How to Protect Yourself Against AI-Powered Scams

As scams become more sophisticated with AI-generated voices and messages, simple strategies such as verification challenges and safe words can make a big difference. Here are some tips and  a deep dive into using safe words.

Report Suspicious Calls
If you receive a suspicious call, trust your instincts, it’s ok to say no and hang up. Report suspicious calls to IT Support. Never share your passwords or verification codes over the phone. Legitimate organisations and government agencies will never ask for passwords.

Double-check Who’s Calling
Always double-check who’s calling by using official contact details, or verify by asking a personal question (eg what car do you drive?) if you suspect they are impersonating a colleague or friend. Don’t rely on the number they give you or what shows on caller ID.

Don’t Share Passwords
Never share your passwords or verification codes over the phone. Legitimate organisations and government agencies will never ask for passwords.

Use a Safe Word
Safe words are a simple and effective way to stop scams that use AI-generated voices or messages. Let’s explain how to use safe words to protect your organisation, friends and family from vishing, smishing, and other impersonation attacks. 

What Is a Safe Word? 

A safe word is a pre-agreed code or phrase used to confirm a person’s identity during sensitive conversations or transactions. It’s like a verbal password. 

Use it for: 

  • Verifying identity in phone and video calls 
  • Confirming identity in texts or messages 
  • Authorising financial or data-related actions 

Why Are Safe Words Important Now? 

AI scams are getting harder to detect. 

  • AI can clone voices with just a few seconds of audio. 
  • Fake texts and emails can copy writing styles. 
  • These scams create a false sense of urgency or familiarity. 

A safe word adds a human layer of protection that AI can’t replicate. 

Check out week two of our Cyber Awareness Month toolkit for more information and an example of AI generated Vishing  

When to Use Safe Words 

Use safe words in situations like: 

  • Password resets over the phone 
  • Financial approvals or invoice payments 
  • Login or MFA code requests 
  • Any unusual request from a manager or executive 

How to Set Up a Safe Word System 

  1. Choose something unique and private. 
    Avoid anything listed on social media or known outside the team. 
  1. Agree on when to use it. 
    Decide which situations require a safe word (e.g., financial or access-related). 
  1. Keep it offline. 
    Never send the safe word through the same channel as the request. 
  1. Update it regularly. 
    Treat it like a password - change it if compromised or after a set period. 

Real Example: How a Safe Word Stopped a Scam 

An attacker used AI to mimic the CEO of Ferrari’s voice over WhatsApp calls and requested an executive’s assistance with something important. 
The executive asked for the title of the book the CEO had recommended to him last week. 
The attacker hung up.

Result: scam avoided. 

Make Safe Words Part of Company Policy 

Add safe word use to your: 

  • Remote work and BYOD policies 
  • Password reset procedures 
  • Phishing and vishing simulations 
  • IT and Access requests 

Safe words are a simple way to prevent high-risk scams, especially those using generative AI. 
They work best when: 

  • Used for sensitive requests 
  • Agreed upon in advance 
  • Paired with standard verification steps 

Need help implementing this? 
Contact the Phriendly Phishing team for training and tools that make your staff a strong first line of defence. 

Here at Phriendly Phishing, we pride ourselves on staying ahead of the curve by always adding new, relevant, and localised content for our learners.
Discover how Phriendly Phishing can help protect your business and employees from the ever-growing threat of phishing attacks and data breaches.

Tell us what you thought of the material by completing a quick survey.