Read the story. Notice that the call came from an unknown number, and the scammer was playing the role of a kidnapper calling from the kidnapper's phone, and the "authentication" was the daughter's faked voice. There's nothing the telecom system could have done about that. This particular attack circumvented any possibility of "telecom security" being useful. And if "telecom security" gets better, there's more incentive for scammers to keep finding ways to make it irrelevant.
If you want a technical solution, you have to demand that a person always contact you from their own device as "2FA", or at least that they some kind of 2FA device on them... except there are a billion ways that somebody might lose access to such a device when they were in genuine trouble, and scammers are totally capable of making it look like one of those scenarios has happened.
You're really down to the point where people have to do "mind to mind" authentication with shared secret knowledge... while under extreme stress... in a case that's uncommon enough that most people will not have practiced it.
This is just what GP called "modern street smarts". People won't keep getting fooled like this for long. Just like people had to learn to stop trusting everything they heard on TV, and learn to stop trusting every pop-up on every website. We will develop new habits, such as what you call "mind to mind authentication" or verifying through a separate trusted channel.
So, here's the thing: I have a 15 year old daughter. If she were actually snatched by a kidnapper and threatened with rape/murder/whatever, I am not absolutely sure that she would remember and execute a "code word" protocol. Especially not a protocol that had the extra measures to help keep it from being subverted in various ways, but maybe not even a very simple protocol.
Not sure enough to feel really comfortable betting her life on it, anyway. Not if we hadn't drilled it on a daily basis for weeks and a weekly basis for months.
It's easy to blank on things when you're adrenalized, say if you've been kidnapped. And it's also easy to blank on things when you're adrenalized because you are hearing the person's voice saying they've been kidnapped.
... and if I asked a scammer pretending to have kidnapped her to let me call her on her phone, I would expect to get the obvious reply: "I threw her phone away. I'm not dumb enough to let you track me/her/us through it". Which is totally credible because that's what a kidnapper should do.
When you get the call, the strong prior probability is that the whole thing is a scam, but that's not so easy to hold onto in a situation like that. And even if you do hold onto it, you will be scared.
Oh, and on edit: Yes, I expect I would keep it together enough to call her on her phone to check, since if she hasn't been kidnapped there's nothing stopping her from answering it. I don't know if I'd expect that of others. But it's also true that if I call her, and nothing is actually wrong, I still expect about a 50-50 response rate because she doesn't hear the thing, has it on mute, or is in school and forced to keep it in her locker, or has let the battery run down, or whatever.
If millions of people start getting fake kidnapping calls every day, then I'm sure we will stop falling for it quite soon. There's a limit to how many days in a row you will keep sending money to every random AI-empowered guy calling to convince you he has taken your daughter, only for her to return home from school like normal just a few minutes later.
I don't think it will be long before video and audio is no more convincing than text is now. We will stop falling for the AI scams, just like we (most of us) stopped falling for the Nigerian princes, scam ads/virus popups on the web, and those fake emails from family members claiming they need us to wire money so they can pay for a flight home or whatever. Basically, my thesis is that people will start to get wise to any scam that is sufficiently common and harmful.
Real kidnappers might have to learn to work to convince the families that the kidnapping is real and not just another scam.
If you want a technical solution, you have to demand that a person always contact you from their own device as "2FA", or at least that they some kind of 2FA device on them... except there are a billion ways that somebody might lose access to such a device when they were in genuine trouble, and scammers are totally capable of making it look like one of those scenarios has happened.
You're really down to the point where people have to do "mind to mind" authentication with shared secret knowledge... while under extreme stress... in a case that's uncommon enough that most people will not have practiced it.
This is not so great.