Ask HN: How to protect old parents from evolving AI based scams?
With AI advancement and deepfake/voice cloning becoming so realistic and cheap - We can't really train our non-tech parents to be wary of every threat actor in this evolving space. How is everyone solving this for their retired parents? Are there companies which do insurance/protection services against such scams - because AFAIK banks don't help in such cases where someone made you lets say give a OTP/password and got your money transferred out. > in such cases where someone made you lets say give a OTP/password and got your money transferred out. An easy prevention against this is to remind everyone to never, ever disclose personal details over the phone. Especially when someone else, even a loved one, solicits you for them. This was a problem pre-AI, it will get worse post-AI, but the general mistake is still avoidable. Teach people what to avoid and they will avoid it accordingly. Recently someone I know got a call where they mimicked their child's voice using AI and asked them to send immediate money otherwise child will be in danger. This has got me into thinking - my parents would also do the same for me/ and everyone's would-- add deepfake into it -- how the fuck we are support to assume people won't give emotional response? forget about personal details, people who care about you can might directly do a transfer. > my parents would also do the same for me/ and everyone's would Mine wouldn't? That's an obvious phone scam, they would call me directly before wiring $500 to some unproven weirdo over the phone. > how the fuck we are support to assume people won't give emotional response? For the same reason you assume people won't immediately become greedy when a Nigerian Prince emails them about an excellent opportunity to earn a few million dollars. Common sense has to play a part or else you're going to be manipulated with or without AI. The same attack used to get SMS 2fa tokens can be used to capture incoming calls from your parents or grand parents. How is calling "you" going to protect you? So my grandparents call me, get their call intercepted by a malicious MITM. The worst-case scenario! My AI counterpart is screaming over the line, saying that my legs are only moments away from being sawed off by the mysterious phone-operator that would only identify himself as "the Butcher". They ask me what my middle name is, and my AI counterpart stops. 10-15 seconds go by, with the halloween chain-rattling CD spinning away in the background. The AI answers correctly in stunted breath, and my grandparents hang up so they can move on with their day. They've been getting calls like this for the past 30 years trying to convince them a family member desperately needs their Social Security number over the landline. If they fall for an AI-generated voice from an unknown caller I'd be genuinely surprised. These are decades-old social engineering scripts, people. Suggest that they trust nobody. Ordinary folks don’t have the expertise to track down phishing emails, and most certainly, malicious links anywhere. Ask a techie? I offer that for family and friends. As for voice fakes, these are wicked. Some have suggested using a secret codeword with relatives who might be faked for ransom demands etc. I don’t even want to click on the “personalized” URL that my auto service provider sends, as that might encourage the salespeople. But they hide the tracking URL. If it takes hovering over every URL for a hardened techie like me, pity the average person. Thinking about a home proxy box to sanitize things. ISP’s won’t do it because they are in on the scams (IMO) and outside and AV services cost to do a nontrivial job. Have been thinking about this for some time. Has to be dead-simple, bulletproof and zero-maintenance. Not much to ask? Why are you considering your parents as some sort of special case? Your question is equally appropriate regarding anyone of any age. In any case, I would advise everyone (including your parents) to have a safe word/phrase such that everyone knows that if that word or phrase is not used in a important communication, then it isn't really from them. Beyond that, the usual safety rules apply: never click on links, never talk to businesses if they call you (look up their number and call them back if it seems important), etc. So, my reasoning is little stupid but it goes like this. I am in my 30s. Let's say if I lose all my money in a scam also - I have time to earn it back and still make it back. Whereas our elders (parents are 60+) who have savings and rely on their savings and can't really earn now - and also have lot of medical bills to pay with their age ==== for them it's like one-shot ending right? That's why I considered them as special case. That's not stupid reasoning, and I don't know you or your parents. But in the short snippet you wrote, I was interpreting your question as being based on the supposition that your parents are somehow too naive or inexperienced to understand and protect themselves. That's the part that I question. Particularly since the answer to your question is no different than if you asked the question about anybody of any age. I guess I need to tell them to not even send any personal detail / bank detail to anyone including me. I sort of felt like may be there is a better solution than just trusting them to follow this. Like we have insurance for death kind of scenarios and medical insurance.. some sort of systematic protection would have been better. Shit, how do I protect myself from evolving AI-based scams? I'm middle-aged and not in the IT industry anymore, and scams like the Booking.com (I think it was?) one where the scammers were able to send valid emails almost got me already. That's also a fear I have. But having grown up on internet it helps in adjusting to these changes fast. Secondly, I got a degree in CS and been a developer for a decade so yeah I know a video can be a deepfake instinctively. It's harder to scam us than a generation who retired already when deepfake/deepvoicecloning arrived and may be never had a CS exposure.