For years, we were told not to click suspicious links. Don’t share one-time passcodes (OTPs). Don’t trust unknown callers. I also keep suggesting the same repeatedly. That advice still stands. However, with the ever-evolving cyberspace and the crimes it enables, it is no longer enough.
A stark prediction by Nikita Bier, head of product at X, has sparked intense debate in tech circles.
In a post on X, he warned that, in less than 90 days, platforms like iMessage, phone calls and Gmail, once considered relatively safe from automation and spam, could become so flooded with artificial intelligence (AI)-driven junk that they may no longer be usable in any functional sense.
That timeline may be speculative. There is no confirmed trigger event. But the direction of travel mentioned by Mr Bier is undeniable.
Welcome to the age of hyper-scalable fraud!
The Spam Flood Is No Longer Manual
Earlier, running a scam required manpower. Fraudsters needed call centres, scripts (often with a lot of mistakes), bulk SMS tools, phishing templates and 'mule' manpower (to give on rent bank accounts and withdraw money from bank accounts or ATMs). It took serious effort and time for fraudsters to personalise attacks. The success rate with this method is also relatively low, less than 1%.
AI has changed the economics of deception and volume.
Today, generative AI can write convincing emails in seconds. It can scrape social media profiles and tailor messages to individual targets. It can generate human-like voices from a few seconds of audio. It can operate at scale—24 hours a day—without salaries or fatigue.
Voice synthesis tools are no longer experimental. They are accessible. With only a few audio samples, fraudsters can convincingly clone voices to panic families into action.
And as it happens, when panic kicks in, rational thinking often shuts down. We rush to make decisions or send money without a second thought or even checking with someone trusted.
The Call That Sounds Real
His wife calls. The number is hers. The voice is unmistakable. She says their son has been in a bike accident. She is at the emergency room and the (cashless?) insurance is not being accepted. So, she needs US$3,000 immediately.
Everything sounds real. Except it isn’t.
The calling number is spoofed — something cybercriminals can do with alarming ease. The voice on the call is not his wife's but is AI-generated. As we know, a few seconds of recorded speech is enough to build a passable clone.
What saved him? A pre-agreed passphrase.
When he asked for it, the 'wife', who called, did not know it. He hung up. He called his wife back directly, averted a crisis and saved his hard-earned US$3,000.
This is no longer theoretical. Impersonation scams using AI voice cloning have already cost victims thousands—sometimes lakhs—across multiple countries.
And this is just one channel. Let us see what is happening with other channels.
Email Is Not Immune
Email-providers have invested heavily in spam filters and they have improved over the years. But AI is improving too.
Phishing emails today are grammatically polished, context-aware and frighteningly persuasive. They refer to recent purchases, social media activity or workplace details. Some even mimic writing styles of people known to you, including your relatives, friends and colleagues.
There have already been reports of spam-filter inconsistencies and policy changes are slated for 2026. Whether or not Mr Bier’s 90-day forecast materialises, pressure on email systems is rising.
Most interestingly, in these scams, cybercriminals do not even need to mass scale it. They only need a tiny success rate. At scale, even a 1% response rate is quite profitable for them, given their fractional cost.
Consider a simple illustration. Assume a fraudster spends ₹100 on a campaign and blasts out emails to 100,000 people. If just 1% respond, that is 1,000 individuals engaging with the scam. Now assume only 1% of those respondents—just 10 people—actually fall victim and each loses ₹100.
That results in ₹1,000 collected on an initial outlay of ₹100. A ten-times return on cost.
And this is a conservative scenario. In real-world scams, losses are often far higher than ₹100. When individual victims transfer thousands—or lakhs—the profit margins become staggering.
This is why the flood matters. Fraud at scale is not about convincing everyone. It is about convincing just enough people, repeatedly, at minimal cost.
The saddest part is that neither the victim nor law enforcement agencies (LEAs) are interested in a first information report (FIR) and subsequent investigation of the cyberfraud where the loss is just ₹100.
Enter 'Cognitive Security'
We have long discussed cybersecurity, firewalls, antivirus software, encryption and malicious links. Now is the time we must discuss cognitive security.
Cognitive security is the discipline of protecting your mind from manipulation. It is about assuming that what you see or hear may not be genuine. It requires a shift in instinct.
In 2026 and beyond, the safest baseline assumption is this:
- If it triggers urgency, fear or secrecy — pause.
- The most dangerous words in any scam remain: 'right now'.
These are not high-tech solutions. They are practical safeguards that families can implement today.
1. Establish a Family Passphrase System
- Create a safe word or coded exchange known only to close family members.
- Do not simply ask, “What’s the safe word?” That makes it obvious. Instead, agree on a trigger phrase and a specific response.
