A few months ago, BR reported on attacks that work very similarly to the analogue “grandson trick”. Attackers pretend to be a close family member, claiming to be in an emergency situation – and in need of money. In reality, they are fraudsters. The aim is as clear as it is obvious: to get money from the caller and take advantage of their good faith.

AI algorithms that simulate familiar voices

Artificial intelligence puts a whole new spin on such attacks. AI algorithms can not only be used to automatically generate text – a use case that the general public has been aware of since ChatGPT. AI algorithms can also be used for “deep fakes”, where photos, videos or even audio sequences are faked. While the forgery of fake videos can often be detected on closer inspection, it is almost impossible to detect fakes in audio sequences. Specifically, the scam works in the same way as any other money scam: the person called (the victim) is put under pressure by the caller (the scammer) that something bad has happened and money is urgently needed. For example, the scammer pretends to be a close family member and says he or she is in hospital. Deep fakes using voice imitations are particularly insidious – because in a real-life stress situation, the imitation is unnoticeable. What is more, as technology advances, these imitations are getting better and better.

Set a shared password

How can you protect yourself? As recommended in the BR article, a shared password (secret) can be agreed. When a supposed victim receives a phone call, he or she should first ask the caller for the secret. If there is no answer or the caller is abusive, it is best to hang up – and try to reach the supposedly distressed family member on their mobile phone, for example.

We are also increasingly seeing such attacks in the business environment. Our awareness training therefore explicitly addresses such attacks. These types of attacks are also covered in our e-learning courses. Would you like to know more about how TEN Information Management can help your organisation to improve its information and IT security? We are available for a free initial consultation.

More articles

ISO 27001 requires you to conduct an internal audit of your ISMS on a regular basis to verify conformity with the standard. Although it is called an “internal audit”, you can – and should –...
Although the new year is already a few days old, annual kick-off events are still in full swing everywhere. So we too have been thinking about what to expect in terms of information and IT...
Instant 27001, the simple and pragmatic documentation system for information security management systems (ISMS) according to the international standard ISO 27001, is now also available for Microsoft 365 in addition to Atlassian Confluence. Seamless integration...