You need a safe word CSIRO data experts say to avoid scammers and deepfakes

Cosmos Magazine

Cosmos

Cosmos is a quarterly science magazine. We aim to inspire curiosity in ‘The Science of Everything’ and make the world of science accessible to everyone.

By Cosmos

In an age where misinformation and deepfakes blur the lines between fact and fiction, identifying scams has never been more challenging. Falling for a scam can have devastating social, financial, and personal consequences. Over the past year, victims of cybercrime reported losing an average of $30,700 per incident.

As Christmas and Boxing Day approach, shoppers face heightened risks, particularly millennials and Gen Z consumers. In the U.S., one in five people have unknowingly purchased a product promoted by deepfake celebrity endorsements. This figure climbs to one in three among those aged 18-34.

Sharif Abuadbba, deepfake expert in CSIRO’s Data61 team, the data and digital specialist arm of the national science agency, highlighted how technology like AI has made deception easier than ever.

“Scammers can quickly and easily create imitations of popular social media influencers. Deepfakes can manipulate a person’s voice, gaze, mouth, expressions, pauses – basically putting words in their mouth that they’ve never said,” Abuadbba says.

“On social media, attackers rely on the viewers believing fake content and sharing it widely.”

You might think you have nothing valuable for a hacker to steal. However, cybercriminals often exploit individuals as gateways to larger targets, including family members, friends or organisations. Identity fraud can also severely damage your professional relationships and reputation with financial services.

As technology becomes more integral to our daily lives, how can we protect ourselves and those we care about from these cyber threats? Here are five expert tips:

1) Have a family safe word

Scammers are increasingly using texts, calls and even video to impersonate loved ones and request money. With AI voice cloning on the rise, these schemes are becoming more and more believable.

Jamie Rossato, CSIRO Chief Information Security Officer, advises setting up a pre-agreed safe word to verify who you’re speaking to. This word should remain private and not be easily discovered through social media or other online sources.

“Use this proactively, rather than waiting until you are suspicious,” Jamie said.

“If my children asked me for money, unless they said our special safe word, I would never transfer funds to them.”

2) Don’t be afraid to hang up

With advances in voice-spoofing technology, fraudsters can convincingly mimic organisations like banks to steal money. Lauren Ferro, Human-centric Security Research Scientist with the Data61 team, recommends verifying caller identities before sharing any information.

“If something seems a bit off, hang up and call the organisation directly using their official number, or go and visit them in person,” Ferro advised.

“They would prefer you to be cautious. It’s far easier to address concerns up front that to recover stolen money or repair reputational damage later.”

3) Enable multi-factor authentication

Identity fraud is the most common self-reported cybercrime this year, making it crucial to protect your personal data online. For example, private or sensitive information stored with Medicare and government accounts.

One effective method to protect your account is enabling multi-factor authentication (MFA) to log in. MFA requires a password and a one-time verification code. Often this is sent as a text message, but Ferrato suggests using authentication apps like Microsoft Authenticator for added security.

“One of the benefits of app-based authenticators is they often use biometric controls, such as face ID or thumbprints to get into the app, before you get to the actual code itself,” Rossato says.

“This creates an extra layer of protection beyond SMS codes.”

4) Turn on banking push notifications

With most people using card and online payments, staying informed about your transactions can help you detect scams. While banks monitor suspicious activity, scammers can bypass these measures by mimicking your usual spending patterns.

Enabling real-time notifications through your banking app allows you to track transactions immediately, adding another layer of security.

5) Be aware of what you are sharing online

Most of us have an online and social media presence, but the photos, videos and information we share can be exploited. These assets can train deepfakes, which, once created and shared, are difficult to detect and remove.

Liming Zhu, Research Director in Data61 stresses the importance of being mindful of what we share online and who can access it. This is especially critical for children.

6) Education is your best form of protection

Ultimately, awareness and proactive protection are key to staying safe online. Educating yourself about cybersecurity is your first line of defence against scams.

Learn more about Australia’s cyber security research 

This article was written by Kerisha Parkes and was originally published by CSIRO, Australia’s national science agency. Read the original article.

More and more people falling victim to deepfakes

Sign up to our weekly newsletter

Please login to favourite this article.