Public urged to create secret passwords with family and friends to avoid AI-generated scams

People should create secret passwords with their family and friends to avoid getting caught out by an AI-generated deepfake impersonating them, a cyber security expert has said.

Cody Barrow, chief executive of cyber security company EclecticIQ and a former US government adviser, said impersonation scams are easier to create in the age of artificial intelligence.

Speaking to the Press Association, Barrow said AI was helping to “lower the barrier to entry” for cyber criminals and extra precautions were needed as a result.

‘”AI is huge. It’s not just hype. It’s very easy to dismiss it as such, but its really not,” he said.

“My wife and I were actually just discussing this – in recent months, we have (created) a secret code that we use that only the real me or the real her would know, so that if one of us ever receives a FaceTime video or WhatsApp video that looks and sounds like us, asking for money, asking for help – something very scary – we can use that code to verify that we’re the right person.

“So the fact that I’m doing that indicates what I think of it, right? I think it’s very real.”

‘Everyone should have a secret password’

The sheer number of data breaches in recent years means the majority of people online will have had their personal details compromised at some point, Barrow said.

He added that creating secret passwords was especially important for older and younger people who may not have the best digital skills.

“Just about every human who’s used a computer or the internet has an old email account that’s been compromised at some stage when they had a non-secure password, which probably most people still do, and that email was compromised and someone stole their contact list,” Barrow said.

“Then from that contact list, it’s not hard to generate malicious tooling that can duplicate the likeness of someone on that list and then send you some sort of scam that makes it look like it’s actually from that person.

“So I very much think everyone should have a secret password.”

‘Human error’ behind M&S breach

The warning follows a number of recent cyber attacks, with Marks and Spencer and the Co-op affected.

M&S said earlier this week that its breach was down to “human error”, with hackers able to gain access to its systems via a third party. The retailer said the hackers used social engineering – human error or misjudgment – in order to do so.

The company said the cyber attack is set to cost it £300m, with the associated disruption expected to continue through to July.

Experts have told Yahoo News UK that cyber attacks on supermarkets are unlikely to stop.

Barrow said it was his view that the M&S hackers were likely to have used the fact they are reportedly native English speakers to help them gain access.

He also warned that people were complacent when it comes to cyber security.

“The landscape that we’re seeing now is that we’re seeing a lot of people are really immunised and used to the security procedures they have to follow,” he said.

“They’re used to having to enter their phone authenticator code and do all the prompts. And so it was relatively trivial for this threat actor, which speaks native English, to really trick people into going through those motions and abusing multi-factor authentication to get into these outlets.”