofing part of the ritual as appropriate. This could link into other strategies like PGP web-of-trust or lesser kinds of identifiers like possession of phone numbers, email addresses, etc.
There would need to be criminal liability for officials misbehaving and certifying such identity and authenticator bindings without performing the requisite identity-proofing procedures.
It doesn't even have to be based on watermarking. It could be as simple as, "hold on a sec your AI countermeasure was listening and noticed you got this suspicious call, please be aware this may be a scam. Here is what you should do next..."
[1] Structural inertia is the killer here. It will certainly not happen until the problem is huge enough.
[2] Exceptions can of course apply to numbers that are meant to primarily be cold called, like doctors offices. The callee possibly have to be specially trained to withstand this kind of attacks.
> cybercrime losses across the United States rose 26 per cent in a single year
> The FBI was candid that even these figures understate the problem. AI attribution in the report reflects only what victims recognised and reported, and most victims of a cloned-voice call never learn that a machine was involved at all.
> INTERPOL found that AI-enhanced fraud is roughly four and a half times more profitable than its traditional equivalent, and that so-called agentic AI systems can now autonomously plan and execute entire fraud campaigns, from reconnaissance through to the ransom demand.
I hope they got the message.
Article said the imposter in this case claimed her phone had been confiscated.
Fraudsters tend to also plan things such that the impersonated person can't be reached by phone at that time, either by choosing a time when they somehow know they're unavailable (e.g. impersonated person posted on social media they're boarding a plane) or in one case (12 years ago though) my SIL's parent's landline was bombarded with spam calls until they decided to leave the phone off the hook at which point the scammers phoned bank who couldn't reach the parents on their main line, of course this was the bank's problem (and there was probably an inside person facilitating) so they got their money back, but still a major inconvenience for the victim.
Probably the only sure advice is to be exceptionally wary of phone calls with supposed extreme time pressures to send the money now.
Yes, having a secret code is probably the right answer. My wife's family always has, but mine doesn't. I suppose we should probably fix that.
This is a good reminder that we should review that, since its been 10 years or so.
Kinda crazy
(never heard of anyone actually using that in real life, sounds uttery insane)
Take Europe for example: nobody dies of hunger in Europe. And yet there are plenty of thieves. People stealing tens of thousands, hundreds of thousands, millions of EUR aren't doing it to "feed their families".
Think of the situation today. Think of the victims today. Instead of thinking of tomorrow's hypothetical situation where supposedly all the honest fathers out of work would join the crime syndicate, think of today's victims.
Projecting your own insecurity about the future to excuse scummy behavior by the scum of this earth is of no help.
There are people, right now, who have a roof. Who have a family. And who are fucking scums stealing the hard earned money of others because they choosed the easy life of crime.
Zero tolerance for such motherfuckers. I care about the victims and you should too.
But more generally while recordings might be copyrighted, the voice itself isn’t so copying a voice isn’t a crime, at least as it currently stands. You cannot however use said voice for deceptive practices. You can however for advertisement (needs permission). And in the US you can for satire, at least in the US, withOUT permission (falls under the 1st amendment).
Well, not completely unsolvable. But nobody would like the solution.
What all these scams rely on is a way to transfer money in an irrevocable fashion. Restrict that in meaningful ways and you end a lot of the abilities for these scams to operate.
You could, for example, outlaw gift cards as a start. You could force the likes of Western Union to have a holding period before releasing money. Crypto would be hard as any regulation against it is pretty easily circumvented, but you could outlaw crypto currency exchanges (I'd worry less about crypto though as it's pretty hard for grandma to reliably setup).
https://en.wikipedia.org/wiki/Sassy_Justice
https://www.youtube.com/@SassyJustice/videos
Full video at https://www.youtube.com/watch?v=9WfZuNceFDM
“Before LLM’s there was_____” I see this whenever an LLM’s impact is assessed. We know. The issue is scale and the ability for smaller and smaller groups (down to individuals) to execute at scale.
LLM’s are pouring massive amount of gasoline on existing issues and people just keep shrugging. Fake news always existed. Now one dude in India can flood multiple sock puppet media accounts with right wing content/images (actual example) at a scale previously unimaginable - or in this case, can target even more vulnerable elderly populations far more effectively.
People could always die crossing a street. Still, cars changed the discussion about pedestrian safety pretty materially. People didn’t simply throw up their hands and go “people have always been able to die crossing the street.”
LPT: Please have a codeword or phrase that you use with your loved ones so even if the scammers use your voice, they won't know the phrase.
This has become the highbrow way of admitting that AI is writing the articles: Calling it “drafting” is another way of saying that the article was written by AI and the person publishing it maybe reviewed it. Maybe they skimmed it and published it directly.
