How to Address Deepfake Fraud

My dad almost sent 50,000 to "me" yesterday. Except it wasn't me. It was a deepfake. AI scams aren't coming, they're already here. And our parents are the most vulnerable targets. The technology is now so good that even tech-savvy people can't detect deepfake videos or voice clones. If YOU can't tell, your parents definitely can't. Here's what I told my parents (please share this with yours or post this screenshot): If you EVER get a video, voice call or message from your family member asking for money: → Stop. Take 10 seconds. Ask ONE deeply personal question. Not their birthday. Not their address. Scammers can find that online. Ask something only you two would know: • What did we fight about at Diwali party 2019? • What's the name of your childhood pet that we never posted about? • What was the last meal we cooked together? The rule in our family now: No money moves without the secret question. Even in "emergencies." I know it feels awkward. I know in a crisis, we don't think rationally. But that's exactly what scammers count on. Sit with your parents THIS WEEK. Create 2-3 questions together. Write them down. Make it a pact. This 5-minute conversation could save them from losing their life savings. Let's protect the people who protected us. #CyberSecurity #DeepfakeSafety #AIScams

If you got a phone call from your child, your spouse, or your business partner saying they were in trouble… would you know if it was real? I want to talk about deepfake phone scams. Apparently with just 15 seconds of recorded audio, scammers can now clone a voice convincingly enough to fool close family members and colleagues. AI-generated voice deepfakes are becoming so sophisticated that experts rate them a “12 out of 10” threat. I think this is so insane. Sadly, I already know of a handful of our clients who have received calls like that and THANKFULLY did not fall for it. For immigration lawyers—and really, anyone handling sensitive information—this can turn into a huge operational risk. Especially for those of us who post video content. We need to protect ourselves from these scams at all cost. So, here are five simple protocols that can reduce the danger: 1️⃣ Treat urgency as a red flag during a call Scammers create crisis scenarios on purpose. If someone demands immediate action, especially involving money, confidential information, or sensitive decisions - you should pause. The more urgent it feels, the more skeptical you should be. I think this can be hard for many of us who have an instant reaction to a loved one in alleged distress. 2️⃣ Hang up and call back using a verified number Caller ID can be spoofed. We know this. Deepfake voices CAN sound very real though. But scammers can’t answer a legitimate number already stored in your contacts. A simple callback protocol stops most fraud attempts. 3️⃣ Use a private code word With family or key staff, you could create a phrase that isn’t posted online and practice using it. If the caller can’t provide it, the communication isn’t safe and you know you’re being scammed. 4️⃣ Strengthen videoconferencing and financial protocols Require video for sensitive conversations. Avoid virtual backgrounds for important meetings. And institute a second-channel confirmation rule for financial or confidential requests. NEVER authorize funds transfers by phone or email alone!! 5️⃣ Talk about it - especially with vulnerable people Train staff regularly. Speak openly with children and older adults about deepfakes. Normalize verification. Make it clear that double-checking is expected and it is not rude. I think to even write this post is so crazy to me. This is what people were scared of when it comes to AI. Deepfakes exploit panic, confusion, and shame. Clear protocols and shared expectations neutralize that power scammers could have over anyone. AI is advancing quickly. Our systems (and our habits) have to evolve just as fast. Have you updated your firm or family protocols yet? Have you ever received any deepfake calls?

