Don’t Get Fooled by AI Scammers: Cybersecurity CEO Explains Why Secret Codes Matter

Secret Codes With Loved Ones Could Thwart AI Scam Calls, Cybersecurity Expert Warns

As artificial intelligence makes online impersonation scams increasingly convincing, a cybersecurity chief is urging people to create secret passwords with family and friends to protect against deepfake fraud attempts.

Cody Barrow, CEO of cybersecurity firm EclecticIQ and a former US government adviser, said the ability of cybercriminals to mimic voices and faces using AI has lowered the technical skills needed to launch an attack.

Speaking to the Press Association, Barrow shared how he and his wife agreed to use a private code to confirm each other’s identity in case of suspicious calls or video messages.

He explained,

“My wife and I were actually just discussing this – in recent months, we have (created) a secret code that we use that only the real me or the real her would know, so that if one of us ever receives a FaceTime video or WhatsApp video that looks and sounds like us, asking for money, asking for help – something very scary – we can use that code to verify that we’re the right person.”

AI Tools Make It Easier To Scam People Online

Barrow said that powerful AI tools are now widely available and allow scammers to craft highly believable phishing emails or fake videos using stolen data.

Cody Barrow, the CEO of EclecticIQ, is a cybersecurity veteran with over 20 years of experience, including roles at the Pentagon and NSA, who previously served as the company's Chief Strategy Officer.

He affirmed,

“AI is huge. It’s not just hype. It’s very easy to dismiss it as such, but it’s really not.”

The growing ease of generating fake content, he added, has made impersonation attacks more accessible to people with limited technical knowledge.

He also warned that non-English-speaking threat actors may now pose a greater risk, as they can use AI to replicate natural-sounding language and exploit trust among English-speaking targets.

Most People Have Already Been Compromised Online

With data breaches affecting millions in recent years, Barrow believes most people who have used the internet likely had their personal data exposed at some point.

This increases the chance of scammers accessing contacts and replicating someone’s identity.

Barrow said,

“Just about every human who’s used a computer or the internet has an old email account that’s been compromised at some stage when they had a non-secure password.”

He added,

“That email was compromised, and someone stole their contact list.”

Scammers can use these contact lists to create convincing impersonations, using AI to mimic the person’s voice, image, and writing style.

He added that those most vulnerable to such scams tend to be the very young and the elderly, as they often lack awareness of digital threats.

Human Error Blamed For £300 Million M&S Cyber Breach

Barrow’s warning follows a high-profile cyber attack on Marks and Spencer, which the retailer blamed on human error.

Hackers accessed its systems through a third-party supplier using social engineering tactics, leading to an estimated £300 million in damages.

Disruption is expected to last until at least July.

The attackers are believed to have used fluent English to manipulate staff more effectively.

Barrow explained that familiarity with routine security steps, such as multi-factor authentication, can lead to complacency — a vulnerability exploited by the attackers.

He said,

“They’re used to having to enter their phone authenticator code and do all the prompts. And so it was relatively trivial for this threat actor, which speaks native English, to really trick people into going through those motions and abusing multi-factor authentication to get into these outlets.”

Will Secret Passwords Become A Common Practice?

What sounds like a simple solution — agreeing on a private phrase or word — could soon become essential for digital safety.

Barrow believes people will eventually adopt this habit widely as impersonation scams continue to rise.

He stated,

“It may sound dramatic here in May 2025, but I’m quite confident that within a number of years, if not months, people will look back and say, absolutely yes, I should have done that.”

He further advised,

“I do think everyone should do it, especially if you have either more elderly family members or younger family members.”

In December 2024, the FBI also advised using a secret family password to counter voice cloning scams.