For what it’s worth the article felt obviously AI heavy to my first read.
> No human had. The crying had been synthesised from a fragment of audio, and the daughter she thought she was rescuing existed only as a pattern of numbers in someone else's machine.
this way, you do not footgun yourself in the event you'd ever need to ask something. Money isnt the only thing they can ask, and no one (i think) has a glass orb to tell their future and know for certain such a call would never happen. its easy to think it wont happen to you, i think that is most peoples' sentiment until it does. (having a need for help from family that is)
As 99% of the time these are spam calls, I used to respond with something like "I'm fine, but who are you / do I know you?", but that was pretty much always inefficient as that might say their name (which from a spammer is useless information), maybe a sales pitch "how much do you spend on x?" or maybe something deliberately misleading about their company and saying something like <major brand name> even though they're some independent sales crowd getting commission selling contracts for them.
Eventually I found that the most effective response is "Sorry. Where are you calling from and what is this in regard to?" which I've found without fail seems to surprise, disarm them and immediately elicit whether the call is a waste of my time. At which point I either become very friendly (because it's a call I'm expecting) or I simply respond with "Sorry, not interested, goodbye." and immediately put down the phone.
I just want the disruption to be as minimal as possible and to not let myself even get an emotional reaction from it, so I don't want to get annoyed at them, never mind wasting time telling them off, besides, I suspect that my ruthlessly efficient getting rid of them without them even having a chance to try their pitch is received as a super cold shoulder, akin to being told to f-off.
Not a bad idea, but not a brick wall.
Obviously there are people who help themselves to others' money if given the chance no matter the circumstances. But if the circumstances change so that people DO start going hungry or homeless, which is a rather obvious side effect of AI-but-not-AGI maximalism brightly espoused by our overlords sama and amodei of the "I can’t wait to make half the knowledge workers worldwide obsolete" variety, the scale of the problem will obviously get worse, as well as the type of people you can get involved if you’re in the international scam market.
> fucking scums
> Zero tolerance for such motherfuckers
Who watches the watchers etc.
We will just end up with some jingoist dude that will go after us instead.
Slow reforms to regulate the banking industry with this "identity theft" nonsense...
Also, one's likeness (like face image) should also be protected from being used by anyone.
Difficulty in setting up a money transfer is not a hindrance. I have heard stories of scammers walking someone through the entire process to getting a mortgage on a house on the A&E Intervention episode of Greg. If they think you have money and they think you are gullible, they will devote time and effort to getting it.
High schools should teach how to spot a scam. As others have observed, this is not a new one, it's just gotten more high-tech and convincing. This is one of many practical things our schools should teach about that they just don't.
Quick note: you mean “wary” instead of “weary” there.
They keep refusing ideas like these on the grounds of them being “not stupid” and “able to see through such attempts immediately, 100% of the time” and “do you think we’re stupid?”
Nobody? France, as the most extreme example, has a rate of 1.52 per 100K. That's about a thousand people a year. That is certainly a small percentage of the population, but it isn't "nobody".
https://www.worldlifeexpectancy.com/cause-of-death/malnutrit...
These scumbags send grandma to a Bitcoin ATM.
"Before you send anything to anyone, ever, call them back. Doesn't matter if it's me, the bank, a lawyer, whatever... tell them 'hang on I have another call coming in, let me just call you back in a few minutes, okay?'"
People aren't prepared for this shit.
But they were specifically worried about the transfers being scams -- at least, that's what they said. They insisted on calling my other bank to verify that I was in fact the owner of the other business account. And I know there's been a big increase in things like fake real-estate scams, so paranoia is understandable.
However, the way bank fraud/risk departments work is generally completely opaque. I've previously had Bank of America refuse to open an account, with no reason given and no possible recourse. And I can't imagine a much more vanilla, boring, good-credit person than me, so I have no idea what set them off!
and receiving more.
I don't think that's a safe assumption. You could construct an article pretty quickly if you had a topic, a few points to hit, a conclusion and a short list of links, then fed that to the machine. All the LLM would be doing is fluffing it up with worthless words, unnecessary metaphors and maybe a pop culture reference or two so it looks like what people expect from an "article."
"Rewrite this as a slate dot com article"
If it were an email newsletter instead, there wouldn't be that fluffy expectation and you could just leave the bullet points and links as they were.
>and it is worth being clear about why
>The emotional mechanism the scam exploits is not a gap in knowledge that a leaflet can fill; it is the love a person has for their grandchild, weaponised
>These are not the numbers of a credulous minority being separated from pocket money. They are the numbers of a generation's accumulated savings being drained
>that a fraud requiring the absolute frontier of machine learning can be perpetrated against an ordinary grandmother in her kitchen, at scale, for the price of nothing
(To be clear this isn't automatically disqualifying to me. But I am interested in LLM writing patterns and my ability to detect them. And in the case of this article I sense the kind of linguistic padding that has made Claude a little harder to work with in the more recent Opus point releases because it obscures the most important bits of information.)
