Shame, Spinach, and the Human Side of Cybercrime Artwork

Simplifying Cyber

This show features an interactive discussion, expert hosts, and guests focused on solving cyber security and privacy challenges in innovative and creative ways. Our goal is for our audience to learn and discover real, tangible, usable ideas that don't require a huge budget to accomplish. Shows like “How It’s Made” have become popular because they explain complicated or largely unknown things in easy terms. This show brings the human element to cyber security and privacy.

All Episodes

Simplifying Cyber

Shame, Spinach, and the Human Side of Cybercrime

April 16, 2026 • Aaron Pritz, Cody Rivers • Season 2 • Episode 15

0:00 | 43:19

Send us Fan Mail

When a romance fraud expert, bestselling author, and professional scam-troll meets two cybersecurity pros obsessed with deepfakes and social engineering, you get one of the most eye‑opening – and strangely funny – episodes we’ve ever recorded.

In this episode of Simplifying Cyber, British author Becky Holmes (aka “Death to Spinach” and author of Keanu Reeves Is Not In Love With You) joins Aaron Pritz and Cody Rivers to unpack the murky world of online romance fraud, celebrity imposters, and how emerging AI and deepfake tech are supercharging social engineering.

We cover:

How Becky accidentally fell into the world of romance scams during lockdown by trolling “handsome soldiers” in her DMs

Why smart, successful, emotionally stable people still fall for romance fraud — and why the “it could never be me” mindset is so dangerous

The brutal impact of victim blaming and victim shaming in romance scams, and how media narratives make reporting even harder

What really happens behind celebrity scams (including fake Keanu Reeves, “meet and greet” offers, and wild opening lines from fraudsters)

How scammers use emotional hot states, urgency, fear, and love to bypass even strong rational defenses

Why shame is one of the most powerful tools in a scammer’s arsenal — in both personal and corporate cyber attacks

The parallels between romance fraud and corporate phishing, smishing, and business email compromise (BEC)

How security teams often “tech-splain” and bury the message in jargon normal people will never read

Why user awareness, empathy, and culture are just as critical as firewalls and MFA

Then it gets real. Aaron and Cody put Becky in the middle of a live deepfake and AI demo using publicly available tools — starting with a fake kidnapping video, escalating into nightmare spinach scenarios (she really hates spinach), and ending in her “dream” deepfake wedding. Along the way, they show how shockingly easy it is to:

Deepfake a real person from a single photo

Clone a voice with just a few seconds of audio

Create emotionally manipulative video pleas that could fool friends, parents, or grandparents.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

Meet Becky Holmes And The Premise

SPEAKER_01 0:03

Thanks for tuning in to Simply Solving Cyber. I'm Aaron Pritz.

SPEAKER_00 0:07

And I'm Cody Rivers.

SPEAKER_01 0:08

And today we're excited to be here with Becky Holmes, a British author who uh found us uh, you know, her start in romance scams during the pandemic and lockdown. And I'm not gonna say anything more about that because I don't want to steal her thunder and the story, and we'll want to start that. But that led to uh her first book, uh Keanu Reeves is not in love with you. And we'll talk about her upcoming book as well. And I even hear there might be a third one in the horizon. So Becky, great, great to have you on the show. Thanks for uh joining us this morning or afternoon.

SPEAKER_03 0:41

Thank you for inviting me.

SPEAKER_01 0:42

Awesome. Well, let's get right into it. Um should I address you as Death to Spinach or Becky? Uh let's let's let's use that to unpack your start into this topic.

SPEAKER_03 0:52

Let's go with Becky for a moment. Any mention of spinach is um is vetoed, obviously.

SPEAKER_01 0:58

Well, just wait for it. There might be a surprise later in the show, but I'm not gonna I'm not gonna haunt your dreams yet.

SPEAKER_03 1:05

Please don't. Nothing's haunt my dreams as it is.

SPEAKER_01 1:09

Awesome. Well, uh tell our listeners how how your story and this topic began and how yeah, how did it all begin for you?

Lockdown, Twitter, And The First Red Flags

SPEAKER_03 1:18

So this all started for me in the most random way. So I didn't go out to start looking at fraud. I didn't really have any particular interest in fraud. The only thing I knew about romance fraud was what I used to see on the TV and in the paper, which was usually, oh, look at this woman, look what's happened, isn't she silly? Um but during lockdown, I was obviously horribly bored and joined Twitter, which wasn't the cesspit that it is now, I have to say. It was actually okay back then in 2020. Um, and within a few days of joining, my inbox was flooded with these really young, handsome men who all looked quite similar. They were all in sort of army uniforms or pilots' uniforms or something. And they were all within about a day desperately in love with me. I was kind of their ideal woman. Um now, you see, you laugh. That's rude.

SPEAKER_01 2:14

We're inadvertently victim shaming, and I think we've talked about that topic. Um Cody, stifle it.

