When a 60 Minutes staffer got a call that appeared to be from correspondent Sharyn Alfonsi, she picked up.
A voice on the other end, generated by artificial intelligence to mimic Alphonsi’s voice, asked for some help. Television clips were used to clone Alphonsi’s voice. It took about five minutes.
“Elizabeth, sorry, I need my passport number because the trip to Ukraine is underway,” said Jal Alphonsi. “Can you read it to me?”
The woman behind the call is not Alfonsi, but Rachel Toback, an ethical hacker and CEO of data protection firm Social Proof Security. Toback, who advises companies and private citizens on their vulnerabilities, was hired by 60 Minutes to show how easy it is to use information found online to trick someone.
Alphonsi is a public figure whose voice is on many recordings, but Toback says someone can be spoofed.
“Often attackers go after people, they don’t even know who these people are, but they just know that this person has a relationship with this person,” he said. “And they can impersonate that person just by changing the pitch and the modulation of their voice so that (someone would say), ‘I believe that’s my nephew and I really need that money wire.'”
Toback found Elizabeth’s cellphone number on a business networking website, then used a spoofing tool to call her Alphonse. An AI-powered app imitated Alfonsi’s voice to trick a 60 Minutes employee.
During an interview about the digital theft, Toback played the recording for the 60 Minutes staff and Alfonsi shared what he had done.
“Oh, so I got hacked and I failed, hacking failed,” Elizabeth said.
Elizabeth is a tech-savvy millennial, but Toback says anyone can be hacked.
“Anyone can fall for what Elizabeth fell for,” Toback said. “Actually, when I attack like this, every time, the person falls for it.”
Statistically, you are now more likely to be a victim of theft online than a physical break-in at home. A new FBI report reveals that Americans lost more than $10 billion to online scams and digital fraud last year. People in their 30s, who are the most connected online, filed the most complaints.
Seniors, however, lost the most money to fraudsters. Cyber Con artist Parents and grandparents are using artificial intelligence, widely available apps and social engineering to target them.
Susan Monahan, an 81-year-old tax preparer with an MBA, fell for one The Grandparents Scam and was defrauded out of $9,000
“There was a young adult in line, ‘Grandma, me, I need your help,’ in a frantic voice, scared, ‘I was driving and suddenly a woman stopped in front of me. She’s pregnant, and I hit her and they jailed me. will take.’ … And, ‘Grandma, please don’t call my mom and dad, because I don’t want them to know,'” Monahan recalled.
An attorney then comes on the phone pretending to be an attorney and walks Monahan through what he has to do to keep his grandson out of prison. He quickly went to a bank and withdrew cash. Minutes after Monahan returned home with the money, a courier showed up to pick it up. A doorbell camera recorded Monahan on the phone with the scammer as he handed over the money.
“He said to move your butt ’cause they’re on a deadline,” he can be heard saying on the doorbell camera recording.
As soon as the courier left and the adrenaline left his body, Monahan was filled with a sick feeling that he had been tricked.
Monahan is not alone. The Federal Trade Commission reported that scams skyrocketed 70% during the pandemic when seniors, home alone, went online to shop or keep in touch with family.
While investigating, 60 Minutes spoke with Judy Attig and her husband Ron, a retired ironworker. Both were victims of the same grandparent scandal as Monahan. They lost $7,600.
“Most hacks start with some form of social engineering or human-based hacking because that’s the easiest thing to do,” Toback says.
Hackers no longer need to infiltrate computers through back doors, Toback said. About 95% of hacks today happen after a user clicks on a text or link or shares personal information over the phone.
Retired scientist Steve Savage lost $14,000 after allegedly opening a fake email from Geek Squad. The charges listed in the email were higher than Savage expected, so she called the customer service number listed in the email. A scammer picked up and posed as a Geek Squad representative.
Esther Maestre, a retired nurse, was also a victim of fraud.
“My iPad gave me a loud, loud sound, like a house alarm,” she said. “It said, ‘Security, security, call this number.’ My heart started pumping.”
Maestre called the number, thinking he had reached tech support. He was told that his account had been hacked and that they were going to transfer him to Chase Bank. The fake bank employee told her she needed to withdraw $11,000 immediately to avoid being robbed. Maestre was instructed to deposit the money into a new account at a Bitcoin machine, which he did.
The money was not recovered.
“I’m the one who took the money out of the bank, so I won’t be paid back,” Maestre said. “Nothing. Zero.”
For every Maestre, Savage, Attig and Monahan who share what happened, there are many others who do not. Scott Pirello, a San Diego deputy district attorney who investigates major fraud, said studies show that one in 20 seniors report a scam after being defrauded.
“The scariest part of this scam is that these victims have no recourse,” says Pirello. “They are confused.”
The FBI is proud of the work done through the Elder Justice Task Force and the brave victims who are willing to speak up. Help protect our seniors by reporting incidents of elder fraud at ic3.gov.
This story was reported by: Sharyn Alphonsi, Oriana Jill and Emily Gordon