If an expert can't distinguish, it has absolutely nothing to do with being "stupid" or not. So send them that, maybe.
If they are still stubborn about it, then thank them for contributing to the future funding of Scam the World With AI.
So... This has to be a Sneakers reference, right?
“Grandma the password is ‘Integra’ but I can just tell you now, it’s not me calling you, it must be a sca—“
“Thanks got it byeeeeee” <scammer calls grandma>
There's a reason scammers rely heavily on things like gift cards, it's because hiring mules is expensive and creates a trail police can follow back to the scammers. It requires them to be in the same locale as the person they are scamming. Mailing cash is also pretty dicey for the scammers because you have to send the mail to a valid address. That becomes something police can trace.
If you wanted to completely eliminate scams then yeah, you'd also outlaw cash.
Eh, maybe.
Some of those may be hospice-style scenarios, where starvation is technically the cause of death at times. https://www.ccjm.org/content/ccjom/70/6/548.full.pdf
Now in the era of AI, this means anyone in the vicinity of an officer has a voice sample in the public domain, plus potentially their image.
Complex issue. I like body cams, I like freedom of information laws, but don't love this particular outcome.
[0] https://en.wikipedia.org/wiki/Lenny_(chatbot)
[1] https://news.virginmediao2.co.uk/o2-unveils-daisy-the-ai-gra...
We’re not disagreeing? That’s basically what I said: The AI wrote the article. Saying it drafted the article is a way of admitting it was written by AI but making it sound like it was actually a journalistic endeavor.
...but I know one of the signals they use for authentication is voice analysis in background...which I do not love.
The procedure is:
1. Kid tells password to parent in person. 2. From then on: when kid calls parent, if kid requests anything sensitive, parent ask for the password, and kid must provide it. 3. Password is never mentioned over the phone in any other situation.
How would anyone be able to extract the password from the kid?
A while ago, some police department simply seized them and the cash inside and reimbursed victims with the proceeds thereof.
I used to have a residential mortgage with two other people and my name was stuffed into some ancillary field as a co-holder and they refused to give me any information or transact over the phone. I eventually figured out I needed to tell them to look in some extended info field, and the whole endeavor was annoying but ultimately I was appreciative of the strictness (that the entire mortgage data model—at the time (25 years ago), I don't know what it's like today—seems to assume that it will only ever be two people of opposite gender who are married will be on a mortgage was much more disappointing. The other two people were assumed to be married and the woman was seemingly by default listed as the non-primary).
If you're going to get people to call you back, it has the problem of ensuring that they call you back on your real number - giving reasons why they have to call you back on some other number is way too easy ("I've lost my phone", "my phone is at home", and so on)
They can probably ignore international calls, although only probably.
"Hi Firebeyond, we're doing a background check. Can you confirm the following info you entered into our portal?" then proceeds to list full SSN, drivers license, DOB, etc., etc., etc.
"... and can you also confirm that this is the correct email address we have on file?"
All the while they had reached out by FB Messenger to my partner (not that she was in any of the info I submitted, and this was just a standard BG check, not a security clearance) to ask her if she knew me...
Luckily, my new employer was as horrified as I was, apologized profusely, and fired the background check company.
"Oh my gosh Dad/Son! You know we have a password for that!"
"Yes -- actually, use it now so WE BOTH KNOW YOU'RE NOT A SCAM!"
"Sure, Dad/Son! It's DOUBLE CHEESEBURGER!"
"Thanks!"
The federal government.
I consider myself always to be wary of scams and my trust-level is zero when they call me, but I recently almost got myself hooked on an airline support call. I google searched the support number and trusted the AI summary on top and called it, they asked me my reservation number and I happily provided. With the reservation number they have public access to the entire reservation details, they knew my name, my flight, my co-passenger details everything. I called to do a reservation for my pet which is normally not done online. their problem, they got greedy and asked me more than pet travel, iirc they said there was a problem with one of my flights, it wasn't paid and I had to repay on the call. If they just followed along instead of going by the script I would have paid the pet travel amount.
https://www.youtube.com/watch?v=6A4uKSvFU40
Kitboga is a dang hero.
This is a very useful precaution for banks, and for or calls that come from a family member's real phone number.
But scammers will just open with "I'm in trouble and my phone died" or "I'm in jail calling from a pay phone" and calling back won't do anything to help with that.