🧾 Employees using AI to create fraudulent expense receipts 🤖 Fake or otherwise malicious “candidates” using Deepfake to hide their true identity on remote interviews until they get far enough in the process to hack your data 🎣 AI-powered phishing scams that are more sophisticated than ever Over the past few months, I’ve had to come to terms with the fact that this is our new reality. AI is here, and it is more powerful than ever. And HR professionals who continue to bury their head in the sand or stand by while “enabling” others without actually educating themselves are going to unleash serious risks and oversights across their company. Which means that HR professionals looking to stay on top of the increased risk introduced by AI need to lean into curiosity, education, and intentionality. For the record: I’m not anti-AI. AI has and will continue to help increase output, optimize efficiencies, and free up employees’ time to work on creative and energizing work instead of getting bogged down and burnt out by mind numbing, repetitive, and energy draining work. But it’s not without its risks. AI-powered fraud is real, and as HR professionals, it’s our jobs to educate ourselves — and our employees — on the risks involved and how to mitigate it. Not sure where to start? Consider the following: 📚 Educate yourself on the basics of what AI can do and partner with your broader HR, Legal, and #Compliance teams to create a plan to knowledge share and stay aware of new risks and AI-related cases of fraud, cyber hacking, etc (could be as simple as starting a Slack channel, signing up for a newsletter, subscribing to an AI-focused podcast — you get the point) 📑 Re-evaluate, update, and create new policies as necessary to make sure you’re addressing these new risks and policies around proper and improper AI usage at work (I’ll link our AI policy template below) 🧑💻 Re-evaluate, update, and roll out new trainings as necessary. Your hiring managers need to be aware of the increase in AI-powered candidate fraud we’re seeing across recruitment, how to spot it, and who to inform. Your employees need to know about the increased sophistication of #phishing scams and how to identify and report them For anyone looking for resources to get you started, here are a few I recommend: AI policy template: https://lnkd.in/e-F_A9hW AI training sample: https://lnkd.in/e8txAWjC AI phishing simulators: https://lnkd.in/eiux4QkN What big new scary #AI risks have you been seeing?

AI PR Nightmares Part 2: When AI Clones Voices, Faces, and Authority. What Happened: Last week, a sophisticated AI-driven impersonation targeted White House Chief of Staff Susie Wiles. An unknown actor, using advanced AI-generated voice cloning, began contacting high-profile Republicans and business leaders, posing as Wiles. The impersonator requested sensitive information, including lists of potential presidential pardon candidates and even cash transfers. The messages were convincing enough that some recipients engaged before realizing the deception. Wiles’ personal cellphone contacts were reportedly compromised, giving the impersonator access to a network of influential individuals. This incident underscores a huge growing threat: AI-generated deepfakes are becoming increasingly realistic and accessible, enabling malicious actors to impersonate individuals with frightening accuracy. From cloned voices to authentic looking fabricated videos, the potential for misuse spans politics, finance, and way beyond. And it needs your attention now. 🔍 The Implications for PR and Issues Management: As AI-generated impersonations become more prevalent, organizations must proactively address the associated risks as part of their ongoing crisis planning. Here are key considerations: 1. Implement New Verification Protocols: Establish multi-factor authentication for communications, especially those involving sensitive requests. Encourage stakeholders to verify unusual requests through secondary channels. 2. Educate Constituents: Conduct training sessions to raise awareness about deepfake technologies and the signs of AI-generated impersonations. An informed network is a critical defense. 3. Develop a Deepfakes Crisis Plan: Prepare for potential deepfake incidents with a clear action plan, including communication strategies to address stakeholders and the public promptly. 4. Monitor Digital Channels: Utilize your monitoring tools to detect unauthorized use of your organization’s or executives’ likenesses online. Early detection and action can mitigate damage. 5. Collaborate with Authorities: In the event of an impersonation, work closely with law enforcement and cybersecurity experts to investigate and respond effectively. ———————————————————— The rise of AI-driven impersonations is not a distant threat, it’s a current reality and only going to get worse as the tech becomes more sophisticated. If you want to think and talk more about how to prepare for this and other AI related PR and issues management topics, follow along here with my series or DM if I can help your organization prepare or respond.

Fraud no longer hides in the shadows. It might show up disguised as someone you know. Like when the CEO calls and her voice on the phone sounds exactly right. Her urgency feels real, and the wire transfer request to a new bank account seems legitimate, so accounting releases the funds. And just like that, the company loses $20k to a fraudster who weaponized AI. This isn't science fiction. It's happening right now to individuals and organizations alike. Fraudsters are creating disturbingly real AI deepfakes that can fool even the most cautious people. And companies need strategies to combat them. Because those audio and visual cues we've relied on for decades are no longer reliable indicators of authenticity when it comes to AI deepfakes. Organizations can fight back with these defense strategies: ✔ Stay cautious and be wary of anyone requesting money or personal information, even if they look or sound like someone you trust. ✔ Don’t send money or share sensitive data in response to a single phone or video call. Phone numbers can be spoofed, so always verify a person’s identity by contacting them separately at a number you trust. ✔ Use small action requests, like asking a person to turn their head, blink repeatedly, or hum a song while on a video or phone call. If they decline, freeze up, or go silent, it could be a fraudster. ✔ Establish a safe word that only your inner circle knows to confirm the identity of someone claiming to be a colleague, family member, or friend.   ✔ Use strong passwords. Enable multifactor authentication (MFA) on all company devices and accounts whenever possible. And don’t forget to report AI deepfakes to law enforcement and any relevant social media channels, websites, and other platforms where the encounter took place. All of these tips ALSO work for individuals too because hackers like causing havoc with anyone they can. The question isn't whether AI deepfakes will target your organization. It's whether your organization will be ready when it does.   Food for thought as we kick off Cybersecurity Awareness Month.   ♻ Share our infographic to help companies combat AI deepfakes. 

