Beware: The Christmas Voicemail
Scams are everywhere, and the scammers are getting more sophisticated
AI voice cloning technology is incredibly accessible and works well with a small amount of voice data. Many programs can even clone a voice in as little as 10 to 30 seconds or less!
This means that a simple Instagram, TikTok, or Facebook video on your own profile page can be voice cloned by anyone.
This opens the door to a whole new generation of scams.
A recent scam involved an AI-generated voice cloned from a Florida woman named Sharon Brightwell’s daughter. The call featured the victim’s “daughter,” sobbing and claiming she’d caused a car crash that injured a pregnant woman, and that the police were confiscating her phone. A fake “attorney” then demanded $15,000 in bail, instructed her to withdraw cash, put it in a box, and hand it to a driver. A follow-up call tried to push for an additional $30,000.
Other scammers in New York are scraping TikTok and other social media for young people’s voices, then using AI cloning and spoofed phone numbers to impersonate grandchildren calling grandparents in fake emergencies (like arrests or accidents), demanding urgent cash.
Fraudsters are now using scripted and interactive voicebots to conduct targeted attacks. Recent case studies show attackers posing as CEOs or finance chiefs, convincing staff to wire money, disclose claims, or bypass security checks. For example, a UK energy company lost $243,000 after scammers used an AI-generated voice to impersonate its CEO, who claimed to require an urgent transfer of funds to be activated by employees.
Small and mid-sized organizations are more susceptible because they may lack the resources to authenticate each financial request. That said, a larger-sized corporation faces larger risks, as large sums of money are routinely changing hands.
Or one of the newest is the political or NGO scam. You get a personalized voice message from an important political person or famous actor, who directs you to a website that looks legit - maybe a word is misspelled, or the website is a different domain name than the legit one. The need is urgent, and money is donated. You think you donated a hundred bucks and never know the difference. And so it goes.
In a recent Substack article, Sharyl Attkisson details how she became the target of a highly sophisticated scam that used an advanced AI impersonation of President Trump and Chief of Staff Susie Wiles. She explains that scammers reached out pretending to be these prominent political figures and used convincingly crafted messages and audio to make the communication seem authentic. The scheme involved asking her to join the TikTok board while pressuring her for a large upfront payment of $21,500 along with supposed “shares” worth $100,000 of TikTok - which was to be required of all board members. Throughout the interaction, Attkisson felt the manipulation was carefully designed to exploit trust and create a sense of urgency. She notes that the experience was not only unsettling but also representative of a growing trend: AI-powered impersonation scams are becoming more common, more believable, and more invasive. Her account emphasizes that this is not an isolated incident but part of a broader and increasingly dangerous shift in online fraud.
These scams are scalable and likely to grow rapidly. Studies show that even advanced voice-authentication and anti-spoofing systems are vulnerable to specially crafted “adversarial” attacks.
How to Protect Yourself, and Your Loved Ones
Verify with a “code word” or shared secret. If someone calls you claiming to be a loved one in crisis — even if the voice sounds real — ask for a prearranged password or phrase that only they (and you) know.
If you don’t have a code word, and you receive an urgent call, make something up that isn’t real and ask about it. “I need to ask first, did you hear how Uncle Charlie’s operation went?” or “did you make it home ok that other night?” or say, “I need to verify it is you” and ask a personal question that one person would know the answer to.
Call back on another channel: Don’t rely solely on the call number or the voice. Use a previously verified number, or call back through a separate method (text, video call, etc.).
Limit public exposure of voice recordings: Avoid posting videos/audio of you or family members talking on public social media (or restrict privacy). Many scammers harvest voice data from those sources.
Be skeptical of demands for urgent money — especially via wire, gift-cards, or courier: Scammers try to push you into acting before you think. Treat any “urgent emergency — send money now” request with suspicion (especially if they ask to conceal the purpose from the bank).
Do not list family members on the profile page on Facebook or other social media accounts.
Consider making your social media accounts private, rather than public.
Do not play online games that ask for personal information.
Do not answer personal text messages from people or numbers that you don’t know. Often, these take the form of “want to go out to dinner tomorrow?” or something that implies a relationship.
Consider keeping a private email account for friends and family, and another for website activities (such as for sales, accounts, and queries) and public use.
Educate family members (especially elderly or less tech-savvy): These scams disproportionately target people who may be less aware of newer tech like AI-voice cloning.
Like being back at work!
The scams are endless and other than AI help, as noted in Doc's post, nothing new.
First and foremost LE agencies, especially the federal ones do not communicate by text, the IRS, Soc Sec. etc., do not call you. As the Police I had to identify myself and would occasionally be told to pound sand, as the caller did not believe me. If the person was local I could go to their home or send patrol out to knock and politely ask them to take my calls.
All most 100% of the time death or similar notifications (bad crash, involved in a major crime, etc.) are done in person by uniformed police officers,. In 32 years on the job I never did such a notification by phone. Not once. Plenty of calls such as, "Go to 123 Main St., and let Mrs. Smith know she needs to call Ofc. Smedley at XYZ PD as they found her stolen purse, car, cat. etc." Many of these calls are by phone, IF, we (Police) have had contact with this particular resident. COVID did not help as PD's started to do everything remotely and frankly got lazy.
The IRS, Sheriff has a warrant, you better pay us or else calls are fun. Especially when they would call the phone number listed to the PD. Are clerk was rather expert at stringing the caller along and one of my former Chiefs of Police loved to play with the callers as well.
James, Annette and a few others posted about various scams, and were asking how do the scammers get your info? A short list...
Social media. Be careful what you post and who you share with.
Info brokers, legitimate and not so. You can buy a list of CC numbers and pins for not so much money on the dark web and even through facebook. (This may have changed about facebook, but probably not).
Lexus- Nexus, tlo.com (owned now by Trans Union) and others provide HUGE amounts of data on you and yours. Used tlo.com at work and we were allowed to run ourselves just to see how much is out there. Very scary. VERY SCARY. Other than substack I do not use social media and avoid Google and Microsoft as much as possible.
State, county and local records. For example WI Circuit Court Access was a favorite as I could look up bad guys and get BETTER information than an "official" criminal history. This site is also useful for screening boyfriends, apartment tenants, tracking psycho ex girlfriends, etc.
Your own wi-fi or using public wi-fi. "Man in the middle" attacks are easy and we all use public wi-fi whether we realize it or not. Your phone pings it and snitches back to Apple on your whereabouts.
Sound advice in the article Dr.'s Malone.
It’s hard to figure out how these people get so much information on us. 2 months ago I received a letter from capital one bank, I thought it was a credit card application. It had my business name on it which I get pretty frequently. A few days later I opened it, it was a bank statement for an account that I had no idea about. Someone opened an account in my name and my business name. It showed a deposit of 5600 dollars and a withdrawal for 5500. So they gave the person the money and then I guess the check they deposited bounced, so the account showed a negative balance of 5500 dollars. I called the bank asking how could they open an account without a business certificate from the town. They refused to give me any information as usual. Not sure if it hurt my credit, they said it was not my responsibility but I continued to receive letters telling me to deposit money to clear the negative balance. This eventually stopped.
I’ve had so many scams, once I received a letter from the state saying they’re reviewing my claim for unemployment, well I never filed for unemployment. I had my accountant check by my unemployment account with the state and he found 3 people trying to collect on my unemployment account none of which ever worked for me, one guy lived in Florida. More accountant bills, but finally it got resolved. It seems no one ever gets caught, it’s as if they don’t care, they just right it off.