Published: August 16, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Call it what you will…creepy, bizarre, disturbing…but audio deepfake “cloning” scams are hitting new highs in the business sector. Improvements in the technology allow audio deepfakes to show up everywhere from business to social media. Being aware of the growing threat is an important first step, but knowing that voicemails from co-workers, upper-management, vendors, and others can be faked presents its own set of challenges. In the UK, an enterprise was extorted for roughly $220,000 USD when a CEO’s spoofed voicemail left instructions for a funds transfer. A cybercriminal created the audio deepfake and the wire transfer went straight into their coffers. These audio deepfakes give new meaning to “keeping it real” now that vetting voicemails is more important than ever.
According to a spokesperson from the Department of Justice Computer Crime and Intellectual Property Section, “It’s difficult to convincingly pose as someone else…But with deep fake audio and anonymizing tools, you can communicate anonymously with people anywhere in the world.” In other words, it’s much easier for scammers to be successful when they are incognito. The Better Business Bureau (BBB) warns “voice cloning” can be done by anyone who has the right software and a small audio sample of the target voice. Now, social media platforms overflow with voices ripe for the faking. In addition to ranking members in a company, many celebrities, politicians, and other people of note are vulnerable to deepfakes in their name being spread worldwide via social media.
Businesses can respond to deepfake voicemail threats with a focus on education and verification. It starts by educating staff that any voicemails can be suspect, especially those ordering a transfer of funds or other financial requests.
Ongoing employee cyber education for employees is a must to keep protected from the latest hacks and scam tactics. Since employees are often the first line of defense, a cyber-smart staff can mitigate threats of all types––from deepfake voice scams and email phishing to currently trending hacks. Knowing that a well-informed staffer can spot and stop a deepfake voicemail before it’s too late is a great investment in the future.
Using multifactor authentication (MFA) to verify logins, customers, and vendors is necessary. Additional layers of authentication go a long way verifying the person on the other end of a message is who they say they are. Voicemails directing company funds be transferred require a multi-layered security approach. Since a hacker hopes to be the recipient of a wire transfer, several staffers should review and verify the request before completing it. In addition, staff are urged to verify communications directly with the sender. Making a phone call to a vendor, co-worker or boss is key for verification vetting, especially for those employees working with finances. Also, adding a video element to vetting a voicemail provides an even higher layer of verification when you can both see and hear the sender.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org