SPEAKER_00 2:24

Mine's just I love like the the the so quickly you said the pile of the uniform, you had the they had the persona down right away.

SPEAKER_03 2:32

Oh, yeah. And it was you know, one thing I always say is if one young, young, handsome soldier had messaged me, I could well have started talking back. And this would be a very, very different show. Um but the fact that there were so many was like an immediate red flag. Because I am exactly the sort of person that would become involved in a romance fraud because I talk to anybody. Um, and I have this kind of inbuilt need to help people. So I would be exactly the sort of person that would send money.

SPEAKER_01 3:05

Now let's clarify, Becky. That was back then, before all the all the scammers pounce on you from this show, you are now a refined machine of anti-romance scam shrapnel, correct?

SPEAKER_03 3:18

Um, let's say yes. Um do you know what though? I'm gonna say yes because I've got a partner. I still think if I was single, like nobody is immune to this.

SPEAKER_02 3:30

That's fair.

SPEAKER_03 3:31

Um, and also as soon as you start thinking, oh, that could never get me, no, I don't know, like your guard goes down a little bit, and you know, they're very clever. So never say never. I I need to stay with my partner forever, just so.

SPEAKER_01 3:45

So you don't get scanned. If they're listening, no pressure, no pressure.

From Jokes To Justice: Victims Speak Up

SPEAKER_03 3:51

Um so anyway, I I had all these messages, and to start with, I was just blocking them, deleting them. And then as boredom set in more and more, and I was staying with my mum at the time in my sort of childhood bedroom, and I just thought, right, that's it. I need a hobby. So I started messaging back, and it became obvious really quickly that they were pretty much sticking to a script. So I thought, hmm, I wonder what I can get away with, and started saying the most ridiculous things just to see what they would do. And as it turns out, nothing, because they just keep asking you for money. Um, and it was really making me laugh. So I put these things up on Twitter, um, and lots and lots of people got involved, and and you know, we were all kind of having a lot of fun with it. But to to sort of make it more serious, an unintended consequence of this was that victims of romance fraud actually started getting in touch with me and telling me their stories. Um and it became fascinating to me. Like, you know, these people that I was speaking to, they were intelligent, articulate, you know, good jobs, good social lives. And I thought, wow, this is a really misunderstood crime. So I started looking into it. And when I started looking into it, I then couldn't stop.

SPEAKER_01 5:13

Yeah. No, that's fair. And I like your point about it, doesn't have to be, I mean, we've all got, I think everyone here has a story of one of our grandparents or parents that fell for something. And usually when I'm talking to a group and I do the show of hands of who here has had a in their immediate family or friend circle a victim of the scam, and it's usually like 80 to 90 percent, which is scary, but it's not just you know the aging, decaying grandmother or grandfather that is losing their mental faction or unfortunately dealing with Alzheimer's or something. They're still a top target. But I think what you discovered and what we know within the industry is it could be anybody at any level of any uh mental capacity.

SPEAKER_03 5:58

Absolutely. And you know, you're you're uh my experience echoes yours. So if I speak to, say, like a taxi driver or I don't know, somebody in a waiting room and you kind of get chatting and I talk about what I do, they're like, oh God. So either I've had a taxi driver say to me, Oh, don't even speak to me about that because I sent somebody a grand. Um, but people, other people have said, Oh no, yeah, my my uncle was involved in one of those. It is astonishing how many people know somebody that's been involved in romance fraud. And yet we still have this real kind of stereotype about the person. You know, it's it's so interesting.

SPEAKER_00 6:37

Yeah, I think you make a great point. There's it's kind of like there's like there's like a stigma that comes with it. And so there's like a an embarrassment or or like the shaming. And we see it on like the corporate side with romance scams, it's kind of that social engineering tactic. But if I fell for a fish or something here, there's a lot of times a fear of a punishment. So kind of kind of talk about how like that shame tool for attackers is a hurdle for kind of like cultures and how I kind of want to hear your your spin on that because I think we see that a lot of it. So I kind of want to hear your take on you know removing that stigma.

