Cybersecurity Girl Weekly Drop

Cyber news, tools & one smart career path.

  5 min read

Quick Reality Check 

A video call used to be the gold standard for verifying who you’re talking to, but AI is officially breaking that trust. In a viral clip from a Huntress Declassified session, Jim Browning showed John Hammond a real-life example of a scammer using a real-time deepfake and the "3-finger test."

What happened:

During a recorded call with a suspected fraud ring, the scammer appeared on screen as a completely different person. The "face" looked remarkably human until Browning asked a simple, low-tech question: "Can you hold up three fingers in front of your face?

The scammer tried to comply, but the tech failed as the hand moved across the face; the AI got confused about which layer should be on top. The fingers began to warp and flicker because the computer couldn’t figure out how to draw the hand and the face at the same time. This "Three-Finger Test" creates a visual glitch that forces the software to process two overlapping objects, which is a puzzle that real-time AI still can't solve without "breaking" the mask.

Why it matters: 

Deepfakes aren't just for celebrity parodies anymore; they are being weaponized for romance scams, fake executive "emergency" calls, and identity theft. Attackers are betting that you’ll be so convinced by a familiar face or a professional appearance that you won't think to test the image. 

Read more here

60-Second Protection Fix

Deepfakes are real, and they're getting scary fast. Here is what you can do to protect yourself:

• Stop answering unknown phone numbers. When you say "hello," scammers record your voice to train deepfake models. One word is enough.

• Remove your voicemail. Your voicemail is a gold mine for voice harvesting. If you don't have it, scammers lose a free recording.

• Delete your data from public data brokers. Sites like WhitePages and similar databases let scammers find your name, number, and address for free. Removing yourself from those sources cuts off their hunting ground.

• Make your social media private. Unless you're trying to be an influencer, a public profile is just handing scammers your face, voice, and family information on a plate

• Establish a family safe word. Pick something only your inner circle knows, something random and hard to guess. When someone calls claiming to be a loved one in crisis, ask them the code word before you do anything. A deepfake can clone a face and a voice, but it can't know your secret.

Must-Have Tool: 

Protect Your Privacy: Managing Data in AI Tools

I put together a new guide to help you see what AI tools know about you and how to take back some control. In this guide, I walk you through the key settings to review, the small toggles that actually help, and a few habits that keep your data safer without overthinking it. 

What You Missed This Week

What happens when 1,000 nation-state spies spend a year hiding inside the world's most secure networks? I sat down with Eric Doerr, the man who led Microsoft’s response to the infamous SolarWinds attack, to discuss what it was like being a "first responder" to Microsoft’s Largest Breach. Listen or watch it here 

Automating GRC: A practical guide for security teams

Regulations are increasing across the board. Teams are stretched across numerous projects. And the manual work involved can overwhelm even the most well-resourced teams. 

Learn how your team can overcome the challenges of today’s fragmented, manual GRC processes in this Tines practical guide. Get access to four opportunities for immediate impact and inspiration from teams at Druva, PathAI, and more.

Get the guide

*Sponsored by Tines

Walked the entire expo floor at RSAC... and THIS booth stole the show

I’ve done escape rooms before, but this one? Next level and less than 8 minutes🔥Plus, as a cherry on top….scored a very official new passport for Cybersecurity Girl 💁🏻‍♀️

And, you won’t believe the chaos and fun that ensued at the Synk RSAC

Did you count how many times I said legend/legendary??? 

Check Out Governance, Risk & Compliance (GRC) (aka “the Rulekeepers”)

GRC and Data Governance professionals are the ones behind the scenes, setting the boundaries. They analyze the risks and design the rules for what data can be used and what must stay private.

Learn more about GRC in my Free Intro Course: Cyber Paths 101

Let’s keep building together!

Stay protected,

Cybersecurity Girl

Know someone who’d enjoy this? Pass it along and have them sign-up here! And if you have thoughts or feedback, just hit reply, I’d love to hear from you.