I like most am deeply unsatisfied with the archaic system though of a basically unchangeable 10-digit number granting permission for anyone to fill up my phone with messages and interrupt me with calls, and hate that I have to ever answer calls from a number I don't know.
I really would like a mutual opt-in system, where you have to pre-establish consent before it's even possible to message or call you, but it seems impossible to get there from here. We can't even get the stupid cell phone companies to strongly enforce that caller ID isn't spoofed!
I have them both set at about €150.
I think for the bank I can go to a branch to avoid the limit, but that will be with the full fraud suspicion of the teller.
Also, given at least in America, our cell phone providers STILL haven't fully blocked caller ID spoofing (last I checked, they just add some tiny icon in the rare case that the CID is trustable, and I'd bet 99.9% of people don't even know that exists!) they can spoof the initial call as your number and many targets will probably mistakenly think the CID match is good enough to just skip it, especially in this "very urgent situation" with you being held at knifepoint by the corrupt third-world cops or whatever.

Sharon Brightwell heard her daughter crying down the line, and that was the end of any defence she might have mounted. The voice belonged to April, or so every instinct insisted: the same timbre, the same broken rhythm of a young woman in distress. The voice said she had been texting while driving, that she had hit a pregnant woman, that her phone had been seized by police. A man then took over the call, identifying himself as April's attorney, and explained that bail would cost fifteen thousand dollars in cash. He warned Brightwell not to tell the bank what the money was for, because it might damage her daughter's credit. Within the hour, the retiree from Dover, Florida had withdrawn the money and handed it to a courier she believed was connected to the courts. Only when she reached the real April, who had spent the morning at work and never been near a car accident, did she understand that her daughter had not made the call. No human had. The crying had been synthesised from a fragment of audio, and the daughter she thought she was rescuing existed only as a pattern of numbers in someone else's machine.
Brightwell's loss, reported across American local news in the summer of 2025, is now one of the most ordinary crimes in the United States. It is also one of the most technically advanced. The collision of those two facts — that a fraud requiring the absolute frontier of machine learning can be perpetrated against an ordinary grandmother in her kitchen, at scale, for the price of nothing — is the defining feature of a problem that law enforcement, banks, telecoms companies and regulators have spent two years failing to contain. The question is no longer whether the technology works. It works appallingly well. The question is what meaningful protection requires when the gap between the sophistication of the attack and the awareness of the target is measured not in months but in years.
In April 2026, the FBI's Internet Crime Complaint Center published its annual report on the previous year's online crime, and for the first time in the report's twenty-six-year history it broke out artificial-intelligence-enabled fraud as a distinct category. The numbers were stark. The bureau logged more than 22,000 complaints with an AI nexus and adjusted losses exceeding 893 million dollars. Of that sum, the report attributed 352 million dollars in losses to victims aged sixty and over, making older adults the single most heavily targeted demographic in AI-enabled financial crime. The AI figure sat inside a far larger total: cybercrime losses across the United States rose 26 per cent in a single year to 20.9 billion dollars, with Americans aged sixty and older accounting for 7.7 billion of that — a roughly 60 per cent jump on the previous year.
The FBI was candid that even these figures understate the problem. AI attribution in the report reflects only what victims recognised and reported, and most victims of a cloned-voice call never learn that a machine was involved at all. They believe, as Sharon Brightwell initially believed, that they spoke to their own child. The 893 million dollars is therefore best read as a floor, not a ceiling — the visible portion of a category that is, by its nature, designed to remain invisible to the people it harms. That the FBI felt compelled to create the category at all is itself a signal. Crime statistics are conservative instruments; agencies do not redraw twenty-six-year-old reporting taxonomies for a passing fashion. The new line in the ledger is an admission that a tool which barely existed in consumer form three years ago has become a mainstream instrument of theft.
Internationally, the picture is larger and worsening. In March 2026, INTERPOL published the second edition of its Global Financial Fraud Threat Assessment, estimating worldwide losses to financial fraud at 442 billion dollars in 2025 — a sum comparable to the entire annual economic output of Denmark. The organisation rated the threat trajectory as escalating and described what it called the “industrialisation of fraud”: the migration of scamming from opportunistic individuals to organised, transnational operations that intersect with human trafficking and cybercrime. Crucially, INTERPOL found that AI-enhanced fraud is roughly four and a half times more profitable than its traditional equivalent, and that so-called agentic AI systems can now autonomously plan and execute entire fraud campaigns, from reconnaissance through to the ransom demand. The economics, in other words, have inverted. For the first time, deception at industrial scale costs almost nothing to manufacture and returns a fortune.
