Defend Yourself against AI Impostor Scams with a Safe Word

By Ben Guarino

The most common fraud in the U.S. over the past year was the impostor scam. More than 856,000 instances, collectively draining $2.7 billion nationwide, were reported to the Federal Trade Commission in 2023. First, swindlers fake familiarity or authority—maybe by stealing the identity of a friend or relative or claiming to be a bank representative or a federal agent. Then, in that guise, they call, text or e-mail you and attempt to take your money.

And now artificial intelligence has larded these scams with an additional layer of duplicity: inexpensive voice-cloning services that an impersonator can easily abuse to make deceptive—and astonishingly convincing—phone calls in another person’s voice. These AI tools digest speech samples (perhaps snatched from videos posted online or from a supposedly “wrong number” phone call) and generate audio replicas of the stolen voice that can be manipulated to say basically anything.

If there were a golden rule to thwart AI-infused phone scams, it might be something like this: Online or on the phone, treat your family members and friends as though they were an e-mail log-in page. Make up a passcode—a safe word or private phrase—and share it with them in person. Memorize it. If they call you in alarm or under unusual pressure, especially if those concerns are connected to requests for money, ask for the code to verify who is on the other end of the line.

---

On supporting science journalism

If you’re enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.

---

Adopting a computerlike countermeasure for a problem enabled by computer algorithms is admittedly an unnatural practice. It is a human impulse to trust a family member’s voice, said Jennifer DeStefano, a target of an attempted scam, to a Senate judiciary subcommittee last June. Perpetrators had called her phone, claimed her then 15-year-old daughter was kidnapped and demanded a ransom. The plot fell apart when DeStefano learned her child was safe on a ski trip—but only after DeStefano had at first been thoroughly deceived by an AI mimic of her daughter’s voice. “How many times has a loved one reached out to you in despair and you stopped them to validate their identity?” she wrote in her testimony. “The answer is, more than likely, never.”

Using a verbal password or code phrase may simply be the most straightforward way to combat AI voice scams. “I like the code word idea because it is simple and, assuming the callers have the clarity of mind to remember to ask, nontrivial to subvert,” says Hany Farid, a professor at the University of California, Berkeley, who has studied audio deepfakes. “Right now there is no other obvious way to know that the person you are talking to is who they say they are.” Farid and his wife have a code word. His pro tip: “Ask each other what the code is every once in a while—because unlike a [computer] password, we don’t use the code word very often, so it is easy to forget.”

With scam fears and dangers becoming such a prominent part of technology news, many of the staff at Scientific American have established safe words, too. Here’s what some of our editors had to say about choosing a memorable and efficient code:

My family has had an all-purpose code word since I was a kid. It was originally developed to keep me from being kidnapped in the car line in elementary school, though I don’t think we ever had to use it. The idea was that if someone showed up to pick me up claiming that they were sent by my parents, I should ask them for the code word. Nowadays the code word mostly exists to make sure my parents don’t get scammed by someone pretending to be me. —Allison Parshall, associate news editor

Establishing a code word with my parents was fairly easy—we had one from middle and high school that was easy to reuse. It was harder to coordinate one with my partner. For each suggestion, he provided an imaginary situation in which hostage-takers could use the word without even knowing its secret meaning. We’re still working to find one that’s foolproof. In the meantime, I’m reminding friends and family that, when in doubt, driving in person to the bank or the police department is more reliable than trusting a voice over the phone claiming to work for either place! —Arminda Downey-Mavromatis, associate engagement editor

My wife and I settled on a pet name that one of us has for the other that was historically reserved for when we’re being twee and annoying (and now, I guess, vigilant). With my brother—because I do not have a cutesy nickname for him—our defense is rooted in the fact we’re never far from our phone. I generated a QR code that we both linked to a one-time password authenticator app. One of us begins the challenge by asking, “Hey, buddy, what’s your number?” The correct answer is the first three digits of the six-digit code displayed in the authenticator app. Then the original challenger reads out the last three numbers. A match is a strong indicator that all parties involved are who they say. —Ben Guarino, associate editor, technology

After reading a scary article about these scams, I contacted my parents and my sister, and we all agreed on a code word based on a funny family lore story about my dad’s childhood. Hopefully we’ll be able to remember it if someone ever tries to ensnare us in one of these! —Clara Moskowitz, senior editor, space and physics

For a while now, I’ve been worried about scammers using generative AI to mimic my or a family member’s voice to scam us out of our money. So when news stories started to confirm that this was actually happening, I told my family that we should make a code word or phrase that we could use to know it was really us. I suggested a question-and-answer pair based on something only our family would know, and one of my family members immediately blurted out the answer in a group text, necessitating a new one. That kicked off a thread where we proceeded to list different family memories and in-jokes, some of which even we didn’t know the answer to! It was a fun trip down memory lane. —Tanya Lewis, senior editor, health and medicine

I’ve spent a day with the Rabbit R1, and to say that I was underwhelmed would be an understatement. In fact, I was surprised at how little it offers at the moment, and even from what it offers, what a poor job it does at that. According to the CEO Jesse Lyu, the R1 is “the worst this technology will ever be,” which is kind of the nature of technology but not a great selling point—especially when you’re charging 200 bucks for it. If I were to streamline my thoughts on this device, these are the 10 things that left me considerably unimpressed.

