It can take as little as 10 seconds for AI to construct a convincing voice – vishing – gathered from your online videos, such as TikTok, Instagram, YouTube or simply over the phone.
If it has a longer voice sample, AI can nail pitch, tone, rhythm, speech patterns, and unique vocal quirks. It’s about capturing the overall essence, including emotion, pace, and emphasis.
Combine that with AI deepfake facial animations, live conversational language models, and you may as well be talking to your mum! Although cybercriminals usually don’t try to deepfake someone that close to you, and avoid video.
Don’t believe me – try the free Minimax voice cloning and be prepared to be blown away.
Vishing is voice cloning backed by powerful AI
While most vishing is done over the phone, there are many scenarios of scammers using WhatsApp or other country-specific VoIP programs.
How is this relevant to you?
AI trawls dark web and social media profiles to identify potential targets whom a deepfake vishing call may fool. This primarily involves identifying links between you and a person you report to and using social engineering to create a believable script.
It is highly suspected that the Qantas hack was due to vishing. AI impersonating a known senior-level person and coercing the Manila call-centre operator to ‘urgently’ let them in to the system.
Vishing was used to impersonate a company director as part of an elaborate scheme that convinced a branch manager to transfer $35 million.
It has been used to create a sense of urgency to transfer funds to someone who has suffered an accident, usually overseas and has conveniently lost their mobile phone.
The key to vishing is urgency and believability
Accidents, kidnapping, business interruption, frozen accounts, breaking the law, overdue tax, romance scams, and more are used to convince you to act immediately without verifying that the caller and the reason are real. Forgive me for being ageist (I resemble that remark), but non-tech-savvy seniors make up a disproportionate number of successful scams.
Why? Scammers request immediate payments, often via online third-party (non-bank) payment services. Any unusual payment method should immediately raise concerns as these are non-reversible and not traceable.
Question the urgency behind any rushed financial requests, and apply reason. Would my boss or a family member pressure me to send money?
Tips to follow to reduce vishing
- Don’t provide or confirm your personal information, workplace, or home address over the phone.
- Don’t answer phone calls from unknown numbers. Let the call go to voicemail, and assess the legitimacy of the message before responding.
- Listen carefully to the caller’s voice to detect anomalies or odd background noise.
- Pause and think before responding to requests—especially when requests are urgent.
- Ask questions. If the caller demands information or offers a prize, say you need their name and company phone number to verify their identity. If they refuse to provide this information, hang up. If they provide it, ensure it’s legitimate before you provide your information in return.
- Register your phone number with the Do Not Call Register. Legitimate companies respect this, so receiving robocalls and telemarketing calls strongly indicates vishing.
- Use a safe word. If a caller impersonates a colleague or family member and can’t give you the word, it is likely vishing.
- Don’t respond to emails or social media messages that ask for your phone number. This tactic is often the first step for vishing.
- Enable spam call blocking on your phone.
You can read more at Trend Micro.
Comments