AI phone fraud

A few months ago, BR reported on attacks that work very similarly to the analogue “grandson trick”. Attackers pretend to be a close family member, claiming to be in an emergency situation – and in need of money. In reality, they are fraudsters. The aim is as clear as it is obvious: to get money from the caller and take advantage of their good faith.

AI algorithms that simulate familiar voices

Artificial intelligence puts a whole new spin on such attacks. AI algorithms can not only be used to automatically generate text – a use case that the general public has been aware of since ChatGPT. AI algorithms can also be used for “deep fakes”, where photos, videos or even audio sequences are faked. While the forgery of fake videos can often be detected on closer inspection, it is almost impossible to detect fakes in audio sequences. Specifically, the scam works in the same way as any other money scam: the person called (the victim) is put under pressure by the caller (the scammer) that something bad has happened and money is urgently needed. For example, the scammer pretends to be a close family member and says he or she is in hospital. Deep fakes using voice imitations are particularly insidious – because in a real-life stress situation, the imitation is unnoticeable. What is more, as technology advances, these imitations are getting better and better.

Set a shared password

How can you protect yourself? As recommended in the BR article, a shared password (secret) can be agreed. When a supposed victim receives a phone call, he or she should first ask the caller for the secret. If there is no answer or the caller is abusive, it is best to hang up – and try to reach the supposedly distressed family member on their mobile phone, for example.

We are also increasingly seeing such attacks in the business environment. Our awareness training therefore explicitly addresses such attacks. These types of attacks are also covered in our e-learning courses. Would you like to know more about how TEN Information Management can help your organisation to improve its information and IT security? We are available for a free initial consultation.

More articles

Cloud security myth busted: Common misconceptions about security ownership in the cloud In recent years, cloud technology has become one of the most important and widely used IT infrastructures. Organisations of all sizes are taking...
ISO 27001 – Management of technical vulnerabilities The newly published ISO 27001:2022 in October 2022 brings a restructured catalogue of measures. Among other things, the new measure A.8.8 – Management of technical vulnerabilities – was...
Efficient protection through 2-factor authentication Multi-factor authentication (MFA) or mostly 2-factor authentication is on everyone’s lips. You read a lot about the benefits – and yet you are often annoyed when “the second factor” has...