The Cost Of Shame And Why Reporting Lags

SPEAKER_03 7:07

Yeah, I wish I could wave a magic wand and that be done right now because I think we'd be a lot further forward um than than where we are. So in the UK, um, and I happen to know in the US, the victim shaming, um, the victim blaming when it comes to romance fraud is off the scale. So you still hear um, well, that was stupid. She or he must be gullible, they must be naive, what's wrong with them? They're clearly mentally ill, as if that person would fancy you. You know, all this sort of stuff. And because the media go out with this image as well, people, you know, and the headlines um, you know, middle-aged woman falls for Keanu Reeves, you know, whatever it might be. People then don't want to report it. They don't even want to tell their friends and family, let it go, let alone go to the police or their bank or whatever. Um, so we never get a full picture of this crime, even because of this victim shaming. Um there's all sorts of things we can do in terms of language to sort of stop that. But ultimately, I don't know. I I've been thinking about this for years, and there seems part of me thinks that we just want to feel superior to other people. And therefore, when you read something about somebody that's done something, the only way you can feel better about yourself is to write something awful on the internet. And that that is what frustrates me more than anything. Because the people that I've interviewed and the people that friends and colleagues of mine have spoken to, they aren't stupid. You know, something was going on in their life at a particular time which meant that they went down a road where they wish they wouldn't have done. And because of the victim blaming and the victim shaming, they'll they'll rarely get over it. Um, it frustrates me more than anything. And you know, that is the same across any culture, any country, you know, sexuality, age, whatever it might be, it the the shame is the same.

SPEAKER_01 9:16

Yeah. Sorry, I could have a really interesting corporate story on the victim shaming. And it was actually it's a positive story because it was an executive who had a mindset. And that this was when I was on the corporate side, this was the head of HR at a very large company. And in one of the executive cybersecurity program meetings, we were looking at the email phishing statistics, and the numbers were higher within you know a specific function. He was like, Who are these people? Should we just get rid of them? Like, what what how are they so stupid? Um, so that was his opening stance. And then a month later, or sometime after that, we did an executive with the CEO's permission, an executive lead team spearfish, which he fell for. And luckily, the humility, like he processed that and he realized and he got up on stage at his next HR town hall and told his story of like, this was my position. I was wondering who these stupid people were. And then I realized they weren't stupid people, and I was one of them. And when he did that on stage to his town hall and used humility, not shame, the numbers in the next test of the employees went down drastically more than any other area. So I think to your point on if we can reverse, if we had a magic wand, if you could switch shame into empathy and give people the support and the safe space to raise their hand and say, Well, I think I did something not good. I need help. That would be a better place than where we're at across both families and corporate today.

SPEAKER_03 10:52

I I would love to hear more stories like that of actually somebody getting up, you know, on stage in front of his employees and saying, Okay, I made a mistake here. And if it can happen to me, then just let's all watch out. I would love to hear more of that.

SPEAKER_01 11:06

Agree. We need them.

SPEAKER_00 11:07

Yeah, Becky, and what I was trying to talk about earlier is so a lot of times when we build these human risk management programs for large companies in awareness, the challenge we have is the focus isn't IT and cyber. It's going to be your non-technical function parts of the company because they live and breathe it, they know it. It's how do I engage? Marketing, finance, operations, HR. And so I kind of want to think like as a non-technical person, what do you think the cyber industry gets wrong about how we talk to normal people or non-cyber IT people?

SPEAKER_03 11:42

Point one, I would say, is God, it can be boring. So, you know, if I'll count myself as a normal person. So um I read a lot of academic stuff and stuff that comes out from from tech people. And, you know, that's part of my job is to read things and turn it into kind of everyday language. And sometimes I have to have a break before I've got to about the third paragraph because I think, what is this? Nobody understands this. You know, the amount of acronyms, initialisms, you know, just all these things that regular people do not understand. And if they don't understand it, they're gonna switch off. Um, it's boring. Let's make things more interesting for normal people.

SPEAKER_01 12:28

Um are we textplaining and burying the lead, Becky?

SPEAKER_03 12:32

Sorry, say good.

SPEAKER_01 12:34

Are we text plaining to people and burying the lead? You see what I did there? I took mansplaining and made it text planing. And burying the lead, I learned from our marketing person where you know you take the main point and you put it way down in the the details of the article, and then it's like, don't even know what we're talking about.

SPEAKER_03 12:50

That's marketing speak.

SPEAKER_01 12:54

I marketing speak too.

SPEAKER_02 12:57

I blame John Wayne.

Talking To Humans, Not Techies

SPEAKER_03 12:59

We all do it, yeah. So um, yeah, we we all talk in our own particular language, um, and then we expect other people to understand it. You know, I I do it all the time when I'm talking to friends about publishing and stuff, and they say, Well, I don't even know what that means. Um But I I think something I was looking at something earlier today um by a British company, I won't say who, and they said, Well, what do you think to this? And I said, Who have you tested this on? And they said, Oh, you know, people within the company, and we've got in um, you know, uh like a focus group and stuff. And I said, Okay, who's in the focus group? Oh, um, you know, sort of people in the same industry. And I said, just get some normal people in. You know, you're there's no point testing stuff on the people who already know how to use it. Um and I think that is something that really frustrates me in this world. You know, we all go to conferences and pat each other on the back about our latest bit of tech and our latest bit of marketing and stuff. But there's no point doing that if nobody outside the industry knows or cares.