The technical capability at the centre of the grandparent scam is brutally simple to describe. A modern AI voice-cloning system requires as little as three seconds of audio to produce a synthetic voice that is, for practical purposes, indistinguishable from the original. Three seconds is the length of a voicemail greeting, a snatch of a podcast, the audio under a birthday video posted to a public Instagram account. The raw material is not stolen from a secure database; it is volunteered, every day, by the ordinary act of living a recorded life. A grandchild who appears in a single TikTok clip has supplied everything a fraudster needs to manufacture their own kidnapping.
What makes the threat acute is not merely that the cloning works but that the tools to do it are cheap, abundant and almost entirely unpoliced. In March 2025, Consumer Reports assessed the voice-cloning products of six companies — Descript, ElevenLabs, Lovo, PlayHT, Resemble AI and Speechify — and concluded that a majority lacked any meaningful safeguard against fraud or misuse. Four of the products, the organisation found, required only that a user tick a box affirming they had the legal right to clone the voice in question. None of those four employed any technical mechanism to confirm that the speaker had actually consented, or to restrict cloning to the user's own voice. Four of the six companies required nothing more than a name or an email address to open an account. The investigation's blunt conclusion, amplified by NBC News and The Register, was that the industry had built a tool capable of impersonating anyone and then placed it behind a self-attestation checkbox.
ElevenLabs, one of the most prominent providers, points to a multi-layered safety programme: a prohibited-use policy that bans impersonation, a public AI speech classifier that can identify audio likely to have originated from its system, traceability that links generated content back to the account that produced it, and “no-go voices” safeguards that block the cloning of certain protected figures around election cycles. These are not trivial measures, and they are more than several competitors offer. But they share a structural weakness: almost all of them operate after the fact. They help investigators establish provenance once a fraud has already occurred and a victim has already lost their savings. They do very little to prevent the three-second clone from being generated in the first place, because the thing that would prevent it — robust, mandatory verification that the person being cloned has consented — is precisely the friction that a competitive, fast-moving market is reluctant to impose on itself. When a safeguard costs a company conversions and protects only the customers of its rivals, the market will not supply it voluntarily. It has not.
If there is a single moment that captures why detection-based defences are failing, it arrived in a New York Times profile published in June 2026. Its subject was Hany Farid, the University of California, Berkeley professor who is, by broad consensus, the world's foremost authority on deepfake forensics. For more than two decades Farid had built a career on the ability to separate the real from the synthetic, fielding requests from governments, human-rights organisations, journalists and law enforcement. Lately, the Times reported, he had begun failing his own tests. “I feel like I'm going blind,” he said. The man best equipped on Earth to distinguish a genuine recording from an AI-generated one could no longer reliably do so.
That admission ought to end a certain kind of conversation. For years, the implicit promise of the response to synthetic media has been that detection would keep pace with generation — that for every more convincing fake, there would be a more sensitive detector, and that the arms race, though uncomfortable, was at least winnable. Farid's confession is evidence that, in the audio domain at least, the race has been lost. When the foremost detector in the field is reduced to a coin-toss, the strategy of catching fakes after they have been made and circulated is not a strategy at all. It is a hope. And a fraud that depends on twenty minutes of panic does not give a victim, or their bank, twenty minutes to run a forensic analysis that even Hany Farid would no longer trust.
This is the first and most important thing that meaningful protection requires us to accept: detection cannot be the load-bearing defence. A grandmother on the phone with a sobbing voice cannot be expected to perform forensic analysis that the discipline's leading expert has effectively abandoned. Any plan that ultimately rests on the target, or anyone else, being able to tell the difference between a real voice and a cloned one is already obsolete. The implication runs deeper than telephone fraud. If the world's authority on detecting synthetic audio cannot trust his own judgement, then every downstream system that quietly assumes a human can serve as a fallback verifier — the bank teller who is told to “use discretion,” the relative urged to “listen carefully for anything off” — rests on a foundation that has already crumbled.
It is tempting, and wrong, to attribute the targeting of older adults to naivety. The brief that prompts this article identifies a more uncomfortable truth: the characteristics that make older people disproportionately vulnerable are not deficiencies of intelligence but features of a life well lived. They tend to hold higher average savings balances, the accumulated product of decades of work, which makes them efficient targets — a single successful call can yield far more than one aimed at a younger person. They were raised in, and still operate within, established patterns of trust-based communication, in which a phone call from a distressed relative is answered as a genuine emergency rather than interrogated as a potential attack. They are, through no fault of their own, relatively unfamiliar with the existence of AI voice synthesis, having spent most of their lives in a world where a voice on the line was definitionally a person on the line. And they are exposed, like every parent and grandparent, to the particular emotional architecture of the family-emergency scenario, in which the instinct to protect a child overrides every slower, more sceptical faculty.