1. It’s half-baked at best

This has been the most common complaint about the R1 so far: it is an unfinished, half-baked device. You get a bunch of painfully basic, AI chatbot-like features, and all the exciting stuff is promised for later this year. This includes teaching the R1 actions that it will be able to generalize for various applications and a teach mode that will allow users to create personalized agents to handle specific tasks.

The company has been transparent about this and the CEO admits that the device “is in a very early stage”. Considering we’re required to pay full price for an incomplete product, this is less than ideal.

At the moment, the R1 isn’t even close to providing value that’s worth the price. Paying this amount for a gadget that is only able to tell you about the weather and play a song is ridiculous. It’s apparent that we’re simply the Rabbit’s guinea pigs here beta testing their debut product for them.

2. A very strange app menu

There are four apps you can use on the R1 out of the box: Spotify, Uber, DoorDash, and Midjourney. The app selection didn’t excite me because I use Lyft and Uber Eats for my rides and food deliveries. My coworker, Kyle, uses Seamless to order food and he wasn’t too happy about the app menu, either. I also find the inclusion of Midjourney pointless and a very random attempt at making the device as AI-heavy as possible.

3. Too many mess-ups

I may have forgiven the R1 for its limited app menu (considering more options are allegedly on the way) if the apps at least worked. Uber got both my pickup and drop-off location completely wrong the first time but worked on the second attempt. For something like calling a ride, I wouldn’t want to trust a product with a 50% success rate. And if I have to double-check the R1 to see if it got everything right, I might as well use my phone for the job.

This gadget’s overarching aim is to “save you time” and minimize the taps on your phone by “eliminating the need to navigate multiple apps.” But with the current number of glitches and the things it hallucinates out of nowhere, it’s actually wasting my time.

Spotify was a complete mess. It would sometimes acknowledge my command to play a specific song but still not play anything, and would also often completely ignore my repeated requests to pause playback. It constantly got song and artists’ names wrong and played Josh Levine when I asked for Avril Lavigne.

The biggest disappointment was that it completely failed to recognize my personal Spotify account even though I was logged in via the Rabbithole. I asked it to play a song from my playlist titled ‘paki’ and it started playing a random Nusrat Fateh Ali Khan song with the word ‘Pakistan’ in it.

4. Woefully average Vision feature

The Rabbit Eye-enabled Vision feature is pretty bare-bones as is. You point the camera at something and the R1 can tell you what it is. It’s a feature we’ve had for years on Google Lens. Except, it was average at best at that, too. It got some queries completely wrong and other answers were very vague.

It confidently labeled my colleague’s black shirt ‘red’. The response to another question wasn’t incorrect but vague to the point of being useless; he was expecting an exact name for a brand of shoe.

5. Mediocre translation feature

The R1 allows bidirectional translation between an impressive number of languages but I wouldn’t trust its translation capabilities in a situation when I’d actually need them. They’re unreliable and often inaccurate. It did a passable job with Urdu and Arabic but stuttered a lot with Hindi. Again, Google Translate exists and is free, so the middling translation abilities of the R1 didn’t impress me.

6. Poor location services

I should have guessed this device has no idea where I am when I asked for a weather update and it gave me the weather report for Anaheim, California (I’m in Manhattan). It did eventually get it right but I could have spent half that time checking the weather app on my phone.

Though the R1 boasts GPS services, it got my zip code completely wrong upon asking. I corrected it and it apologized for the error, but still recommended a Starbucks in Indiana when I asked for the closest one.

7. Connection drops with RabbitOS

I was often asked to wait after making a request because of an unexplained connection drop with RabbitOS. The R1 would take a while, tell me it’s working on reestablishing the connection, and then get back to my request. This could be fixed with the next software update, but it’s pretty bothersome.

8. Incredibly short battery life

The 1,000 mAh battery on this device lasts around five to six hours and takes an hour to recharge. Even with the recent software update that slightly improved idle battery performance, I don’t see this gadget as something that could be my all-day pocket companion. It went down by 6% when it was just on standby for two and a half hours.

9. Your sim service is the subscription fee

The folks at Rabbit made sure to reiterate multiple times that, unlike the AI Pin, there’s no monthly subscription fee on the R1. But you still need cellular service (along with Wi-Fi) to operate it. So you’re still technically paying a monthly fee to be able to use this device. The monthly expense on the AI Pin is $24, and getting another phone line for the R1 is going to cost you roughly the same.

10. Not as context-intelligent as advertised

The demo video showed Rabbit’s CEO asking the R1 to play a song, and then asking it to play “another song from the same album.” The device’s memory and the ability to understand context were the main capabilities being marketed here. I tried the exact same prompts countless times. It couldn’t get it right even on one attempt. Half of the time, it played a completely random song, and on other occasions, it asked me what album I was talking about.