SPEAKER_00 14:07

Great point. I also think that's 100% right. I think also what we see sometimes is awareness and training is down the list of priority. There's a big focus on like technical controls and tools to put in place. And I think what we try to bring back is that like these controls fail when a user is emotionally compromised. You know, if it's an MFA and to your point, so now we've got the tool is circumvented that can be compromised because you've emotionally compromised a person. They're too scared or ashamed to say they've been compromised and talk about it. So now you've got a kind of a vulnerability. So I think that is a challenge. I kind of like love to hear your point of like if you're kind of like CISO or Cyber and you're in charge of the program, what are you saying or doing to say, hey, this is how do you push that importance up the ladder when it's then they say, well, we've we've got tools for that.

SPEAKER_03 14:56

I think, I mean, unfortunately, when you're talking to people at the top, a lot of it's got to be based around the bottom line, hasn't it? Um, you know, and sort of saying, look, you're gonna lose money if you stop, if you keep doing what you're doing.

SPEAKER_02 15:08

Yeah.

SPEAKER_03 15:08

Um but but your point about um, you know, when people are in that state, we we call it the hot state. And you're right, that's when people are at their weakest. That's what social engineering is all about, you know, getting people in that in that moment when they're not gonna follow the rules and they're not gonna kind of do what what they're supposed to do, and they're not gonna follow systems and all that kind of thing. And I think people at the top, to answer your question, this is it's gonna sound a bit hippie, but I think they need to be put in front of people who use their products and who are on the the receiving end, you know, the very kind of lowest people on the rung, if you like, people like me, who will say, Look, I don't understand and therefore I've taken my business elsewhere, or I don't understand and therefore I've stopped paying for your subscription, whatever it might be. Um, because fraudsters are getting cleverer and you know, they they work on this social engineering, they work on putting us into these kind of visceral states of panic. Um and that's never going to stop. So people need to be looking at uh the human side of things more than the tech. You know, you can have all the tech in the world, but if it's not reaching people in the right way, if it's not gonna help people overcome what is a very visceral reaction, then it is pointless.

SPEAKER_01 16:38

Yeah. So what one more question, and I think we're gonna have some fun in uh becoming Becky Holmes from a deepfake standpoint.

SPEAKER_03 16:47

But you pull thing.

The Hot State And Social Engineering

SPEAKER_01 16:49

Um in your journey with Death the Spinach and the Twitter fame and kind of progressing into writing, uh, when did you transition from your own entertainment and entertaining the audience to understanding, wow, I've seen so many replies back, and this is real, and I want to become an educator, not just a humorist? And then how did you balance that you know shift between humor and serious in both your writing as well as your talks?

SPEAKER_03 17:20

Um it started when people started getting into touch in touch with me that had been genuine victims. That's when I started to think, okay, this isn't just about me having a laugh at my you know, one end of my phone. Um but I um I've always been a really big believer in finding humour in everything, um, well, as as many things as you can. And in terms of finding the balance, for me, it it was all around making fun of the scammer, never of the victim.

SPEAKER_02 17:55

Right.

SPEAKER_03 17:55

Um and I think that's a very important line to tread because romance fraud, fraud of any sort, is not funny, but you can find humour in some of the things that these fraudsters say. And you know, when I've spoken to victims of fraud, even they themselves have found humour in some of the situations. Um, looking back on it, of course, it it in the moment it's not funny. Um so it it has been a journey, and in actual fact, to answer your question around when I wanted to be an educator, that didn't really factor in my thoughts for a long time. When I started writing the first book, the Keanu book, um I was writing it as a project because I was interested, and it wasn't until I started going on and on and on that I thought, wow, actually, there's a lot of people don't know a lot of things. And it just I guess sort of morphed from there, people were inviting me to speak and you know, sort of saying, Oh, I didn't know that. That's really interesting. And of course, that gives you the impetus to then go off and research more.

SPEAKER_02 19:08

Yeah.

Balancing Humor With Care For Victims

SPEAKER_03 19:08

So I don't think I could ever describe myself as an educator. That's probably too grand a title. Um, maybe someone who just helps people understand some of the nuances, but it's a very gradual process, and every day I'm still educating myself because let's face it, you know, I can't educate myself quicker than they're changing their tactics. It's you know, it's frightening. Um, so it's been gradual and great.

SPEAKER_00 19:36

I do, I do want to hear. You said you got some some great things. What's like the most, if you can share, what's the most ridiculous like opening line that you received that come that comes to mind?

SPEAKER_03 19:48

That's easy. That was a Keanu Reeves fraudster. Now, with celebrity scams, they often don't start out so blatant because of course you'd be thinking this is Keanu Reeves, why does he need something from me? But this one decided that he couldn't possibly waste any time. Hi, it's Keanu Reeves. Um, I'm editing a new film at the moment. I need a$200 iTunes voucher. That was it, straight off.

SPEAKER_01 20:15

Was that a video? Was that an audio file? What did that come through?

SPEAKER_03 20:19

That was just a message uh into my DMs on Twitter.