Academic research has begun to formalise this. An arXiv paper published in June 2026 noted plainly that “older adults remain disproportionately vulnerable to AI-enhanced scams.” A separate study from a team led by Yixin Zou, also published in early 2026, examined fraud interventions designed specifically for older adults amid escalating AI sophistication, developing a role-based simulation tool called ROLESafe that improved participants' ability to identify fraud when they learned by playing the part of victim or helper rather than passive observer. And a third paper, from researchers at the firm Charm Security, proposed a Human Vulnerabilities and Exploits Framework — a structured catalogue, modelled on the software-security world's vulnerability databases, for classifying the cognitive and social mechanisms that fraud systems exploit. The framework's premise is itself a quiet indictment: the security industry has spent decades cataloguing and patching the weaknesses of machines while leaving the weaknesses of people undocumented and unmanaged. The grandparent scam succeeds because it attacks the one part of the system for which no patch has ever been written.
This is why awareness campaigns aimed at older adults, while necessary, cannot be sufficient. The emotional mechanism the scam exploits is not a gap in knowledge that a leaflet can fill; it is the love a person has for their grandchild, weaponised. You can tell someone a hundred times that voices can be faked, and in the moment a cloned voice screams for help, the knowledge will not arrive in time. The AFP wire story carried by The Straits Times and the Manila Times in June 2026 quoted Amit Gupta of the voice-security firm Pindrop putting the matter precisely: “The objective is not perfect voice replication. The objective is creating enough emotional uncertainty and urgency that the victim acts before verifying.” A defence built around the assumption that victims will verify is a defence built against the very weakness the attack is engineered to bypass.
The most chilling testimony in that wire story came not from an elderly victim but from a lawyer. Gary Schildhorn, a Philadelphia attorney who was himself targeted by a cloned-voice scam, said that even with hindsight and professional scepticism he could not shake the certainty of what he had heard: “I will go to my grave swearing that it was your voice.” That sentence ought to be read by anyone tempted to believe that vigilance is the answer. Schildhorn is a trained advocate, paid to interrogate evidence and disbelieve plausible stories, and the clone defeated him as completely as it defeated a panicked grandmother. The vulnerability the fraud exploits is not located only in the elderly, or the credulous, or the technologically illiterate. It is located in the human auditory system itself, which evolved over millennia to treat a recognised voice as proof of a recognised person — and which is now, for the first time in that long history, systematically and exploitably wrong.
The data on older adults reinforces rather than contradicts this reframing. The FTC's December 2025 report to Congress found that total fraud losses reported by people aged sixty and over had roughly quadrupled between 2020 and 2024, reaching about 2.4 billion dollars, with 68 per cent of that sum attributable to individual losses of 100,000 dollars or more. The agency's own estimate of the true annual cost, accounting for the chronic underreporting that shame and embarrassment guarantee, ranged as high as 81.5 billion dollars. These are not the numbers of a credulous minority being separated from pocket money. They are the numbers of a generation's accumulated savings being drained through a mechanism specifically calibrated to their patterns of trust, their financial position and their place at the emotional centre of a family.
Brian Long, the chief executive of the security firm Adaptive Security, distilled the new economics for AFP in a single sentence: “One guy in a room with a keyboard can make an infinite number of attackers.” That is the asymmetry in its purest form. On one side stands an automated system that can generate a convincing clone in seconds, dial thousands of numbers, and conduct each conversation with synthesised emotion, for a marginal cost approaching zero. On the other stands an individual human being, often elderly, alone, and given roughly the length of a panicked phone call to mount a defence that the world's leading forensic scientist could not.
INTERPOL's finding that AI-enhanced fraud is four and a half times more profitable than the traditional kind is the financial expression of this imbalance. When an attack becomes both cheaper to mount and more lucrative to complete, the volume of attacks does not rise linearly; it explodes. The 26 per cent single-year jump in American cybercrime losses, and the near-doubling of losses among the over-sixties, are what that explosion looks like in a national ledger. And the AFP wire noted something else that compounds the harm: shame. The Buffalo mother Liz Benz, who endured what she called “a good twenty minutes of terror” when a cloned voice told her that her sixteen-year-old son had been taken hostage, said that after she went public she was flooded with messages from other victims — many of whom chose to stay anonymous, because the humiliation of having been fooled kept them silent. Underreporting is not a statistical footnote here. It is a structural feature of a crime designed to make its victims feel too foolish to come forward, which in turn starves the data, the prosecutions and the policy response of the evidence they need. A crime that silences its own witnesses is a crime that compounds at interest.
The most widely circulated piece of advice, repeated by the FBI, the American Bankers Association and consumer advocates throughout 2026, is to agree a family “safe word” — a secret phrase known only to relatives, to be demanded in any emergency call. If the voice cannot produce it, hang up and call back on a known number. The advice is sound. It is also, as a systemic defence, hopelessly inadequate, and it is worth being clear about why.
