Key points
- Scammers are leveraging sophisticated tools like AI and deepfakes to deceive and exploit people.
- Victims can lose large sums of money, as well as their online identity and reputation.
- Our cybersecurity experts share their essential tips for staying cybersafe.
In an age where misinformation and deepfakes blur the lines between fact and fiction, identifying scams has never been more challenging. Falling for a scam can have devastating social, financial, and personal consequences. Over the past year, victims of cybercrime reported losing an average of $30,700 per incident.
As Christmas and Boxing Day approach, shoppers face heightened risks, particularly millennials and Gen Z consumers. In the U.S., one in five people have unknowingly purchased a product promoted by deepfake celebrity endorsements. This figure climbs to one in three among those aged 18-34.
Sharif Abuadbba, deepfake expert in our Data61 team, highlighted how technology like AI has made deception easier than ever.
"Scammers can quickly and easily create imitations of popular social media influencers. Deepfakes can manipulate a person's voice, gaze, mouth, expressions, pauses – basically putting words in their mouth that they’ve never said,” Sharif said.
“On social media, attackers rely on the viewers believing fake content and sharing it widely,” he added
You might think you have nothing valuable for a hacker to steal. However, cybercriminals often exploit individuals as gateways to larger targets, including family members, friends or organisations. Identity fraud can also severely damage your professional relationships and reputation with financial services.
As technology becomes more integral to our daily lives, how can we protect ourselves and those we care about from these cyber threats? Here are five expert tips:
1) Have a family safe word
Scammers are increasingly using texts, calls and even video to impersonate loved ones and request money. With AI voice cloning on the rise, these schemes are becoming more and more believable.
Jamie Rossato, our Chief Information Security Officer, advises setting up a pre-agreed safe word to verify who you’re speaking to. This word should remain private and not be easily discovered through social media or other online sources.
“Use this proactively, rather than waiting until you are suspicious,” Jamie said.
“If my children asked me for money, unless they said our special safe word, I would never transfer funds to them.”
2) Don’t be afraid to hang up
With advances in voice-spoofing technology, fraudsters can convincingly mimic organisations like banks to steal money. Lauren Ferro, Human-centric Security Research Scientist with our Data61 team, recommends verifying caller identities before sharing any information.
“If something seems a bit off, hang up and call the organisation directly using their official number, or go and visit them in person,” Lauren advised.
“They would prefer you to be cautious. It's far easier to address concerns up front that to recover stolen money or repair reputational damage later."
3) Enable multi-factor authentication
Identity fraud is the most common self-reported cybercrime this year, making it crucial to protect your personal data online. For example, private or sensitive information stored with Medicare and government accounts.
One effective method to protect your account is enabling multi-factor authentication (MFA) to log in. MFA requires a password and a one-time verification code. Often this is sent as a text message, but Jamie suggests using authentication apps like Microsoft Authenticator for added security.
“One of the benefits of app-based authenticators is they often use biometric controls, such as face ID or thumbprints to get into the app, before you get to the actual code itself,” Jamie explained.
“This creates an extra layer of protection beyond SMS codes.”
4) Turn on banking push notifications
With most people using card and online payments, staying informed about your transactions can help you detect scams. While banks monitor suspicious activity, scammers can bypass these measures by mimicking your usual spending patterns.
Enabling real-time notifications through your banking app allows you to track transactions immediately, adding another layer of security.
5) Be aware of what you are sharing online
Most of us have an online and social media presence, but the photos, videos and information we share can be exploited. These assets can train deepfakes, which, once created and shared, are difficult to detect and remove.
Liming Zhu, Research Director in our Data61 team, stresses the importance of being mindful of what we share online and who can access it. This is especially critical for children.
Deepfake Dangers: The Rise of Unauthorized and Harmful AI-Generated Content. In 2020, 100,000 deepfake nude images of women were created without their consent or knowledge. Source: Homeland Security Report 'Increasing Threats of Deepfake Identities", 2021. In 1 month, in 2024, 3,500+ AI-generate child sexual abuse material (CSAM) images and video were found on the dark web. Source: NBC News, "More AI-generated child sex abuse material is being posted online", July 2024. U.K-based Internet Watch Foundation (IWF)
Education is your best form of protection
Ultimately, awareness and proactive protection are key to staying safe online. Educating yourself about cybersecurity is your first line of defence against scams.
For more expert cybersecurity insights, watch our latest ‘Ask Me Anything’ webinar.