September 9, 2024 •Maria Singh, Cyber Content Manager at EnterpriseKC
Margaret, a retired teacher, enjoyed her peaceful mornings in her small suburban home. One day as she was enjoying her morning coffee, she received a frantic call from her grandson, Jacob, who was away at college. His voice was filled with panic as he explained that he had been in a car accident and needed money urgently to pay for the damages and avoid legal trouble. If he did not get the money right away, he could end up in jail.
The voice on the other end was unmistakably Jacob's - Margaret's heart raced with worry. Without questioning, she rushed to her bank and wired money to the account Jacob provided. It wasn't until Margaret called Jacob's mother later that day to learn how Jacob was doing that Margaret learned she had been scammed. The call had been a cruel trick, a cyber-criminal had used Artificial Intelligence (AI) voice cloning technology to mimic Jacob's voice, exploiting Margaret's love and concern for her grandson.
Voice cloning is when someone uses AI to recreate a person's voice to include their voice patterns, intonations, and speech rhythms, creating a near-perfect replica. A voice cloning attack begins with a cyber-criminal collecting audio samples of the target's voice.
These samples can be harvested from various sources such as videos on YouTube or personal posts on TikTok. After training on the recorded audio, AI generates new audio that sounds like the target. This generated voice can be used in various ways, from phone calls to voice messages, making it a potent tool for deception.
When creating voice cloning attacks, cyber-attackers often do their research first. Most of the information they need is publicly available on social media sites. They study their intended victims, to include both the person's voice who they are going to replicate but also the victim they are going to call. Cyber criminals not only learn who their victims know and trust, but which emotional triggers are the most effective. When making these phone calls, cyber-attackers often modify their Caller ID, so when the victims look at their phones, the phone call appears to come from a number the victim trusts. Caller ID can be easily spoofed and is not a good way to validate or authenticate people who call you.
The first step to protecting yourself is just being aware that voice cloning is now possible and becoming easier for cyber-attackers to do. Some steps you can take to protect yourself include:
Guest Editor
Maria Singh is a Cyber Content Manager at EnterpriseKC and a passionate WICyS member with over 14 years of technology and cybersecurity experience. She holds a SANS GIAC GSEC certification and is a Master of Science in Cybersecurity candidate at Purdue University. As past President of Women in Security Kansas City and OCA Corporate Achievement award recipient, Maria inspires women in STEM and cybersecurity. Her speaking engagements and leadership pave the way for future generations to thrive in these fields.
The views, information, or opinions expressed in this article are solely those of the author and do not necessarily represent the views of Citizens State Bank and its affiliates, and Citizens State Bank is not responsible for and does not verify the accuracy of any information contained in this article or items hyperlinked within. This is for informational purposes and is no way intended to provide legal advice.