“A deepfake just tried to walk into the front door at LastPass.” This time it failed — but what stopped it? 🚨 Attack spotted   Deepfake audio used to impersonate a CEO in a voice phishing attempt at LastPass — thankfully it failed. 📖 What happened   Threat actors targeted a LastPass employee by sending calls, texts, and a voicemail over WhatsApp, using AI-generated deepfake audio imitating the CEO’s voice. The employee recognized the unusual channel and suspicious urgency cues, reported it internally, and the attack was thwarted without impact. 💡 Why it matters   Deepfake voice scams are becoming a real threat, making it harder to verify identities remotely. Even though technology can mimic trusted voices, unusual communication methods and employee vigilance can stop these scams before damage is done. 🧠 CISO consideration   Ensure policies require verification via controlled channels, callbacks for sensitive requests, and ongoing social engineering awareness training. Monitor for attempts leveraging AI impersonations, especially in executive fraud and IT support scenarios. 💬 What’s your take?   How is your organization preparing for the rise of AI-driven deepfake social engineering attacks? #vishing #voicecloning #cybersecurity

Deepfakes aren’t a tech story. they’re a trust story A few days ago, a doctor in Hyderabad lost money to a #deepfake video that showed a cabinet minister “endorsing” an investment scheme on #Instagram. If that sounds distant, it isn’t. This is the new fraud funnel: authority, urgency, proof… all manufactured at scale. As #communicators and leaders, we can’t outsource this to compliance or IT. #Trust is now an operational KPI. What we as communicators need to do? •      Treat digital hygiene like fire safety. Run quarterly drills that teach people how fakes travel and how to report them •      Publish an authenticity sheet. List official handles, verified domains, escalation numbers and a simple “how to verify” flow for customers and employees •      Watermark outbound content and adopt content credentials where possible. Make the real easier to prove than the fake is to spread. •      Rewrite influencer and media contracts with an “authenticity clause” and takedown SLAs. If your face or footage is misused, minutes matter. •      Stand up a rapid debunk protocol. Pre-approved copy, visuals, spokespeople and a single public link that carries all corrections. •      Close the platform loop. Nominate a trust lead who keeps warm lines with platform policy teams so your takedown requests don’t start cold. Silence helps the scammer. Clarity helps the vulnerable. What would you add to this deepfake playbook? If you’ve seen a convincing fake lately, share it below and let’s decode why it worked. #digitalsafety #misinformation #brandprotection #reputationmanagement #contentauthenticity #aiethics #factchecking #onlinescams #communications

This morning, I received a call from my mother that shook me to the core. She recounted an incident involving my father and a horrifying scam attempt. It started with a phone call from someone claiming to be from CBI, with a display picture of a police officer adding a false sense of legitimacy. The scammer proceeded to spin a tale of my brother being implicated in a horrible crime, complete with fabricated audio of him in distress. The demand? A hefty sum of money sent immediately via Google Pay to prevent the release of a deepfake video. The panic and fear in my father's voice were palpable as he grappled with the fabricated crisis. It was a close call, with my sister's intervention preventing a potential disaster. But this ordeal highlighted a crucial issue: deepfake scams are real, sophisticated, and can devastate lives. As someone familiar with AI and its capabilities, I understand the dangers posed by deepfakes. However, many of our parents and older generations are not as tech-savvy and are vulnerable to such malicious tactics. It's our responsibility to educate and empower them with knowledge about these scams. Here are a few tips to help protect our loved ones from falling victim to deepfake scams: 1. Stay Informed: Keep yourself updated about the latest scams, including deepfake threats. Knowledge is the first line of defense. 2. Verify Caller Identity: Always verify the identity of callers, especially if they claim to be from official institutions. Don't hesitate to ask for credentials or contact information to verify their legitimacy. 3. Don't Panic: Scammers thrive on creating panic and urgency. Advise your parents to stay calm and think rationally before taking any action. 4. Secure Communication Channels: Encourage the use of secure communication channels for sensitive information, such as encrypted messaging apps or secure video calls. 5. Report Suspicious Activity: If anyone encounters a potential scam, report it immediately to the relevant authorities, such as local law enforcement or scam reporting platforms. Let's come together to spread awareness and protect our loved ones from falling prey to deepfake scams. Our vigilance and proactive measures can make a significant difference in safeguarding against digital threats. Stay safe, stay informed! #ScamAwareness #DeepfakeScams #ProtectYourLovedOnes #DigitalSecurity #StaySafeOnline #TechAwareness #SpreadAwareness

