This deep fake scam imitated her son's voice perfectly. How to protect yourself from becoming a victim this holiday season

She needed to send the money to Quebec, which was especially curious seeing as she lives in a small town in northern New Brunswick and her son lives just outside Halifax. Fitzpatrick knew right away that it was a scam, but the detail with which it was executed took him aback. 

“I’d like to think I’m pretty security-aware, but again, they had my voice and they had my mom’s name,” Fitzpatrick, 39, says, now a few months removed from the experience.

Though he was able to stop her from sending anything to anyone, the fact that she could be targeted so specifically and convincingly was alarming. 

Falling for scams has never been easier. In 2022, Canadians lost more than $58 million to spear phishing scams, which are a form of scam that target individuals with specific names, events or pieces of information, according to the Canadian Anti-Fraud Centre — in other words, highly personalized cyberattacks that can come via text message, email or by phone. In 2023 alone, Canadians lost a staggering $567 million to fraud — an increase of $37 million from 2022 and $187 million since 2021.

Ali Dehghantanha, a professor of cybersecurity and threat intelligence at the University of Guelph and the founding director of the Cyber Science Lab, says even seasoned tech professionals fall for generative AI-driven email scams and fake links. With AI-assisted scams increasingly prevalent online, the days of being able to easily recognize scam emails by finding obvious typos and poor formatting are all but over. 

Still, there are ways to keep things locked down as the busy holiday shopping season ramps up. Experts say that using two-factor authentication, taking a moment to verify the legitimacy of transactions, and using “safe” words to distinguish between family members and fraudsters can keep your data safe from malicious online actors this holiday season. 

Two-factor authentication: Twice as nice 

Ivo Wiens, field chief technology officer of cybersecurity at CDW Canada, advises using two-factor authentication whenever possible as an extra layer of security when banking and shopping online. Two-factor authentication — sometimes stylized as “2FA” — can be set up within banking and finance apps or through external apps like Google Authenticator or Duo; it prompts you for a one-time verification code to make sure it’s really you trying to log in to your account.

“It’s like having a lock and an alarm system on your house,” Wiens says. “Think of that (as) the equivalent for your digital accounts.”

It may be annoying — and slow down the snappy pace you’re used to when shopping — but an ounce of prevention is worth a pound of cure, especially when it comes to making financial transactions online.

If you can’t get two-factor authentication enabled on banks and other accounts, Dehghantanha recommends any form of SMS or text message alerts to make sure that you catch any fraudulent charges or entries the moment they come across your account’s dashboard. At the very least, it’ll help develop a habit of checking (and rechecking) all transactions. 

“If your bank is not offering that, at least enable notifications — whether it’s SMS or app notifications — from your bank for every single purchase,” Dehghantanha adds, which can be done through the notifications settings in various banking and finance apps.

Stay safe with a safe word

Perhaps less obviously, Wiens recommends having a “safe” word to use with family to quickly determine whether you’re actually speaking with a member of your family. AI-driven impostor scams like the one that targeted Fitzpatrick’s mother are becoming increasingly common, he says, and having quick and clear checks that can help identify fake voices, doctored video and look-alike profiles can be a game-changer. 

“This helps spot the scammers pretending to be family members,” Wiens says. “Having that word that you share as a family, the family secret word that you can call out for when this is happening.”

Making sure you’re speaking to a real family member is even more important amid a rise in identity theft. As a result, it may be worth it to invest in identity monitoring — services that scan the web to check if your personal information appears in a data breach — or fraud insurance, Equifax Canada chief information security officer Octavia Howell says, just in case. 

“Fraud and identity insurance is out there to help people get back on their feet,” Howell advises. “Because we know that when your identify is stolen or when you’re defrauded for anything, it’s very difficult for you to do it on your own.”

‘Slow down and verify’

Experts say some digital scams can be avoided simply by recognizing them. Though there may be a temptation to blaze through online transactions, shipping confirmations and coupon codes, taking even a few seconds to double-check transactions, verify the legitimacy of offers and closely examine URLs for things like typos in names can save you a headache down the line. 

Professionally made, convincing-looking, fake online stores are more common (and effective) than you might think; an anti-scam tool from the cybersecurity software company NordVPN blocked 9.9 million attempts by users to access fake shops in September and 13.4 million such attempts in October, with more fake pop-ups expected ahead of Black Friday and Christmas. 

So if a deal in an email or pop-up ad looks too good to be true, it usually is, says Wiens.

“It’s like getting a counterfeit bill nowadays, that even bank tellers have trouble spotting,” Wiens says. “That’s why it’s crucial to slow down and verify.”

Back in Nova Scotia, Fitzpatrick advises getting a second opinion to give yourself time to critically examine the situation, in line with the “slow down and verify” approach. 

“If you have something like that — that doesn’t make much sense — and you can’t get a hold of the person, tell the story to somebody else,” Fitzpatrick says. “Someone who’s emotionally removed.”