Change language:
Get a quote

Cyber fraud through Voice Phishing

Jun, 13 2024
Cyber fraud through Voice Phishing

Phishing has been one of the most well-known cyber threats for years. In email phishing, the attacker attempts to steal sensitive data by sending a fake email. By implementing appropriate technical measures and training employees on how to handle and recognize these phishing emails, companies can establish an effective shield against phishing.

 


But what happens when an employee receives a call from a supposed superior with explicit instructions to make an urgent transfer or share sensitive information such as access data to privileged accounts over the phone? Is the telephone, the most traditional of all communication channels, vulnerable to cybercrime?

 


Let’s address this question later in the article and first delve into the concept of vishing. Vishing is a combination of "voice" and "phishing." For their attacks, fraudsters use stolen voice recordings that are manipulated using artificial intelligence to generate and deceptively imitate human speech. The speech patterns of a familiar person can be easily analyzed through machine learning and, which makes it particularly dangerous, reproduced.

 


Using neural networks, accents, speech speed, the timbre of a known voice, intonation in questions, and even emotional nuances can be embedded in the synthesized speech, making it almost indistinguishable from real speech to human perception and hearing.

 

Attackers can use deepfake AI to create audio recordings and make automated calls that even enable a conversation with the potential victim. Those who think they are safe by declining calls from "unknown callers" or believe they are on the safe side when the caller's name appears, proving the caller's identity, are mistaken.

 


The principle here is TRUST NO ONE (Zero Trust): In caller ID spoofing, the attacker manipulates caller information such as number or caller name. The attacker can enter any number, whether it's 911 or the superior's number, into the software of modern PBX systems.

 


The vishing attack often begins with the theft of voice data. This data can be publicly accessible in social networks or recorded phone calls. These data are then used for fraud through the aforementioned technologies.

 

It is remarkably easy for hackers to obtain usable data these days. Company websites often have entire organizational charts with employee names, positions, and associated photos. People share video posts containing voice data on social media platforms, which are often publicly accessible. Users may send voice messages through compromised accounts. These data are used by criminals for CEO fraud, for example. With about 100 words, which is less than a minute of speech material, state-of-the-art voice models can already produce accurate imitations.

In voice phishing, attackers rely on social engineering. They exploit the victim's trust, put them under pressure, or play on the callee's fear.

Conclusion: By fraudulently pretending to be a legitimate identity, cybercriminals increase the likelihood that vishing will succeed. Voice phishing combined with AI poses a serious threat to cybersecurity. The initial question of whether the telephone is vulnerable to cybercrime can be clearly answered with yes. Protection against voice phishing includes the implementation of technical measures such as caller ID verification, blacklisting, custom SIP headers, or caller ID filtering. Organizationally, people should develop an awareness of vishing to recognize suspicious calls. This applies both in the company and privately: Always critically question suspicious situations and verify the caller's identity through internal communication channels (internal extensions PBX) in case of doubt.

Tags

Zero TrustPhoneVishingVoice Vishing

Recent articles

ai-powered-automation-of-cybercrime

Apr, 2 2024

AI-Powered Automation of Cybercrime

In Germany, businesses are experiencing an unprecedented wave of cyberattacks, with damages reaching €206 billion in 2022. Artificial Intelligence (AI) plays a dual role, being utilized for both defense and as a tool in cybercrime. AI aids in detecting anomalies and preventing attacks, but it is also used by cybercriminals to automate attacks....

starsstars
line
line