Last week, Facebook announced that phone numbers—among other personal information—were compromised from 133 MILLION US-based users. Specifically, records contained names, phone numbers and unique identifications for each user.
Why might this be of concern to you?
Hackers today are using a variety of channels to get into your business network—including using social channels for information to get a hair’s length from network access to your sensitive data and accounts.
One of the latest tricks? Scam phone calls.
I know you might be thinking why in the heck would I focus on phone calls? Shouldn’t we dive into email attacks? Other network attacks?
Yes, email phishing remains one of the biggest threats to your network security today—especially if you are not equipping yourself with the necessary technology, processes and training to help you avoid major data breaches or ransomware attacks.
But what makes cyberattacks even more concerning today is how tricky and agile thieves have been getting.
In a recent major defense conference held last month, many cybersecurity analysts and experts were talking about just how scary fake videos—often referred to as “deep fakes”—can be. In several recent crafty videos, hackers were able to overlay and manipulate recorded voice and video of an important person (presidents, CEOs, other officials, etc.) to make that person say completely different and untrue things. Very talented graphics-minded hackers have been able to deceive millions of people into believing the legitimacy of such videos.
Today, they have gone one step farther.
Instead of focusing on creating more believable videos—which are extremely difficult to get completely right and are incredibly laborious—hackers and criminals have focused on voice recordings to manipulate businesses out of hundreds of thousands of dollars per call.
Thieves are using voice-mimicking software to imitate you or someone on your executive team.
They have created software using artificial intelligence and call your office—directly calling a subordinate, asking for hundreds of thousands of dollars directed to an account. Many that have fallen victim to these schemes were told the money was for an insurer or to put a down payment on some business-related future expense.
These criminals have taken hundreds of thousands of dollars per hit thus far.
By using artificial intelligence and voice modification software, the attacker/ scammer is able to mimic a person’s voice tones and cadence to the point where it sounds exactly like the person. With a little bit of social engineering research, they could get a sense of commonly used phrases or words and important events in your life and within your organization to make generally reasonable requests for fund transfers.
Even unreasonable requests have gotten through simply because the voice on the other end of the line is uncannily similar to the real person. Could you imagine your assistant or colleague fielding a call from what seems to be you, asking for a down payment on a lease? Or payment for some new servers? A party that you have been planning for your team?
No matter what the request, many accounting team members or members of your staff that control the purse strings have been duped by voice imitation scams lately.
I want to underscore this point: criminals will use whatever tools they can to achieve their objectives.
Companies like Google are already working on these AI-driven voice technologies to imitate other people. Criminals are not reinventing the wheel—they are simply borrowing one that has already been made.
How can you help guide your staff to be aware of voice imitation scams?
This would be a good time to review how to handle email phishing and other scams.
The problem with most of us is we trust other people—this is an innate characteristic that’s in our genes. What we have to get in the habit of doing is taking a step back and asking ourselves for a moment some very basic questions:
- What’s going on here?
- Why is this person calling [or emailing] me?
- Does this request seem reasonable or should I try calling that person’s work/cell number on file after hanging up just to verify some of the information asked for?
By making it a habit to be skeptical to requests or unexpected emails, we begin to be more responsible with our trusting nature. Simply asking a few more questions to make sure or verify a request—especially big requests that come out of the blue—provide simple controls at work to overcome costly scams.