Cybercriminals Impersonate Chief Exec’s Voice with AI Software

This is a worrying step-up from business email compromise (BEC) scams. The old adage ‘trust but verify’ needs to be applied even if it appears your CEO is telling you to do something…:

[…] As part of an incident in March, an attacker called the CEO of a UK-based energy business pretending to be the head of its German parent company. Analysts believe AI-based software was used to impersonate the chief executive’s voice, as it had the slight German accent and other qualities the UK CEO recognized in his boss’s voice — qualities that led him to believe the call was legitimate. The caller issued an “urgent” request to the CEO, demanding he transfer $243,000 to a Hungarian supplier within an hour’s time.

The transfer went through and the money was later moved to other countries. Scammers continued to contact the UK company and make additional payment requests, according to Euler Hermes, the organization’s insurer. However, the CEO grew suspicious and did not transfer the funds.

While this incident is still under investigation, the Wall Street Journal cites officials saying this impersonation attack is the first in which fraudsters “clearly” leveraged AI to mimic someone’s voice. It’s believed this technology could make it easier for scammers to manipulate enterprise victims, complicating matters for defenders who don’t yet have the technology to detect them.

[…]

Original article here