AI ‘can mimic voices of people you know’ as security experts reveal trick to stay safe from new ‘robo vishing’ attack
A NEW type of scam is on the rise – and it uses AI tools to mimic the voices of people you trust.
“Vishing,” a portmanteau of “voice” and “phishing,” is a voice-based cyberattack. Unlike traditional phishing, where criminals send emails purported to be from reputable sources, it is carried out over the phone.
Criminals call victims and attempt to persuade them to disclose sensitive details like credit card numbers and bank account information.
The scammers may pose as bank employees or customer service representatives and insist your information is needed to resolve a problem.
And a new threat makes these plots ever more convincing – the use of AI to “clone” voices.
Advanced voice manipulation tools can create realistic synthetic voices or even mimic the voices of people you know.
All a scammer needs is a video of your family member or friend, which may be readily available on social media.
The rest is simple – the audio is fed into software that generates entire sentences using their voice.
The Federal Trade Commission sounded the alarm on voice cloning attacks early last year.
“All (a scammer) needs is a short audio clip of your family member’s voice — which he could get from content posted online — and a voice-cloning program,” the agency wrote.
“When the scammer calls you, he’ll sound just like your loved one.”
To make the scheme even more convincing, fraudsters may fake the origin of a call through a technique known as caller ID spoofing.
By utilizing Voice over Internet Protocol (VoIP) technology, which connects calls over the Internet, scammers can assign incoming phone numbers to pose as a trusted individual or organization.
Call spoofing factored into a scam sweeping the Las Vegas area earlier this month.
One anonymous victim received a call that showed her bank’s name on the caller ID. She was instructed to check her account, where she spotted two fraudulent transactions.
The scammers took things a step further, sending a “courier” to her doorstep to cut her credit card in half while she was still on the phone. It was a costly mistake – the woman lost out on $9,000.
To protect yourself from falling victim, you should start by knowing the warning signs of a vishing scheme.
Scammers often ask their victims to act urgently to resolve a shipping error or correct fraudulent charges. A forceful approach should raise red flags.
Always exercise caution, as a caller ID may not be enough to verify a caller’s identity. Security experts recommend hanging up and dialing the organization directly.
As a general rule, never provide personal information, such as Social Security numbers, credit card details, or passwords, to unsolicited callers.
How are scammers finding my number?
Here Mackenzie Tatananni, science and technology reporter at The U.S. Sun, breaks down ways a scammer may get your information.
Scammers commonly get phone numbers from data breaches, which occur when a hacker accesses a private database – often those maintained by companies like service providers and employers.
This information may be shared and circulated online, including on the dark web, where there are forums dedicated to sharing leaked information.
Another common technique called wardialing employs an automated system that targets specific area codes.
A recorded message will instruct the listener to enter sensitive information, like a card number and PIN.
There is also a far more harrowing possibility: your phone number could be listed online without your knowledge.
Data brokers are hungry to buy and sell your information. These companies gather information from various public sources online, including social media and public records
Their primary goal is to build databases of people and use this information for tailored advertising and marketing.
Much of this information ends up on public record sites, which display information like your phone number, email, home address, and date of birth for anyone to see.
In the United States, these sites are legally required to remove your information if you request it.
Locate your profile and follow the opt-out instructions, but be warned – these sites do not make it easy and intend to frustrate you out of completing the deregistration process.
For simplicity’s sake, you can also use a tool to purge your information from the Internet.
Norton offers one such service. Called the Privacy Monitor Assistant, the tool finds info online and requests removal on your behalf.
It is also possible that your phone number may be linked to a social media account and publicly displayed on your profile – this happens quite frequently with Facebook.
Be sure to review your privacy settings and confirm this information is hidden away from prying eyes.
Notify your bank of attempted fraud. Mention the information the caller requested and the phone number or area code.
Report suspicious calls to agencies like the Federal Trade Commission to keep yourself and others safe.
It is also worth listing your mobile and home phone numbers on the National Do Not Call Registry, a database maintained by the United States federal government.
While there is no guaranteed way to prevent scammers from contacting you, the registry is an effective defense against telemarketers.