🧠All Things AI
🧠 All Things AI
Beginner

AI Safety for Everyday Users

AI safety is usually discussed as a technical and philosophical problem for researchers. But there is another kind of AI safety — the kind that affects ordinary people right now. Deepfake scams, AI voice cloning, synthetic disinformation, and AI-powered phishing are not theoretical risks. They are happening at scale. This page gives you practical, actionable awareness — no technical background required.

Deepfakes: What They Are and How to Spot Them

A deepfake is AI-generated or AI-manipulated video, audio, or images that make a real person appear to say or do something they never did. The technology has become accessible: high-quality face-swaps and voice clones that once required expensive studios can now be created in minutes with free or cheap tools.

Signs a video may be deepfaked

  • Blurring or flickering around the hairline, ears, and neck
  • Unnatural eye movements — blinking too rarely, or eyes not tracking correctly
  • Mouth movements that don't perfectly match the audio
  • Lighting inconsistencies: face lit differently from the background
  • Teeth look blurred or slightly distorted
  • Background warps or wobbles near the subject

Practical verification steps

  • Reverse image search the source — find the original video
  • Check the publishing account's history and verification status
  • Look for corroborating coverage from reputable outlets
  • Use deepfake detection tools (Hive Moderation, Sensity, Microsoft Video Authenticator)
  • If it's shocking and only one source — treat as unverified until confirmed

The Liar's Dividend

Deepfake technology creates a "liar's dividend" — even real videos can now be dismissed as potentially fake. This is as dangerous as the fakes themselves. Be sceptical of deepfake claims too: verify both ways.

Voice Cloning Scams

AI voice cloning can replicate anyone's voice from as little as 3–10 seconds of audio. Scammers use cloned voices to impersonate family members, executives, and public figures. This is one of the fastest-growing categories of AI-enabled fraud.

The "Grandchild in trouble" scam (very common)

A caller using a cloned voice says they are your grandchild (or child), they are in trouble (arrested, in a hospital, stranded abroad), and need money urgently — often via wire transfer or gift cards. The voice sounds real. The emotional pressure is intense.

How to protect yourself:

  • Establish a family "safe word" — a word only your family knows that must be said in any emergency call
  • Hang up and call back on a known number — real emergencies survive a 2-minute callback
  • Never send money based solely on a phone call, no matter how urgent it sounds
  • Call another family member to verify the emergency is real

CEO/executive impersonation (business email + voice)

Attackers clone an executive's voice and call a finance employee instructing them to make an urgent wire transfer. In 2024, a Hong Kong company lost $25 million USD in a single deepfake video-call attack. These attacks combine email, voice, and sometimes video deepfakes.

Defence: Every financial transfer above a threshold requires in-person or multi-channel verification — never solely voice or email.

AI-Powered Phishing

Traditional phishing was easy to spot — bad grammar, generic greetings, obvious errors. AI-generated phishing has none of these tells:

  • Personalised at scale: AI generates unique emails tailored to each target using publicly available information (LinkedIn, company website, social media). Attackers run this automatically against thousands of targets.
  • Flawless language: No spelling errors, natural tone, culturally appropriate. Grammar checks are no longer useful as a phishing filter.
  • Contextually aware: References real events ("regarding your recent conference talk"), real colleagues' names, and real company projects.
  • Multi-step attacks: AI manages extended back-and-forth email conversations across days to build trust before the malicious request.

What still works as a phishing signal (even with AI)

  • Unexpected urgency — real legitimate requests rarely demand action within minutes
  • Requests that bypass normal process — "don't use the ticketing system, just do it now"
  • Sender address domain — check the actual domain, not just the display name
  • Requests for credentials, wire transfers, or access approvals via email
  • Links that don't match the stated destination — hover before clicking

Synthetic Disinformation

AI can now generate news articles, social media posts, fake quotes, fake images, and entire fake personas at minimal cost. This changes the disinformation landscape:

  • Synthetic news sites: Entire "news websites" populated by AI-generated articles that look legitimate — with fake author bios, stock images, and plausible citations. NewsGuard tracked over 1,000 AI-generated news sites in 2024.
  • Fake quotes: AI generates plausible-sounding quotes attributed to real public figures. These spread on social media faster than corrections.
  • AI-generated images as "proof": Fake images of events that never happened, presented as photographic evidence on social media.
  • Astroturfing at scale: AI manages hundreds of fake social accounts that coordinate to make fringe positions appear mainstream.

Verification habits that help

  • Reverse image search any photo that seems newsworthy
  • Check publication date — old images reused as "current news" is common
  • Look for the story on multiple independent reputable outlets
  • Check if the quote appears in any primary source (actual speech, interview, official document)
  • Use fact-checking sites: Snopes, PolitiFact, AP Fact Check, Reuters Fact Check

AI image tell signs (2025–2026)

  • Hands with wrong number of fingers (improving but still a common tell)
  • Text in the image is garbled or nonsensical
  • Backgrounds are too perfectly smooth or symmetrical
  • Skin texture is too uniform — no pores, wrinkles look painted on
  • Jewellery, glasses frames, or accessories have inconsistent shapes

Protecting Yourself: A Practical Checklist

1
Establish a family safe word

Pick a word only your family knows. Anyone claiming to be a family member in an emergency must know it. Takes 5 minutes to set up, potentially saves thousands.

2
Slow down on urgent requests

Urgency is a manipulation tactic — both in human scams and AI-powered ones. Legitimate emergencies survive a 10-minute verification pause.

3
Verify through a second channel

If someone contacts you about a sensitive matter (payment, emergency, credential reset) — hang up and call back on a known-good number. Do not use contact info they provided.

4
Minimise your voice and image online

Voice clones are built from public audio. Reducing the public availability of your voice (and that of family members) reduces cloning risk. Adjust social media privacy settings.

5
Use multi-factor authentication (MFA) everywhere

AI-powered phishing targets credentials. Even if your password is stolen, MFA blocks the attack. Use authenticator apps (not SMS where possible) for critical accounts.

What AI Cannot (Currently) Do

Healthy scepticism also requires knowing what AI can't do, to avoid over-generalising the risk:

  • AI cannot access your accounts without your credentials — phishing still requires you to hand over access. Strong MFA stops most attacks.
  • AI voice clones need source audio — they cannot generate a convincing clone of someone with no public audio presence.
  • AI cannot verify live identity by itself — a deepfake video call can be defeated by an unexpected physical action (touch your nose in a specific way; this cannot be faked in real-time by most current systems).
  • AI disinformation is not unstoppable — verification habits, media literacy, and cross-referencing still work. The tools exist; apply them.

What to Do if You're Targeted

  • Financial fraud: Contact your bank immediately; report to the FTC (US: reportfraud.ftc.gov), Action Fraud (UK), or your national cybercrime unit
  • Non-consensual deepfake imagery: Report to the platform; most major platforms have removal policies; report to the Cyber Civil Rights Initiative (cybercivilrights.org)
  • AI-generated disinformation about you: Document everything (screenshots with timestamps); contact platform Trust & Safety teams; consult a legal professional if reputational harm is significant
  • Workplace AI fraud (CEO impersonation): Follow your company's incident response process; notify your security team immediately; do not attempt to reverse transactions before legal review

Checklist: Do You Understand This?

  • What is a family safe word, and why does it help against voice cloning scams?
  • Name three visual tells that a video might be a deepfake.
  • Why is bad grammar no longer a reliable way to spot phishing emails?
  • What makes AI-powered phishing more dangerous than traditional phishing?
  • Name two things AI still cannot do that protect you from certain attack types.
  • What is the first thing you should do if you receive an urgent money request by phone?