A safe word works only if every member of a family adopts it, remembers it, and has the presence of mind to demand it in a moment engineered to obliterate presence of mind. It places the entire burden of defeating an industrial, automated, billion-dollar criminal apparatus on the cognitive discipline of a frightened individual at the worst moment of their week. It assumes that the eighty-year-old whose median reported loss, according to FTC data released in late 2025, exceeds 1,600 dollars will, while hearing her grandchild scream, calmly recall a protocol and execute it. Some will. Many, by design, will not. A defence that works only when the target performs flawlessly under maximum stress is not a defence; it is a way of allocating blame to the victim after the fact.
This is the deeper objection to placing protection in the hands of families and individuals. It transfers responsibility for a failure of the technological and financial system onto the people least equipped to bear it, and then, when they fail, treats their failure as a personal one. The voice-cloning tools were built and sold by companies. The calls are carried by telecommunications networks. The money moves through banks. Each of those parties operates at the chokepoints where the fraud could actually be interdicted at scale. The grandmother in her kitchen does not. Meaningful protection requires moving the burden from the end of the chain, where it currently sits, to the points in the middle where it belongs. A society that responds to an industrialised threat by issuing better advice to its most vulnerable members has confused the publication of guidance with the provision of protection.
Consider the three institutional chokepoints in turn, because each illustrates both the promise and the present failure of structural defence.
The first is the telephone network. In the United States, the STIR/SHAKEN framework was meant to address caller-ID spoofing by allowing originating carriers to cryptographically sign a call as legitimate and terminating carriers to verify that signature before it reaches a handset. In December 2025, the FCC's Wireline Competition Bureau concluded in its triennial efficacy report that the framework does authenticate caller ID effectively when properly applied. The qualification is doing enormous work. Criminals discovered early that routing calls through older, non-IP networks could evade the system entirely, and the FCC spent much of 2025 and 2026 trying to close that gap and pushing towards Rich Call Data, which would display a verified caller name and logo on the handset. But STIR/SHAKEN authenticates the number, not the human, and certainly not the voice. It can tell you that a call genuinely originated from a given line. It cannot tell you that the sobbing daughter on that line is a machine. Against a cloned voice arriving from a spoofed or simply unfamiliar number, the framework is close to irrelevant. The same FCC declared in February 2024 that AI-generated voices in robocalls were illegal under the Telephone Consumer Protection Act — a meaningful statement of intent that nonetheless governs only mass automated dialling, not the targeted, one-to-one emergency call that defines the grandparent scam.
The second chokepoint is the platform that hosts the cloning tool. Here the most promising structural intervention is provenance rather than detection — the attempt, embodied in the C2PA standard, to attach a tamper-evident cryptographic record to a piece of media describing the device or model that produced it. In 2025 the standard was ratified as an ISO specification and, alongside watermarking schemes such as Google's SynthID and Meta's AudioSeal, became the de facto provenance language of the internet. The logic is sound: rather than asking whether a recording looks or sounds fake, ask whether it carries a credential proving it was made by a real microphone. But provenance has a fatal asymmetry of its own for this specific crime. Missing credentials are not proof of fakery, because vast quantities of legitimate audio were never signed and because the metadata is routinely stripped by social platforms, screenshots and re-encoding. More fundamentally, a fraudster placing a phone call is under no obligation to transmit a C2PA manifest, and the analogue gap — playing synthetic audio down a telephone line — destroys any digital watermark in the act of transmission. Provenance can help establish, afterwards, that a viral video was synthetic. It does almost nothing to stop a live cloned-voice call in progress.
The third chokepoint — and the most promising — is the bank. This is where the money actually moves, and therefore where interdiction has the greatest mechanical leverage. The United Kingdom offers the clearest natural experiment. In October 2024, the Payment Systems Regulator made reimbursement for authorised push payment fraud mandatory: where a victim is tricked into authorising a transfer to a fraudster, the sending and receiving banks must now reimburse them, splitting the liability fifty-fifty, up to 85,000 pounds, within five business days, with the consumer-negligence exception explicitly barred for vulnerable customers. Confirmation of Payee, the account-name-checking service, now runs on billions of transactions. The PSR's own dashboard showed that in the fifteen months to the end of December 2025, 89 per cent of money lost to such scams — some 243 million pounds — was reimbursed, against a 65 per cent rate before the rules took effect.
