[imagesource:youtube]

Scammers are getting so savvy that they’re using AI to clone voices, specifically through WhatsApp voice notes.

Generative artificial intelligence tools are picking up steam, being twisted and turned to create slick scams that exploit and impersonate both businesses and individuals alike.

This global trend has now hit South Africa, where businesses and individuals are facing a whole new level of cybersecurity threats, with technology experts raising red flags, per BusinessTech.

Generative AI, originally crafted to boost productivity, automate tasks, and deliver swift analytical support, has unfortunately turned into a double-edged sword. While it brings unmatched efficiency to businesses, its misuse has paved the way for new and disturbing forms of cyber fraud.

The major worry, as pointed out by Stephen Osler, Co-Founder and Business Development Director at Nclose, is the threat posed by WhatsApp voice notes, especially for executives and top-tier employees.

With just a short snippet of someone’s voice—often snagged from social media, recorded calls, or previous voice messages—cybercriminals can whip up realistic, AI-generated audio clips that sound just like the target. These cloned voices can easily manipulate employees into following instructions that appear legitimate, effectively sidestepping standard security protocols.

Osler revealed last year that the rise of AI voice cloning has opened up a new realm of risk for both companies and individuals. He pointed to a striking case from 2019 in the UK, where criminals used AI-generated voice cloning to impersonate the CEO of an energy firm, resulting in a fraudulent transfer of $243,000 (around R4.3 million). In another case in Hong Kong in 2021, criminals exploited AI to steal $35 million (approximately R631 million).

Another example that Osler reveals is how an IT administrator might get a WhatsApp voice note from someone they think is their manager, instructing them to reset a password or grant access to crucial systems. In reality, the voice note comes from a cybercriminal, but the familiarity of the voice leads the administrator to comply, unwittingly giving the attacker access to sensitive information. Once inside, the criminal could exploit this access to deploy ransomware or steal confidential data, potentially bringing operations to a grinding halt.

Once cybercriminals infiltrate a company’s network and gain access to sensitive information, they have a unique foothold, allowing them to steal valuable data or hold a company hostage via ransomware, demanding payment to unlock critical systems.

Executive as well as junior employees, who may lack the experience to spot red flags in communication, are equally at risk.

According to William Petherbridge, Manager of Systems Engineering at Fortinet, the rapid shift to digital platforms, fueled by remote work and cloud-based technologies, has turned employees into prime targets.

Phishing attacks continue to be one of the most prevalent tactics for harvesting employee credentials. As Petherbridge points out, these phishing emails often imitate the language and tone of senior executives, pushing employees to comply quickly without questioning the legitimacy of the request.

However, he notes that this risk can be reduced by cultivating a culture of vigilance within the organisation and encouraging employees to scrutinise any unusual communications, even those that seem to come from trusted sources.

The alarming surge of AI-driven scams should serve as a stark wake-up call for organisations to ramp up their security measures and empower employees with the tools to recognise and combat potential threats. Measures like multi-factor authentication, regularly updating cybersecurity protocols and conducting ongoing training sessions for employees at all levels should keep you slightly ahead of the crime curve.

Every day people are also being targeted by these sophisticated schemes, with common scenarios including fake kidnapping claims, requests for urgent financial help from family members, and emergency messages, each crafted with chilling authenticity.

Staying a step ahead of cybercriminals in this age of increasingly sophisticated attacks hinges on awareness and proactive measures.

[source:businesstech]