How to Prevent AI Voice fraud with codewords for transactions
With the advent and widespread availability of voice cloning AI, a new form of scam has emerged, posing a significant threat to businesses. This scam targets team members to deceive them into transferring financial transactions to scammers.
Training voice cloning AI is surprisingly simple. It takes three to 15 seconds of someone's voice to create a close imitation of their speech patterns. Numerous AI startups compete in this field, offering free trials to gain market share. This accessibility underscores the urgency of the situation.
It's important to note that the majority of these companies are utilising voice cloning AI for entirely innocent and beneficial purposes, such as:
Accessibility: Voice cloning can help people with speech impairments or disabilities communicate more effectively.
Restoration of Lost Voices: For those who have lost their voices due to illness or injury, voice cloning can help restore their ability to communicate.
Educational Tools: AI-powered voice cloning can be used to create interactive audiobooks or language learning programs.
Entertainment and Creative Industries: Voice cloning is used to create audiobooks, video games, and films dubbed into different languages.
Customer Service: Voice cloning can create natural and personalised voices for virtual assistants and chatbots, improving customer engagement and more satisfying interaction.
How a voice cloning AI scam works
However, with anything good, it gets balanced out by something equally wrong. Bad actors such as scammers and hackers are using voice cloning AI to attack individuals and businesses, in most cases for monetary gain.
This AI tech has rebounded the old CEO email scam, in which scammers would break into a company email system and then send an email from a high-ranking executive requesting the recipient make an urgent bank transfer to a specific bank account. This scam worked and still does because the email appears to come from someone within the business. Secondly, it relies on the fact that most employees are too afraid to question a request from senior management and instead will action the transfer without question.
Now, with advances and email systems such as Google Workspace by Kimbley IT configured and monitored so these breaches can't occur, scammers are using Voice AI to attempt the same attack.
If your company has a video of an executive on your website or YouTube channel, scammers can use that audio to train an AI to replicate their voice.
Through LinkedIn, a scammer can identify who in a business is most likely to have access to finance, who is an executive and how those two people are connected; using this information, they know whose voice to clone and who they should target with the cloned voice.
They then use this information to select individuals to call or send audio messages to, asking for a transfer using the executive-cloned voice.
You may think this sounds a bit far-fetched, but this attack was used by scammers earlier this year to trick a Hong Kong-based finance worker into sending £20m to scammers. Again, in May, a voice cloning scam was used to try and get money from WPP, the world's largest advertising agency. The scammers failed on this attempt.
Using a Codeword to authorise transactions
Using a codeword that you change regularly is one way to beat scammers using voice cloning AI. You could mandate that the codeword be announced by anyone requesting a transaction. The scammer would not know this information and, therefore, fail the test.
You would need to share this codeword securely and only with the people who should know it. In Gmail, you could use a confident email to send the updated codeword and then set the email to redact its contents after a set period of time. You could also share the codeword through the password-sharing feature in your password manager.
Of course, you would be best off if your business had IT Assistance and Support so they can not only help with the secure sharing of data but also make sure your current systems are secure and have no holes that attackers could use to gain a foothold and launch an attack.
Book a video call below to learn more about how Kimbley IT can help your business keep its finances and data secure.
