What is an AI Safe Word, and why do you need one?
Criminals are using GenAI to clone the voices of your loved ones to swindle you out of money. Here's what you can do to stop it
Before we dive into this week’s post, a quick question. I’m considering launching a podcast for Byte-Sized Ethics. It will likely launch as an interview podcast with folks in and around the Responsible AI and Tech space. Podcasts are a lot of work, so I want to make sure that its something you all would find valuable.
Did you know that AI can create audio? I don't just mean Siri or Alexa talking to you either. GenAI can actually clone your voice, and speak sounding exactly like you. Imagine an automated voice system that sounds exactly like your mother, for example. Companies like ElevenLabs and Microsoft VALL-E provide AI software capable of cloning your voice based on just a snippet of audio, sometimes as little as three seconds!Â
While there are great, responsible applications of this tech, there are also not-so-responsible applications--like the cybercriminals who use this voice cloning technology to scam folks out of money.Â
It works like this: a cybercriminal will find a short snippet of audio of your friend or family member, either from a traditional spam call, TikTok video, or Instagram--anywhere they can. They'll use that audio and software like ElevenLabs to create a voice clone. Then, they'll use that voice clone to call you and create a crisis to say they need money. You, thinking it is actually your friend or loved one will send the money because it sounds just like them, completing the scam.Â
It's terrifying. For decades, we've known synthetic voices to be flat, emotionless, and a little weird sounding. But now, AI has taken us to the point that it can seamlessly simulate the voices of those closest to you.Â
How do you protect yourself and your family from being scammed by synthetic voices who sound just like friends and loved ones? You pick a safe word.Â
What's a Safe Word?Â
A safe word is a word or phrase that you and your loved ones choose that you can ask if you are suspicious about whether you are being scammed with an AI-cloned voice. Because the scammer wouldn't know the word or phrase when you asked for the safe word they wouldn't be able to answer correctly ... if at all. So you would know you weren't talking to your actual friend or loved one at that point.Â
You've probably heard of "Multi-factor Authentication" or "2-factor Authentication" in some web apps you use. The principle is the same here - adding a safe word gives you multi-factor authentication in meatspace!Â
How to Pick a Safe Word
We've established that a safe word is a good thing to have and that it's based on solid principles of cybersecurity for multi-factor authentication. So now how do you pick one? Follow these simple steps:Â
1. Pick something easy for you and your loved one to rememberÂ
You don't want to be on the phone and forget your safe word in an urgent situation. Think of something you'll both recognize instantly and can remember with little effort.Â
2. But not something easy to guessÂ
The safe word functions a lot like a password, so the "easy to remember, hard to guess" best practices from passwords apply to safe words as well. Use inside jokes, or intimate memories that are deeply meaningful for both of you, but don't mean much to anyone else.Â
3. Better to have unique safe words for each person
This gets unwieldy fast if you have a lot of folks you want to set up safe words with. Having twenty unique safe words to remember is a lot. Be intentional with whom you set up safewords, and potentially group them together. You probably don't need a safe word with Jacob from sales, but you probably do with your bestie. For immediate family, you likely don't need individual safe words for each member of the family. You could have a single word for the whole family.Â
4. Don't overthink it and keep it Simple
It's easy to go overboard and come up with convoluted systems of safe words in different circumstances. Keep it simple. The simpler it is, the easier it will be for you to remember in the heat of the moment.Â
Bonus Advice
Trust, but Verify - If you get a call from a loved one saying they need money from an unknown number, put them on hold and call them back on their normal phone number or shoot them a text. They might say that their phone is dead or lost, but it doesn't hurt anything to verify that.Â
Make it a habit to ask for the safe word even when you aren't suspicious. This helps move the anxiety about asking for it and helps keep it top of mind
If you are worried about remembering your safe words, use a tool like Bitwarden to take notes and store them securely (along with the rest of your passwords).
Safe words won’t solve all the challenges here, but its a low-effort way to provide some protection and peace of mind. What other suggestions do you have for dealing with this new challenge?
Thanks for sharing this Andy! This isn’t something I had really thought about before but I think it’ll be super important going forward as this type of deception becomes more common.