SPEAKER_01 20:22

Got it.

unknown 20:23

Yeah.

SPEAKER_03 20:24

Yeah. So I I clicked on the profile, which I always do, and he had three followers. Um, and his account had been made that month, and I think it was only about the fourth of the month, as it was. Uh I I was confused by that one because I thought, I I don't know how successful you're gonna be. I don't know if he was having an off day or whether he was a a learner. Um, but it was it was a rough, a rough start for him.

SPEAKER_00 20:51

Yeah, man. I I I I think about my you know my days when I was younger, and it was the Nigerian prince who was trying to give me his entire fortune. So that that was that was what I resonate with in my early. Are you still waiting for that, Cody? I man, the other day on Instagram though, the algorithm got me because I saw there was like a some like it was like a heist, and they saw like some apartment in Nigeria or something was found with like millions of dollars in it. And the comment was so great, because I love comments on on the social webs, and it was like this man tried to unload this this money for all these years and no one ever said yes.

The Wildest Openers: “Hi, It’s Keanu”

SPEAKER_01 21:25

Well played. Well played. Well, speaking of speaking of playing, it's time to play a game, Becky. So uh, and I know that you've uh played along with us. You've not opened a few video files that we sent to you uh with I know, like creating so much FOMO before the show. So um a little bit of setup, and then we'll go right into it and we're gonna we're gonna like gauge your reaction real time. Um, you had asked a couple things when we first met. One, um, how is the technology evolving and you know with AI and some of the video AI, and really, quite honestly, some of the AI projects. That are challenging Hollywood or at least going to be relevant in Hollywood and other film studios in how they get some of the things done that took them years or months before. So we played with those technologies. We did a little bit of research on you based upon what's publicly available on the internet, uh, because you're an author, you have lots of back of the book here's all about Becky.

SPEAKER_03 22:21

So you're at least only what's publicly available.

SPEAKER_01 22:24

That's true. Yeah, that's true. Um, you know, in a couple more conversations, if Cody and I came to to to the UK and took you out to dinner, we'd get the rest of the story. But we went with what we had available and we created three scenarios. Some of them might be fear-based scenarios, and some of them may be your most um desired dream come true. So with that, uh Bronwin from our show has put together uh three three videos. One they're labeled one, two, and three. So why don't you open video one first? This is great.

SPEAKER_03 23:00

Mom, please do what they tell you. They're not messing around. Please help me.

SPEAKER_01 23:06

Now, now we um we could have we actually have your your voice. We didn't put the time in. We'll we'll maybe fix this for what we replay it. We can use your actual voice from public recordings and overdub it, but this was five seconds of AI prompting in a higher-end paid tool using a single photo of you, the one that you had posted on LinkedIn. Um five seconds. Five seconds, yeah. Five seconds of effort. It took maybe a minute and a half to process, but then it's ready, ready to roll. Um, okay, video two. Actually, can you describe for the audio listeners what just happened?

SPEAKER_03 23:43

Um I feel slightly shocked. Um so uh I opened the video and it was me um tied to a post. Um now, and you didn't get that from my private collection.

SPEAKER_00 23:56

So that was that was not there.

SPEAKER_03 23:59

That was not there. So tiny that's me tied to a post. Um asking uh sending a a video to my mum asking for help. And I'm I'm sitting, there's a still of it now on my screen. It's it's really weird. It that's really weird to say.

Live AI Demos: Kidnap, Spinach, And A Wedding

SPEAKER_01 24:17

Yeah, yeah, and and they can get even more sophisticated using multiple photos. This is just done with one photo and the technology that it's unfortunately is very mainstream. So there's a lot of good things and cool things you can do. You know, if you're a Star Wars fan, remember Mark Hamill or Luke Skywalker and the younger version of himself that no longer exists, that's using a variation of this technology. So there's cool things that you can do from an entertainment standpoint, but obviously, like thinking of this in you know, as a criminal, how could we very quickly with you know a single image of someone, and if you want to spend a little effort, their actual voice, if you can get a recording of three seconds of them online, that's enough to be 85% accurate in the voice, accent, intonation, all of that stuff. That's just unfortunate, exciting, shocking, sad, all of them, all of the emotions.

SPEAKER_03 25:15

Yeah, all of the emotions. And it's just weird. When you look at videos of yourself or photos of yourself, you've seen them before, haven't you? You recognize the situation, but that's yeah.

SPEAKER_01 25:26

That's so weird. Fabricated reality is I think the the new new term that they're they're using for that.

SPEAKER_03 25:33

It's what, sorry.

SPEAKER_01 25:34

Fab fabricated reality or synthetic reality are the two phrases. Yeah.

SPEAKER_03 25:40

I'll tell you what though, I've noticed um no one's gonna believe that's me because I always have my nails done.

SPEAKER_01 25:47

Right. Well, now that I know that, if I just change the prompt to say freshly done nails.