It’s not paranoia if they really are out to get you. And guess what? They are. While you’re busy worrying about VPNs and password policies, scammers are sliding into your employees’ DMs with sweet nothings, fake job offers, and “just one click” crypto deals. Welcome to the trifecta of human-targeted scams: - Romance - Recruitment - Financial fraud They don’t need root access if they’ve already got your heart, your résumé, or your retirement account. Are you protecting your people? Not just their inboxes. Them. Here’s what you’re up against: ❗Deepfake-enabled fraud: $200M lost—in just one quarter of 2025 ❗AI-generated crypto scams: $4.6B stolen in 2024—up 24% ❗Over 50% of leaders admit: no employee training on deepfakes ❗61% of execs: zero protocols for addressing AI-generated threats Companies spend millions locking down endpoints—then leave their employees to get catfished by a deepfake on Tinder. But here’s the good news: you’re not powerless. You just have to stop pretending a phishing test is a strategy (please). Here’s how to actually reduce risk: ✔️Make your training real. Include romance bait, fake recruiters, and deepfake voicemails. If your simulations don’t mirror reality, it’s not training—it’s theater. ✔️Train managers to notice when something’s off. Isolation. Sudden secrecy. Financial stress. These aren’t just HR problems—they’re prime conditions for social engineering. ✔️Build a culture where it’s safe to ask, “Is this sketchy?” If your people feel dumb for asking, they’ll stop asking—and that’s how scams slip through. ✔️Partner with HR. Online exploitation, financial manipulation, digital coercion—these are wellness issues and security issues. Treat them that way. ✔️Empower families, not just employees. Scams often hit home first. Make your materials so good they want to send them to their group chat. Bonus: they’ll bring those healthy habits right back to work. When you protect the human—not just the hardware—you don’t just lower risk. You build trust. And for the record? Paranoia gets a bad rap. Sometimes it’s just pattern recognition. #Cybersecurity #HumanRisk #AIThreats #Deepfake #RomanceScams #AI #RecruitmentFraud #InsiderThreat #Leadership #DigitalWellness #SpycraftForWork

The FBI recently issued a stark warning: AI-generated voice deepfakes are now being used in highly targeted vishing attacks against senior officials and executives. Cybercriminals are combining deepfake audio with smishing (SMS phishing) to convincingly impersonate trusted contacts, tricking victims into sharing sensitive information or transferring funds. This isn’t science fiction. It is happening today. Recent high-profile breaches, such as the Marks & Spencer ransomware attack via a third-party contractor, show how AI-powered social engineering is outpacing traditional defenses. Attackers no longer need to rely on generic phishing emails; they can craft personalized, real-time audio messages that sound just like your colleagues or leaders. How can you protect yourself and your organization? - Pause Before You Act: If you receive an urgent call or message (even if the voice sounds familiar) take a moment to verify the request through a separate communication channel. - Don’t Trust Caller ID Alone: Attackers can spoof phone numbers and voices. Always confirm sensitive requests, especially those involving money or credentials. - Educate and Train: Regularly update your team on the latest social engineering tactics. If your organization is highly targeted, simulated phishing and vishing exercises can help build a culture of skepticism and vigilance. - Use Multi-Factor Authentication (MFA): Even if attackers gain some information, MFA adds an extra layer of protection. - Report Suspicious Activity: Encourage a “see something, say something” culture. Quick reporting can prevent a single incident from escalating into a major breach. AI is transforming the cyber threat landscape. Staying informed, alert, and proactive is our best defense. #Cybersecurity #AI #Deepfakes #SocialEngineering #Vishing #Infosec #Leadership #SecurityAwareness