IMPORTANT personal information like your passport details could be unknowingly handed over to hackers in just minutes, a professional hacker has proved.
It’s all thanks to voice cloning, which has advanced massively alongside the growing sophistication of artificial intelligence (AI).
2
2
“I used AI to clone a [CBS] 60 Minutes correspondent’s voice to trick a colleague into handing over her passport number,” professional hacker and CEO of cyber awareness firm SocialProof Security, Rachel Tobac, wrote on Twitter.
“I cloned Sharyn’s voice, then manipulated the caller ID to show Sharyn’s name with a spoofing tool.
“The hack took five minutes total for me to steal the info.”
Tobac is what’s known as an ‘ethical hacker’ – someone who studies how cyber criminals operate to show people and businesses how to better protect themselves.
The company she helms is one responsible for teaching some of the world’s biggest companies, as well as the US military, how to protect themselves against social engineering in the dawn of AI.
Social engineering is when fraudsters use information found online to manipulate their victims into handing over sensitive details about themselves – or even money.
It’s a tactic that has been used by scammers for years.
But AI has made it much harder to detect.
Most read in Tech
These days, it’s difficult trust your eyes or ears.
This is thanks to spoofing tools that disguise numbers, so it looks like the call is from someone you know, and AI voice cloning tools.
Just last month, a mother shared a chilling warning about an AI phone scam where the criminals stole her daughter’s voice and pretended they had kidnapped her in an attempt to steal $50,000 for her “safe return”.
“The victims of these impersonation scam calls often realise it’s not real JUST AFTER wiring the money to the attacker because they wait to text, call, email, or DM the person being impersonated — then hear back from the impersonated person that they’re safe after money is gone,” Tobac explained.
“Some suggest setting up a secret ‘verification word’ with their loved ones so that if someone impersonates and demands money/access etc you can ask for the verification word to see if it’s a real crisis.
“This won’t work for all people but could work for some. If it’s a match, use it.
“In general, I recommend keeping advice simple: if premise of call is dire use a second method of communication to confirm a person is in trouble before taking action (like wiring money or sensitive data).
“Rapid text, email, DM, have others message repeatedly — before wiring money.”
The Sun has written a guide on how to protect yourself from AI voice scams.
These are the main ways to protect yourself:
- Don’t share your voice online – or have very strict privacy settings so only those close to you can have access to these clips. As little as three seconds of audio is required, according to McAfee, before an AI voice generator can spin an array of different sentences that had never actually been said by the person.
- Think before you click and share – It can be tricky to know who exactly is in your social media network and how wide that chain goes. You don’t want to unknowingly put someone else at risk.
- Be wary of unsolicited calls – Be vigilant when it comes to random phone calls and voice notes – especially if they concern money. Don’t trust that the person over the phone is who they say they are, unless you can verify it yourself.
- High-pressure tactics are a major red flag – Emotional manipulation and high-pressure tactics are techniques often deployed by scammers.
- Have a code word – A code word must be something only they know, and will be the final bow in your sheath when it comes to combatting voice fraud and knowing if someone is who they say they are.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