The point of mandatory reimbursement is not merely to make victims whole, though that matters. Its deeper purpose is to relocate the financial incentive. Once banks are liable for the losses, they acquire a powerful reason to build the friction, the anomaly detection and the intervention protocols that actually stop a fraudulent transfer before it completes — the held payment, the cooling-off period on a large cash withdrawal by an older customer, the human call from the branch asking why a retiree is suddenly emptying her savings to a courier. The transfer friction that a grandmother cannot impose on herself, a bank can impose on her account, and a liability regime gives it the reason to do so. Critics, including commentators in Electronic Payments International, warn that reimbursement alone risks becoming a subsidy to fraudsters if it is not paired with prevention, and that the strategy must move beyond simply paying victims back. That critique is correct, and it points towards the right answer rather than away from it: liability is the lever that forces prevention, not a substitute for it. The lesson of the British experiment is not that reimbursement solves fraud — it does not — but that it changes whose problem fraud is, and an institution made to own a problem will, eventually, engineer against it.
Pull these threads together and a coherent picture emerges of what would actually work, as distinct from what merely sounds reassuring.
It requires, first, abandoning detection as the primary line of defence. Hany Farid's blindness is not a temporary setback to be solved by a better classifier; it is a permanent structural condition of a world in which generation has outrun discrimination. Any plan whose final safeguard is someone, somewhere, telling the real from the fake has already failed.
It requires, second, regulating the supply of the weapon. The Consumer Reports finding that voice-cloning tools sit behind a self-attestation checkbox is a policy choice, not a law of nature. Mandatory, verifiable consent before a voice can be cloned — of the kind Descript and Resemble AI have partially implemented and the others have not — is technically feasible and would not abolish the legitimate uses of the technology. The European Union's AI Act, whose obligations for general-purpose models began applying through 2025 and 2026, and state statutes such as Tennessee's ELVIS Act, which requires written consent to clone a voice, are early gestures towards treating voice synthesis as the regulated capability it has become. They remain far ahead of enforcement and far behind the threat.
It requires, third, placing the burden of interdiction on the institutions that occupy the chokepoints — and, where they will not act voluntarily, compelling them through liability. The British reimbursement regime is imperfect and incomplete, but it demonstrates the mechanism: when banks own the loss, banks build the friction. Telecoms carriers that profit from carrying calls should bear a corresponding duty to authenticate and, where possible, flag them. Platforms that sell cloning should bear a duty to verify consent. The common principle is that responsibility ought to sit with the party that has both the capability to prevent the harm and the commercial benefit from the activity that causes it — which, in every case, is an institution, and in no case is an eighty-year-old answering her phone.
It requires, fourth, treating the human vulnerability as a thing to be managed rather than a thing to be blamed. The Charm Security framework's insight — that the cognitive and emotional mechanisms exploited by fraud deserve the same systematic cataloguing as software flaws — should inform how banks design their interventions, how carriers design their warnings, and how public bodies design education that goes beyond leaflets to the kind of role-based rehearsal that the ROLESafe research found actually changes behaviour. Awareness campaigns and family safe words are not worthless. They are simply the last and weakest line, useful only as a backstop to structural defences that do the real work.
The deepest reason the defensive gap is measured in years rather than months is that the attack is a technology problem and the defence is an institutional one. Cloning a voice takes three seconds and improves monthly. Passing a reimbursement regulation, rewiring a banking system's fraud controls, mandating consent verification across an industry, and closing the non-IP loophole in a national telephone network take years, because they require law, coordination, money and the overcoming of every commercial interest that profits from the status quo. The asymmetry is not merely technical; it is the asymmetry between how fast a machine can be built and how slowly a society can respond.
Sharon Brightwell got some of her money back, eventually, through the diligence of investigators and her bank. Many do not. The 352 million dollars the FBI attributes to older victims of AI fraud, and the far larger sum it cannot see, represent a transfer of wealth from the people who can least afford to lose it to the most efficient criminal enterprise yet devised. Closing the gap will not come from teaching grandmothers to doubt the sound of their grandchildren's voices. It will come from deciding, as a matter of law and engineering, that the institutions standing between the clone and the cash are responsible for what passes through their hands. Until that decision is made, the three-second theft will remain the easiest serious crime in the world to commit, and the hardest for its victims to be believed about — because the evidence, by design, sounds exactly like someone they love.

Tim Green UK-based Systems Theorist & Independent Technology Writer
Tim explores the intersections of artificial intelligence, decentralised cognition, and posthuman ethics. His work, published at smarterarticles.co.uk, challenges dominant narratives of technological progress while proposing interdisciplinary frameworks for collective intelligence and digital stewardship.
His writing has been featured on Ground News and shared by independent researchers across both academic and technological communities.
ORCID: 0009-0002-0156-9795 Email: tim@smarterarticles.co.uk
Listen to the free weekly SmarterArticles Podcast