Your voice could be compromised. It’s not a risk financial advisors had to take seriously a decade ago. Today, it’s a very real threat.
For one successful advisor who spent decades building up a well-curated roster of high-net-worth clients, the threat hit home. After spending $8,000 on a video project for his website, Ken Brown put production on hold. A member of his study group had been scammed out of $650,000 by a complicated and convincing deepfake, and he began to see himself as a target.
He had the feeling that a recording of his voice on his website video would make him more vulnerable. And he wasn’t alone. His study group counterparts started talking about taking videos off their websites as a tactic to stay out of the scammers’ crosshairs. Their reasoning? If they became a target, Brown said, “It would be a huge blow to the bottom line.”
Hackers Can Steal Your Voice
Voice deepfakes happen when a hacker takes a recording of your voice, clones it and then manipulates it. Suddenly it sounds like you are saying things you’ve never said. The explosion of AI gave scammers the tech needed to easily clone voices.
From fake product endorsements to misinformation, a voice can now be weaponized. Actress Scarlett Johansson’s recent lawsuit claims it just happened to her. She is accusing OpenAI of copying her voice for ChatGPT’s new personal assistant. Taylor Swift was targeted in 2023 with an AI-generated scam video endorsing Le Creuset cookware and, in 2024, explicit deepfake pornography photos (that looked like Swift) flooded the internet. Celebrities make the headlines, but financial advisors are also at risk.
Advisors Are Vulnerable to Voice Deepfakes
Anyone managing money could be a target. Imagine if someone took a small audio sample of your real voice and created a vocal rendition, then used it to direct a big wire transfer or hack into a bank account. It happened at Bank of America. Could it happen anywhere?
Think of all the audio content at the virtual fingertips of hackers. Recorded speeches and videos on social media, even a phone call or a Zoom meeting can be recorded and then altered. 60 Minutes demonstrated just how quickly and easily someone can trick you with the latest advanced spoofing tools. That is why advisors need to be aware and adapt.
Advice for Financial Gatekeepers
Deepfake technology leaves advisors in a delicate situation.
Like Brown, you might be wondering, “Should I stop marketing with videos or podcasts?”
Cybersecurity protection expert Brian Edelman emphatically says “no.” You can’t sacrifice the ability to grow your business. Despite all the scams he’s seen as CEO of cybersecurity company FCI, Edelman is still certain that giving up marketing is not the answer.
“I don't think fear is the way that we address this,” says Edelman, “I think that knowledge is the way we address this.” Rather than hide, he says advisors must come up with a plan. Edelman recommends these 3 steps:
1. Take Responsibility
Owning the risk and any missteps you make is where to start. “When the financial advisor makes mistakes, that's when they come under the magnifying glass of, ‘Did you have the right knowledge in order to protect your client?’” says Edelman. He stresses that it is your fiduciary responsibility as a financial advisor to protect your clients.
2. Train your Team and Your Clients
Make it clear to everyone what kind of information you will never ask for over the phone or in an unencrypted email. Your protocol for code word withdrawals and old-school multifactor authentication should be an ongoing part of your internal training and client education.
Let clients know: This is how we operate. We validate and verify.
Have aging clients who forget their code words? Add a step to your process that with every meeting, you are reviewing their security code word and reminding them of your protocols.
Continually discuss your plan with your clients. Try recapping in meetings and incorporating the messaging into your marketing (blogs, newsletters, videos, podcasts and website landing pages). Let clients know you take the threat seriously and have a process and protocols in place.
3. Practice your Response
To protect against voice deepfakes and other cybersecurity threats, Edelman suggests testing your team with what’s known as “incident response,” which is common in the world of both cybersecurity and law enforcement. Have your team practice how you’d respond to different threats.
“What happens if I put this video out there and a deepfake artist or a bad actor leverages my voice in order to do something bad?” asks Edelman. “Better to do it in an incident response drill than in reality. So, just pretend it happened.”
By pretending, you’ll gain valuable information about how to protect against each threat scenario. Then use what you’ve learned to create your own incident response plan. It turns something you’re fearful of into an opportunity to protect clients at that next level.
According to F-Secure, a cybersecurity tech company, only 45% of companies have an incident response plan in place.
First Line of Defense
Will there be less to worry about next year?
Don’t count on it.
“It's going to be harder and harder to know whether we're talking to the people we think we're talking to or the deepfake,” says Edelman. “The more that you become knowledgeable of the things you're fearful of, the more empowered you are to not be fearful, and to turn that fear into a strength.”
For advisors, being the first line of defense can be intimidating. It can also inspire change. Brown’s team used the scare as a wake-up call to build even more security checks into their process including:
- Visual identification: His team uses FaceTime calls so they know they are really talking to a client.
- Call back: Because hackers can spoof caller IDs, when a client calls with a request to move money, Brown’s team tells the client they will hang up and call them back.
- Home office help: After going to his broker/dealer’s cybersecurity team and asking for extra help, Brown had a special tag added to client accounts. If one of those clients calls the home office and asks for a transaction or to access funds, the home office patches the call to Brown’s team.
“It’s amazing how damn good these people are,” says Brown. Being ultra-sensitive to voice replication and the ability for hackers to cause harm may actually be his best asset. The first question any advisor should be asking is, “How can I combat that?”
Laura Garfield is the co-founder of Idea Decanter, a video marketing company that creates custom videos remotely for financial advisors.