SPEAKER_02 25:53

Yeah, yeah, that will be it then. That's the only change.

SPEAKER_01 25:56

Exactly. All right, video two. Let's see what the next scenario unfolds. It'll get funnier and better from here, I think.

SPEAKER_03 26:02

Okay. Video two. All right, I need to download that. Okay.

SPEAKER_02 26:18

Seriously?

SPEAKER_01 26:23

What has happened, Becky, for our for our listeners?

SPEAKER_03 26:26

Okay, so for the listeners, my uh Twitter handle is at death to spinach um because I'm horrified by the stuff. So I've just opened a video of me sitting amongst fresh spinach, canned spinach. Why anybody would want that, I don't know. And frozen. And the the still that I've got it stopped on at the moment is exactly what my face would be like.

SPEAKER_01 26:50

Your reaction? Wow. AI, AI gauge that. I think I I prompted that you know you had a hatred of spinach and would be shocked to be in the room. So I think it nailed it.

SPEAKER_03 27:01

What does it take to do?

SPEAKER_01 27:02

Uh again, less than a minute to think of the idea and uh a couple minutes for the AI to create the the output.

SPEAKER_03 27:11

I need to have a word with AI because I've got I've got some frown lines between my eyebrows.

SPEAKER_01 27:18

We can, we can. Any improvements you know we can make. But you know it's far too realistic.

SPEAKER_03 27:24

I was hoping that at least they would have, you know, blurred that out or yeah.

SPEAKER_01 27:30

Yeah. All right, on to video three. And this one's gonna be the happiest moment of your life, but I didn't know when I did this one that you now have a partner, so hopefully he's okay with this fantasy.

SPEAKER_03 27:41

Right. I'm intrigued. Oh, it's called Becky Marries. Right, let's see. Oh my god.

SPEAKER_01 28:02

Who is that, Becky?

SPEAKER_03 28:04

That's Greg Davis, for the love of my life. Yeah, that was for a minute then, because I I am um for anyone listening, there's a British comedian called Greg Davis who I find hysterical and I'm completely obsessed with him. I think he's the most perfect human in the world. No one can understand that, but I really do. And this is me getting married to him on a beach. And just for a minute, when I watched that, all my worries disappeared.

Real‑Time Deepfakes: Limits, Props, And Lag

SPEAKER_01 28:36

See, we like to start with shock and then end with a happy ending. So we we we Bronwyn timed those videos and phased them exactly right to start you with the not good emotions and then resolve in the ultimate dreams come true.

SPEAKER_03 28:52

I'm a little bit worried. I'm gonna have to delete that last one because I might it'll be the sort of thing where I just play it over and over again. Start believing that we are married and then you know go into a whole sort of whole different reality.

SPEAKER_00 29:06

So the the the the uniform men didn't get you, but this Greg Davis, the little beach mirror, if it was Greg Absolutely, do you know?

SPEAKER_03 29:14

Um, so celebrity fraudsters, one of their tactics is that they offer you a meet and greet package and you have to pay their management this fee to meet them. And I've often thought to myself, I don't know why anybody hasn't tried the Greg Davis one on me. Why has nobody set up a Greg Davis account and tried to say, you know, 1500 quid and I'll come and take you for dinner? I'd be all over it.

SPEAKER_02 29:40

That's true.

SPEAKER_03 29:42

Anyone that listening, that's not an invitation to do it. Exactly, exactly.

SPEAKER_01 29:48

All right. Well, the the the last and final example really comes back to your question when we had our first conversation on is real-time deep fake possible or are we only dealing with videos that are done kind of in the moment? So the challenge, and I only used um publicly available tools that um similar some criminals did. I use minimal effort and I used a single photo. So if we did more time on this for a more sophisticated live deep fake, we would you know find a video of you for three plus minutes, we train a model, we'd spend a little bit more time and effort, we get the audio, we would do all that. So it is most compelling possible. But what we're gonna show today includes the single photo of you posted on LinkedIn using a Mac application that's very, very available to anyone, and then lastly, a$20 wig from Amazon because my hair, my forehead is very not Becky. And if we got one of the ladies from the office, they'd have an easier um chance of becoming you. But this is a tall order to say, take this six foot five inch, I don't know how many centimeters that is. I know you're in the metric imperial system difference, but I got the, I mean, you could broadcast a cinema movie on this forehead. So, what I'm working with, I either need a hat, I need a wig, or I need somebody that looks like me to pull it off because the the live deep fake is going to focus in this area here. So I know you changed your hairstyle slightly since we first met, but this is Amazon Becky's hair. And I'm actually going to ping my EA to come in here and help us get this on. Ready?

SPEAKER_03 31:31

Oh, costume change. It's like being at a Mariah Carey gig.

