AI Voice Scams Use Data Brokers to Target Families

A grandmother receives a frantic call from her grandson's voice. He's been in an accident, hurt someone, faces arrest, and needs $15,000 wired immediately. She complies—but the voice wasn't real. A scammer cloned it from a three-second Facebook video clip using an AI tool that costs less than a streaming subscription.

This scenario is playing out across the United States right now, according to security researcher Kurt Knutsson, who detailed the mechanics of these attacks in a report published on Fox News. AI-powered voice scams surged 1,210% in 2025, and one in four adults have already encountered an AI voice scam, according to research cited in the report.

Why it matters

Business leaders and security teams often focus on enterprise threats, but AI voice fraud targets the weakest link in any organization: human emotion under pressure. These scams succeed not because the technology is perfect, but because criminals weaponize publicly available personal data to engineer believable emergencies. Understanding the full attack chain—not just the voice clone—is essential for protecting employees, executives, and their families from financial loss and reputational damage.

The attack begins with data brokers, not AI

The voice clone is the final step, not the first. Before making any call, scammers use people-search sites like Spokeo, BeenVerified, or Whitepages to map family networks. For a few dollars or sometimes free, they obtain phone numbers, current addresses, relatives' names, former residences, and estimated income levels.

Once they identify a vulnerable target—often an elderly parent—they select which family member's voice to clone. They then scrape public audio from Facebook videos, TikTok posts, YouTube clips, or voicemail greetings. Modern AI tools can replicate pitch, cadence, accent, and emotional inflection from as little as three seconds of audio.

The scammer scripts an emergency using details from the data broker profile: the right names, the right city, plausible circumstances. When the call comes, the victim hears a loved one's voice, accurate personal details, and maximum urgency. Rational skepticism collapses.

Real losses, documented cases

A Florida woman lost $15,000 after a call from her "crying daughter" instructed her to place cash in a box for a courier. The Trapp family in the San Francisco Bay Area nearly lost the same amount when scammers impersonated their son and posed as police, demanding immediate payment for a fabricated car accident. They avoided loss only by calling their son directly at the last moment.

Hiya's Q4 2024 Global Call Threat Report found that 30% of people who encountered deepfake voice fraud in 2024 fell victim to it.

Five defensive measures

Knutsson recommends five immediate actions:

1. Establish a family code word that must be used in any emergency money request. Choose something random and unguessable.

2. Enforce a callback rule. Hang up and call the person back at their known number before taking any action.

3. Lock down social media. Set profiles to friends-only and limit public videos to reduce available audio samples.

4. Warn vulnerable relatives explicitly. Have direct conversations about this threat, especially with older family members.

5. Never wire money, buy gift cards, or hand cash to couriers based solely on a phone call.

Removing personal information from data broker sites disrupts the targeting phase of these attacks. Data removal services can automate opt-out requests across hundreds of sites, though information often reappears and requires ongoing monitoring.

These details were first reported by Kurt Knutsson in his CyberGuy Report on Fox News.