Deepfake Scam “Mom, Dad, I need your help.”

Thursday, October 12th, 2023


Cyber security risk management solutions from DefenseStorm.

In our latest article in Fraud Squad series, we cover a deepfake scam that started with a call, a familiar voice, and a frantic plea for help. One couple is scammed out of nearly $10,000 when they received a call from whom they believed to be their incarcerated son requesting money for bail.

THE SCAM: A call, a familiar voice, and a frantic plea for help. One couple is scammed out of nearly $10,000 when they received a call from whom they believed to be their incarcerated son requesting money for bail.

THE SCHEME: It all started with a phone call. Husband and wife, Donna and Grenfell Letto, (Newfoundland, Canada) were convinced that the caller was their son, who claimed to be in jail and needed bail money to secure his release. Although his voice sounded unusual, the caller assured the concerned parents that he had been fighting a cold and was fine but, more importantly, needed their immediate help.

Their “son” claimed to have been arrested when he caused an automobile accident due to texting while driving. He explained that the accident sent a pregnant woman with multiple injuries to the hospital for treatment while he was taken into custody. The imposter then turned the phone over to a man claiming to be his lawyer, but not before leaving them with a heartfelt plea, “Mom, Dad, I need your help.” The Lettos were informed that their son could be released on bail if they paid $9,800. They were told that a bonded court official would collect the cash from their home and process it expeditiously. The caller warned them not to speak to anyone, including family members, about the situation due to a court order. Without hesitation, the couple went to the bank and withdrew nearly $10,000 in cash to help their son.

Later that day, a young man came to the door and collected the money. Mr. and Mrs. Letto received another call from the “lawyer” and were then instructed to pay a fine of several thousand dollars by sending cash to their law offices through a local courier service. This request sent up red flags for Mr. Letto, who is a retired police officer because the money was to be sent to Pointe-Claire when their son was 660 miles away in jail in Ontario. That’s when Mr. Letto called his daughter-in-law, who claimed to have no idea what he was talking about and that their son was not in any legal trouble. That’s when they realized – they were scammed.

The Lettos were contacted again by the man posing as the lawyer, and the angry father confronted the threat actor; however, no arrests were made, and their money was not recovered. Local police reported that over a few days’ timeframe in 2023, “at least four other senior couples lost a combined $200,000 to similar deep fake scams.”

FRAUD GEEK EXPLAINS: Deepfakes refer to content that appears to be real but is actually fake. This term is commonly associated with videos, images, and audio files that are manipulated to create lifelike content that can be used to deceive people. For instance, a video of a politician giving a speech could be manipulated to show them saying things they never actually said, or audio generated to sound like a family member or friend in trouble, like the story above. The potential implications of deepfakes are significant, as they could be used to spread fake news, commit fraud, or blackmail people. Like many victims, the Lettos were immediately tricked by the sound of a familiar voice. Threat actors using this scam have the same goal: create images, audio, and video to prey on a victim’s emotions to gain access to funds or sensitive information.

The most important and effective way for individuals to prevent falling for deepfakes is to arm themselves with knowledge. Learn about red flags, response steps, and when to seek help. In this scam, the Lettos overlooked a couple of important red flags:

  1. The requirement for an immediate response. A common element of deep fake scams is that the threat actor will rush their victim into action in an attempt to prevent them from taking time to evaluate the situation before acting.
  2. Warnings to not share any information with family or law enforcement. Threat actors will often demand their victims to rectify the situation alone to prevent them from asking questions and getting answers that could expose the scam.

Consumers can protect themselves by remembering the following:

  • Remain wary of unsolicited calls or messages and always verify the caller’s identity by either asking questions only the real person could answer or hang up and contact the FI directly by calling the number on the back of your card or on the website.
  • Take a breath and think about what just happened. Are you feeling emotional pressure? Do the facts align? Does anything feel “off”? Scammers often try to create a sense of urgency and pressure you to act quickly.
  • Don’t share personal or financial information with anyone you don’t know or trust, especially over the phone or via email.
  • Be cautious of requests for secrecy. Scammers often try to prevent their victims from sharing information with others to avoid being caught.
  • Keep your software and devices updated with the latest security patches, and use anti-virus and anti-malware software to protect yourself from potential attacks.
  • Come up with a secret word or phrase known only to your close family. Make it fun, something the family can remember easily, but is not something a fraudster will ever discover in social media.

Financial Institutions: Keep Your Customers Protected

FIs are potentially at risk of deep fake scams in several ways:

  • Impersonation of customers, employees, or executives, makes it easier for cybercriminals to gain access to sensitive information or execute fraudulent transactions.
  • Creation of fake documents and identities or audio recordings that appear to be legitimate, making it difficult for FIs to detect fraudulent activity.
  • Train your branch and call center representatives to ask questions and identify red flags. Does the customer or member sound stressed? Are they struggling to explain the immediate need for a large amount of funds? Are they unable to verify information about the account that they should know?
  • Educate your customers and members about current scams.
  • Ensure your customers know how to trust legitimate messages coming from your security team, and how to reach them when in doubt.

FIs must be aware of these risks and take steps to protect themselves against deep fakes, such as implementing robust cybersecurity measures, training employees on how to detect deepfakes, and leveraging AI and ML to identify and prevent fraudulent activity.

The DefenseStorm Difference :

With DefenseStorm GRID Active Fraud Prevention, FIs can proactively detect fraud before funds leave the organization.  FIs can better monitor insider threats and review user actions to ensure their people are doing what they are supposed to be doing with the permissions they have and are not abusing their access.  In addition, FIs can review user access to make sure their employees only have the permissions they need to perform their responsibilities, to prevent a fraudster from accessing higher level/sensitive data.  Using User Behavior Analytics (UBA) FIs can better detect activities that are outside the norm of the customer. For example, a customer typically uses online banking for low monetary transfers, but then comes into a branch with documents to do a large transfer to an account that has not been associated with that user before. UBA within GRID Active Fraud Prevention would flag that potential fraud, protecting both the FI and customer from any money moving out of the account until that transaction could be verified.


How Can Financial Institutions Safeguard Against Deepfakes: The New Frontier of Online Crime?


N.L. family warns others not to fall victim to the same deepfake phone scam that cost them $10K



Adam Barrett

Sr. Product Manager, Fraud Detection

Adam is the DefenseStorm Fraud Geek with an extreme passion for protecting financial institutions and the people who trust them to provide a safe banking experience. He is currently the Senior Product Manager for DefenseStorm GRID Active Fraud Detection product. With 25 years of experience in banking operations, fraud and risk, you would think he’s seen it all, however, the constantly evolving schemes keep him motivated to stay in the fight.