- During a cyber safety training session at Bhubaneswar, I suggested that attendees freely use random passphrases or 'weird' sentences from their own Oriya language.
For example, the trigger can be: Bada alasi, shoile ghumaku madhya alasya ase. (So lazy that even sleep feels lazy when he lies down.)
And the response can be: Sabu janichhi, kintu caula phutiba nahi. (Knows everything, but can’t even boil rice.)
Here is another example from Marathi…
Trigger: Aaj pani puri khaychi ka? (Shall we eat pani puri today?)
Response: Fakta gulab jamun sobat. (Only with gulab jamun.)
And one more from Malayalam…
Trigger: Ninte janalayil dinosaur kandille? (Did you see a dinosaur at your window?)
Response: Athu banana chips kazhikkunnu. (It is eating banana chips.)
- Feel free to create such trigger phrases and specific responses in your own mother tongue. Make it memorable. And remember, being slightly absurd helps in unleashing the magic!
- But do discuss it in person, away from phones or recording devices, with the concerned person, your family and friends. Do not store it in your notes app or write it down. Just memorise it.
- Practise saying it naturally so it does not sound forced.
- Also, define when it must be used. For example, whenever money is urgently requested or in any emergency involving injury.
This one step can prevent catastrophic loss.
2. Always Hang Up and Call Back
- If you receive a distress call asking for money, just hang up.
- Call the person back directly using the number saved in your contacts.
- If possible, use a secondary communication method — WhatsApp video call, Signal, FaceTime. Or you can also call someone else who may be with that person at that moment. For example, if the caller pretends to be your wife, you know where she would be present at that exact time. If she is in the office, you can call her colleague; if she is at home, you can call another family member or even your neighbour.
- Spoofing can fake a caller ID, but it cannot intercept your outgoing callback in most ordinary circumstances.
In short, never rely on the incoming call alone.
3. Reduce Your Public Audio and Video Footprint
All cybercriminals need is voice samples to clone voices.
Be mindful of:
- Publicly posted long-form videos.
- Open social media profiles.
- Interviews uploaded without privacy controls.
This does not mean you must disappear online. It means you should understand the trade-off.
Privacy settings are not paranoia. They are there just to protect you as well as your near and dear ones.
4. Build Redundant Communication Channels
Do not rely on a single phone number as your only connection to loved ones.
Set up:
- At least one encrypted messaging app, other than WhatsApp.
- A secondary method of verification (calls to another number or another person).
- Clear family protocols for emergencies (who to call first and second and third).
If one channel becomes compromised or flooded with spam, you need alternatives.
5. Treat Emotional Urgency as a Red Flag
Fraudsters always use emotion as a very powerful weapon. They simulate: Injuries. Arrests. Missed flights. Frozen bank accounts and insurance emergencies. Their objective is to collapse your decision-making window.
What you need to do is just slow down the clock.
Always remember, hospitals do not demand instant digital transfers over random calls. Police do not settle matters through gift cards or UPI money transfers. Banks do not resolve compliance issues through personal numbers.
All you need to do is take a pause, verify and act only after that.
6. Strengthen Email Hygiene
Even if spam volumes rise:
- Enable multi-factor authentication (MFA) on email.
- Use hardware-based authentication keys where possible.
- Create separate email addresses for banking or financial matters and general use.
- Never download attachments unless verified independently.
- If an email references a real transaction, do not click the embedded link. Open your browser in a separate window and log in directly.
Assume links are traps until proven otherwise.
7. Educate Elderly Family Members
AI voice scams disproportionately target older individuals who may not be aware of deepfake capabilities.
Have open conversations with parents and grandparents. Explain:
- Caller ID spoofing.
- AI-generated voices.
- The passphrase system.
- Rehearse scenarios. It may feel uncomfortable, but preparation beats regret.
Is the 90-Day Collapse Realistic?
Perhaps not. Agentic bots are advancing rapidly, but fully overwhelming the global communications infrastructure in three months would require coordination and scale that may not yet be operational.
At the same time, spam volumes are already rising. Many people report dozens of realistic scam calls and messages daily.
The trajectory is clear, even if the deadline is uncertain, but waiting for proof is not a strategy.
The Bigger Shift
We are moving from a world where fraudsters target devices to one where they can easily target perception.
Always remember that the images you see or receive can be synthetic. Voices can be cloned. Numbers can be spoofed. Emails can be flawlessly written.
The weakest link is no longer outdated software. It is an unverified belief that you and I (still) have.
In these circumstances, cognitive security is no longer optional. It is a life skill that everyone needs to learn and practice.
If the flood, as ‘predicted’ by the head of product at X, comes in 90 days, you will be prepared. If it comes later, you lose nothing by being ready now.
Either way, the families who plan ahead will be the ones who stay financially — and emotionally — intact.
Stay Alert, Stay Safe!
