AI is providing some great opportunities for business, but also some significant threats, this time using voice cloning.
Doctor Digital Says
Artificial Intelligence (AI) is a potent technology that promises to transform our lives. Unfortunately, along with the positive benefits, there are some active and damaging uses for technology aimed at parting people from their money. Digital Ready has covered many of the common cyber attacks such as phishing and vishing, and have a whole module of our Digital Fundamentals course dedicated to cyber security. This is because to date Australians have lost $3.1 billion dollars to scams in the last year, and that figure is only set to grow.
Voice cloning scams, also known as deepfake scams, are a growing threat to businesses. These scams involve using artificial intelligence (AI) and machine learning (ML) to create convincing imitations of someone's voice in order to trick victims into divulging sensitive information or transferring money.
This is done using deep learning AI voice generators - advanced software capable of mimicking human speech so competently that it can be impossible to distinguish between the two. Deep learning is a method of machine learning that is based on artificial neural networks. Because of these neural networks, modern AI is capable of processing data almost like the neurons in the human brain interpret information. That is to say, the more human-like AI becomes, the better it is at emulating human behaviour.
The more speech data they are exposed to, the more adept they become at emulating human speech. This is how AI is able to take a grab of anyone's voice, and weaponise it, mimicking everything down to pace, patterns of speech and inflections of the individual being cloned.
A number of public figures have been caught up in cyber scams using AI voice generators including shock jock Joe Rogan and even US President Biden. If AI voice generators can be used to impersonate celebrities, they can also be used to impersonate regular people, and that's exactly what cybercriminals have been doing.
If you've ever uploaded a Tik Tok, Insta Reel, YouTube video, participated in a large group call with people you don't know like a webinar, uploaded your voice to the internet in some capacity, you or your loved ones could theoretically be in danger of being scammed by a voice clone.
More concerningly, even a few seconds of a person’s voice is enough for the AI tools to capture their spoken essence which means that when you receive a call from an unknown number, and answer with your name and a query as to whom is calling, that is enough to capture and keep. Expect to see voice cloning paired with other types of attacks, such as email and text phishing.
You might get a call or voice message from someone you know, asking you to respond to an email, send you money, or another urgent access request. If the voice sounds legit, you will be more likely to trust the information and carry out the action, potentially giving cybercriminals access to your private and sensitive data.
Businesses will be large targets because people are more likely to open an email, click a link, or download an attachment, especially if they receive a call urging them to do so soon after the email arrives from someone who sounds like their boss.
This will make spearphishing attacks on corporate entities much more effective. When you combine this with the ease with which phone numbers can be spoofed and scripts that can be created by Chat GPT, the perfect storm of access awaits. Consistently, research on the underlying causes of cybercriminals getting access to data shows that human error, often from being too busy to stop and pay attention to the text or voice call is at the heart of data breaches. This happens with simple but sophisticated communications such as emails or texts, adding in a voice that sounds identical to a known person or loved one, the odds of people trusting the messenger are high.
Businesses need to invest in training their employees to only use trusted methods of communication and be very careful when an unexpected and urgent request arrives, making sure staff realise that it is far better to take longer and be more suspicious, than risk exposure to a data breach.
There are several steps that businesses can take to avoid being cyber scammed with a voice clone:
- Educate employees: As suggested above, the first step is to educate employees about the dangers of voice cloning and how it can be used to perpetrate scams. Employees should be aware of the risks and trained to recognise and report suspicious activity.
- Implement multi-factor authentication: Multi-factor authentication can help prevent cyber scammers from accessing sensitive information. By requiring more than one form of identification, such as a password and a fingerprint, it can make it more difficult for scammers to gain access to sensitive data.
- Monitor for unusual activity: Businesses should regularly monitor their networks for unusual activity, such as unauthorised access attempts or changes to files. This can help detect potential voice cloning scams early and prevent them from causing damage.
- Use encryption: Encryption can help protect sensitive information from being intercepted by cyber scammers. Businesses should use encryption to protect their data both in transit and at rest.
- Verify requests: Businesses should verify any requests for sensitive information or changes to accounts, especially if they are made over the phone or through email. This can help prevent scammers from using voice cloning to trick employees into divulging sensitive information.
- Limit public access: Businesses should limit public access to information that could be used to create voice clones. For example, phone numbers and email addresses should not be published online.
By implementing these measures, businesses can help protect themselves from cyber scammers using voice cloning to perpetrate scams. It's important to stay vigilant and stay up-to-date on the latest security threats and best practices to protect against them.
Need to get your cybersecurity sorted?. Why not start with our Digital Ready Fundamentals course, designed to give you all you need to get on track in a quick, easy, actionable video format. Then go deep with some one on one Digital Ready coaching experiences and you will be safe and sound across all your business arenas.