Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it’s investigating the financials of Elon Musk’s pro-Trump PAC or producing our latest documentary, ‘The A Word’, which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Read more
Experts have issued advice on how to combat increasingly sophisticated AI impersonation scams.
Cybersecurity expert Cody Barrow recommends establishing secret passwords with close contacts.
Barrow, chief executive of cybersecurity firm EclecticIQ and a former advisor to the US government, warns that the rise of readily available AI technology has simplified the creation of convincing deepfakes, making it easier for malicious actors to impersonate loved ones.
By creating and using shared secret phrases or passwords, individuals can quickly verify the authenticity of the person they are communicating with, adding a vital layer of security against potential fraud.
He told the PA news agency that AI was helping to “lower the barrier to entry” for cybercriminals, and extra precautions beyond basic online security were needed to combat it.
“AI is huge. It’s not just hype. It’s very easy to dismiss it as such, but it’s really not,” Mr Barrow said.
“My wife and I were actually just discussing this – in recent months, we have (created) a secret code that we use that only the real me or the real her would know, so that if one of us ever receives a FaceTime video or WhatsApp video that looks and sounds like us, asking for money, asking for help – something very scary – we can use that code to verify that we’re the right person.
“So the fact that I’m doing that indicates what I think of it, right? I think it’s very real.
“We will see that it is much easier to generate deepfakes to fool people, to write phishing emails that look real. So I think it does lower the barrier to entry. It may also open the door to non-English speaking threat actors.”
open image in gallery
The Payment Systems Regulator has seen evidence indicating that more consumers have been protected following the launch of a mandatory APP fraud reimbursement code (PA) (PA Archive)
Mr Barrow added that such an approach was necessary because the sheer number of data breaches in recent years meant the majority of people online would have had their personal details compromised at some point, so additional security was needed.
He said creating secret passwords among friends and family was especially important for older and younger users who may not have the best digital skills.
Mr Barrow added: “It may sound dramatic here in May 2025, but I’m quite confident that within a number of years, if not months, people will look back and say, absolutely yes, I should have done that, and I do think everyone should do it, especially if you have either more elderly family members or younger family members – because we have a lot of younger people who don’t actually understand this stuff either.
“Just about every human who’s used a computer or the internet has an old email account that’s been compromised at some stage when they had a non-secure password, which probably most people still do, and that email was compromised and someone stole their contact list.
“Then from that contact list, it’s not hard to generate malicious tooling that can duplicate the likeness of someone on that list and then send you some sort of scam that makes it look like it’s actually from that person.
“So I very much think everyone should have a secret password.”
open image in gallery
The public should create secret passwords with their family and friends to help them identify whether they are really interacting with them or an AI-generated deepfake impersonating them, a cyber security expert has said (Peter Byrne/PA Wire)
Mr Barrow’s warning comes in the wake of a string of cyber attacks on UK retailers, including Marks and Spencer and the Co-op.
Earlier this week, M&S said its breach had been caused by “human error” after hackers were able to gain access via a third party, after using social engineering – human error or misjudgment – in order to get into the retailer’s systems.
Mr Barrow said that the hackers in this attack were likely to have taken advantage of the fact they are reportedly native English speakers to help scam their way into M&S’s systems.
But he also warned that predictable security set-ups, such as using two-factor authentication, may have also aided the cybercriminals in creating a realistic looking scam.
“The landscape that we’re seeing now is that we’re seeing a lot of people are really immunised and used to the security procedures they have to follow,” he said.
“They’re used to having to enter their phone authenticator code and do all the prompts. And so it was relatively trivial for this threat actor, which speaks native English, to really trick people into going through those motions and abusing multi-factor authentication to get into these outlets.”