SPEAKER_01 31:35

Exactly. And I'm I'm not, I don't have the tech team and the and the roar the wardrobe to do the quite the quick change of maybe a Taylor Swift. But we're gonna get this on. You might see Christy coming in here. We've got a brush. So we're gonna first get this mounted up, and then we're gonna see what we can do. Here comes Christy. Welcome to the show, Christy Hoover.

unknown 31:54

Hello.

SPEAKER_01 31:55

Hi, all right.

SPEAKER_03 31:56

So we're gonna go with the brush. I'm always a mess.

SPEAKER_01 31:59

We're gonna get this on, fix me up, make me beautiful.

SPEAKER_03 32:02

All right.

SPEAKER_01 32:02

Now we're talking.

SPEAKER_03 32:04

Oh my goodness. I didn't realize it was gonna be this kind of show.

SPEAKER_01 32:11

All right, we got it pulled back.

SPEAKER_02 32:12

How do you feel?

SPEAKER_01 32:13

I feel beautiful. Thank you, Christy. All right, so so now we have Becky. We're gonna reduce my forehead a little bit more because that's gonna be the impediment. And I'm gonna get it back out of my face so you can fully see the face. No, now we've got to find. I'm gonna go off camera here. Hello, family.

SPEAKER_00 32:40

Oh, Becky. Well, hello, welcome, welcome to Reveal Risk.

SPEAKER_03 32:45

Oh, Other Becky, what have you done to your hair?

Why Detection Lags And Process Matters

SPEAKER_01 32:48

Other Becky, what? I don't have the voice changer on, so I'm going to practicing me wrong off the mic there. That was bad, a bad British accent and a bad female accent, but yes. So uh, you know, this is one photo and uh a simple AI deepfake model, which is basically taking the stitch of your face and embedding it onto my face. And you can see, you know, some of the things like you'll see glitches if I if I put my hand in front of the face. Oh, yeah, yeah. Or as I'm turning to the side, you can see the face start to come unstitched there. So those are some of the things that um while it's getting better and better, and I've seen some of the you know more more sophisticated models if we were really trying to target you know, you or someone that knows you, that you can turn a good almost 90 degrees before you get to the point where it's going to distort.

SPEAKER_03 33:43

This is freaking out.

SPEAKER_00 33:45

Can you imagine Mrs. Doubtfire in today's technology? What it would do?

SPEAKER_01 33:50

Probably cut production time by uh what one one hundredth or a thousand percent.

SPEAKER_00 33:56

Robin Williams with a deep fake would be untouchable.

SPEAKER_03 34:03

I just I I honestly can't I don't know how I feel. I I don't know how I feel about this.

SPEAKER_00 34:11

I'm obviously sort of oh, stop smiling at me because Becky to my earlier point, a lot of the things when you look at like training and things, you know, how do I combat against this? Because technical controls don't exist. It's part of it is just like you can even do it. It's it's just that you know, it won't be perfect, it could be grainy, but how many times are you on Teams calls right now or Google calls, and it's like the voice chops out or the video is kind of choppy. So you could easily make excuse or or common reason for why it's not it's not perfect, but you've got uh a very believable example.

SPEAKER_01 34:48

Please buy my book.

SPEAKER_00 34:52

Send gift cards.

SPEAKER_01 34:55

$25. I just need them. Oh.

SPEAKER_03 35:04

I can't stop I can't stop looking at it. It's like I I knew that you I knew you were gonna do this. But I didn't expect to sort of feel like I like I do now, which is just it it's giving me the ick.

SPEAKER_00 35:20

Oh man. Well, it and I mean uh not in this case here, but oftentimes you've got deep fakes that will fake someone for for authority or to do, you know, insert financial scam. Another one that was in the news, this is years ago, was last year, was a principal, I think it was Maryland, got deep faked saying some pretty bad like political and racial things on YouTube. And as Mark Twain always says, a lie can circle the globe twice before the truth can lace up its shoes. And so it was out, all the things were said, the deep fake until it was done, and then later on it was it was proven to be a deep fake and wasn't really him. But at that point, now the damage is done. And so you've got the issue of reputational damage. Uh there was no financial scheme that was um it was uh executed, but um similar ways.

Voice Clones And Plausible Glitches

SPEAKER_03 36:11

So I know there was a thing when um shortly after Russian invaded Ukraine, there was something uh a fake of President Zelensky came out and said, lay down your arms, and was kind of was trying to tell the Ukrainian forces to um to surrender. I can't stop looking at you, Aaron.

SPEAKER_01 36:29

It's I'm gonna I'm gonna pop back in as Aaron so we can uh I didn't like that. Alright, I'm back in uh in I wouldn't say better form, but not the big big Aaron face trying to be Becky form.

SPEAKER_03 36:51

That was so that was so weird. So out of interest then, um what could you what can you do about hair? So obviously they're not gonna fraudsters aren't gonna always be using a wig, are they? What can you do?

