This article is part of our special report on digital risk in family offices.
Artificial intelligence is making it hard to trust our own eyes and ears. Highly realistic, fully interactive fraudulent personas can now be created with minimal special skills to trick people into providing sensitive information.
Eugene Ng knows how easy it is to make deepfakes. He created one.
Using three simple prompts on the free tier of Google’s Gemini generative AI, Ng invented a private social media account for “Maya,” an 18-year-old in Ottawa who loves volleyball and has a cat named Tom. In flirty text exchanges, Maya will hint at her secret OnlyFans account that you can subscribe to—if you share your credit card or make a Venmo transaction.
Ng, who is cyber security leader at MNP Digital, created Maya as a proof of concept. All it took were some basic APIs (application programming interfaces) to link the messaging app to Gemini for text and image generation. “The AI bot took over and created this persona that would automatically communicate and respond,” Ng says. “When we asked it about friends, it hallucinated her best friend and sent a selfie of them together.”
Ng’s demonstration of this potential “romance baiting” tactic barely scratches the surface of possible deepfake scams that AI tools now supercharge.
“None of this is really that sophisticated,” he says. “With 10 of these, or a hundred, or a thousand, you could automate 90 per cent of a fraud [campaign]. The scale is just off the charts.”
Same tactics, new tools
Deepfakes make common scams more convincing—social engineering, wire fraud, fake instructions from principals, sham kidnapping ransoms, tech-support scams, phony invoices or bogus service providers.
“Everything that’s old is new again,” says Ng. “It’s not like the tactics are changing, but the tools and the techniques are making it much more difficult for people to fight against.”
Most family offices are blind to the risks, he says. “The majority of our family offices aren’t even talking about this. They’re still focused on phishing emails and keeping up with patching their systems.”
As little as 10 to 30 seconds of clean recorded speech are required to generate a credible voice deepfake. Video calls can be intercepted with face-swapping tools to display a different person. Publicly available images, audio and video—speeches, podcast appearances, social media posts—all become fodder for AI manipulation by criminals.
“People shouldn’t have any illusions: you could receive a video call from someone asking you to carry out some banking tasks and you will have difficulty discerning whether this is the real person or a deepfake,” says Bruce Watson, chief advisor at Canada’s National Security Centre of Excellence and University of Waterloo research professor. “Within a year and a half, it will be undetectable in real time.”
Suspicion by default
Watson says deepfakes fall under a broad category of growing AI threats targeting trust, identity and information. “Much of society relies on various elements of trust,” he says. “Trust in a web signature on a contract, trust in recognizing someone’s voice or video on a phone call, especially when you’re asked to make some business decisions. All of those things are suffering a more or less simultaneous erosion.”
Family offices cannot put their faith in detection tools to stop deepfakes either, because defensive technology development inherently proceeds more deliberately than criminals do. “It’s an arms race, and the bad guys, unfortunately, are a step ahead,” Watson says. “It’s always easier to break Humpty Dumpty than to put Humpty Dumpty back together again.”
Instead, the culture of family offices must find ways to make it expected that no one will execute significant financial or strategic actions on the basis of a single remote interaction—even if the face and voice look right.
In March, the Canadian Centre for Cyber Security issued guidance for 10 AI security actions, the second of which was to defend against deepfake and impersonation. Two points stand out: train staff to verify unusual requests across channels, and set the default for all identify signals (such as voice and video) as untrusted until verified by your organization.
“We need to have an order-of-magnitude shift in thinking that we simply don’t allow for this kind of thing,” says Watson. Staff and family members must be trained to treat all media—video, voice, direct messages—with suspicion by default, and to rely more on process than on perceived authenticity.
Rigorously adhering to protocols remains the best defence. Bad actors will prey on staff’s deference to hierarchy and authority, especially when it relates to a supposedly urgent matter. Every level of a family office needs to be empowered to say no, with internal security compliance as a valid justification, and to double-check every situation.
As AI gets better at digitally mimicking humans, humans must become more reliant on non-automated analog measures. For example, Ng advocates for family offices to implement manual breaks into their workflow and consider using agreed-upon code words. “We have to kind of go back to that level of manual process intervention and checks and balances,” he says. “If someone doesn’t know your family code word, you do not follow instructions from that individual.”
Staying vigilant
Deepfakes present risks not only in the form of a fraudulent phone call requesting changes to bank accounts or sudden money transfers. Cybersecurity experts counsel that education needs to incorporate their potential use even in less direct attacks. Business email compromise, for instance, remains the largest threat facing smaller organizations like family offices.
Ng imagines a scenario in which a fraudster “mail bombs” a staff member’s inbox and then reaches out offering support, deepfaking the name and image of their IT person, stolen from LinkedIn to gain their trust. A quick remote session to solve a phony problem suddenly opens their systems to dangerous levels of access, slipping past standard security measures.
The risks are magnified not only by generative AI capabilities, but also by how agentic AI can make complex autonomous decisions and actions. It rewrites the return-on-investment calculations cyber criminals make by enabling fraud at exponential scale—casting untold lines into more expansive waters, waiting for even a single nibble.
“Before, if somebody wanted to target a family office, they would have to do their research. A bunch of legwork was needed to prepare,” says Ng. “Now, 95 per cent of it is automated.”
That new reality, says Ng, ought to force family offices to rethink what they trust: “Everything and every action should be questioned and looked at through a security lens.”
Andrew Wahl is a B2B technology content marketing strategist and freelance business journalist. He has written for Canadian Business, Fast Company, BNN Bloomberg, Rogers Business, Bell Business, TD MoneyTalk and BMO Capital Markets, as well as large tech firms in AI, cloud, networking and semiconductor industries. He is based in Hamilton.
The Canadian Family Offices newsletter comes out on Sundays and Wednesdays. If you are interested in stories about Canadian enterprising families, family offices and the professionals who work with them, but like your content aggregated, you can sign up for our free newsletter here.
Please visit here to see information about our standards of journalistic excellence.