SPEAKER_01 37:10

A ball ball cap for less less easy with women with longer hair, but um if if I had it pulled back, then I could maybe just get closer into my mic or in my camera and just kind of crop out the top. Um, so there's a lot of ways. There's another example that we're doing in uh in a healthcare uh uh speaking engagement this afternoon where that gentleman has his kind of completely balled on top, hair on sides, and I'm just getting close to the camera, getting the forehead up enough, and then it basically fills it fills out the rest of his head pretty close to what it looks like. But you just you neither need to play with your camera or use a prop. Or, you know, there's a lot of the early deep fakes, you know, were just really cheap wigs. Cody did one of me live on stage, and we had the the men's wigs are really tough for 20 bucks, but we got a 20 buck one. And it was like this Scooby-Doo shaggy, like brown pro, but it was enough that on on stage it's like you know, it looked good enough to probably fool my grandmother or my mom, definitely my mom. So it's you just you don't need to have perfect, you need to have close enough.

SPEAKER_03 38:21

And uh presumably the tech is coming whereby you won't need a win at all.

Reputational Threats And Rapid Misinformation

SPEAKER_01 38:26

Correct. Yeah. In currently in post-production, you can do a full character swap um and and film a video of someone and completely replace them with the AI representation of the person that you're trying to target or replicate if it's a Hollywood type thing. So that's possible now. We actually did another demonstration of that with one of our directors on our team and swapping it for a guy that I'm co-presenting with this afternoon. Um, but that right now, the the speed of the technology, that still takes a couple minutes to process, but that will catch up. Similar to the deep fake thing that we just did five years ago, you'd be dealing with a couple three seconds of latency and lag, and it wouldn't be as close to real time as it is. The speed of processing, the advancement of the technology and the AI is only getting better. So I expect, and this is the really hard part with like why there's no ubiquitous detection solutions out there that would live in your team's environments in your Zoom. There's some offerings. Um we're tracking them, we're and you know, investing in them where we think they have promise. But the sad reality is the technology of the threat actors is probably outpacing the detection capabilities. We will bet we will bet on tools, but we will not um relent on giving education and business process changes to put checks and balances in place to prevent the bad things from happening because I think we can't fully bet on technology to keep pace here and just make this problem go away. I don't see it happening in the near future.

SPEAKER_03 40:00

And what about putting voice over? So using my voice as part of the real time. Is that that's doable?

SPEAKER_01 40:07

That's doable now, and actually the voice, the video, the voice deepfake is even simpler than the the video deepfake. Um, what we would typically do, and Cody and I have demonstrated this live at actually at a um Isaaca chapter meeting here in in town, but um you have a second, you know, have a microphone, you run that through another laptop and have it all pre-programmed to be your voice or whoever you're trying to target, and then it would come out. There's a little bit of lag on that, but it would come out um of the speaker similar to the video. So there, you know, getting this all woven together, you can do a video and voice all at once. There's gonna be lip sync issues of timing that'll get better over time, but how different is that than a Zoom meeting where you have a bad connection and it's you know your voice is not matching the video? So you can just say, hey, my connection is not great. Uh I've been glitching all day, and and then no one's gonna think twice about it.

SPEAKER_03 41:04

And also in the case of these um, you know, these sort of fear-mongering ones to parents, if you're saying that you're abroad, for example, like you're on holiday and someone snatched your phone, then there could well be a delay or you know, a lag.

SPEAKER_01 41:21

Yep. Well, hopefully, Becky, this has been fun, probably a little scary. I know we we prepped you of what we're doing, but to your point, we didn't uh show you most of the stuff until this very episode. What parting thoughts do you have, both for the lay audience and the cybersecurity community audience, on you know what you want to leave them with or what we want to focus on getting better as a world uh together?

Practical Defenses And Human‑Centered Design

SPEAKER_03 41:48

Oh, that's quite a question. Um I'm still full of uh deep fake images of myself at the moment. To process that away from my screen. Um, I think for me it's still about considering the human beings at the end. Um like I said before, we are so clever, human beings are so clever, and especially you guys over in cyber and tech and stuff, your brains are enormous. But not everybody's is. So, you know, people like me who don't understand that world, you need to be talking to people like me and testing things on people like me and people like my mum. Because I'll repeat it again. There is no point having all the tech in the world if people don't know about it, how to use it, they're frightened of it, they don't understand it. Think about who it is that you're trying to help at the end.

SPEAKER_01 42:52

The human experience. We we all need to get better at that in life and in our corporate worlds, and I think definitely in cyber. Becky, thanks for joining the show. Really appreciate the discussion and look forward to future collaborations. This is awesome.

SPEAKER_03 43:06

It's been quite the journey this last hour. Thank you.

SPEAKER_00 43:10

Becky, thank you so much for being a good teammate. We appreciate it. This is awesome.

Aaron Pritz

Host

Cody Rivers

Co-host