Vishing Schemes Are Getting a Supercharge from AI

You get a panicked call from your employer, asking for access to a sensitive account. Or maybe they have an urgent need to have money transferred to cover a significant business expense. The reception is spotty, but it sounds like them, and losing your job by failing to respond to a crisis would upend your career, finances, insurance, and more. 

You provide the caller with what they’re asking for before thinking about it. The next thing you know, your company has been hit by a major security breach: Sensitive data has been compromised, vital funds have been transferred to an unknown third party, or worse.

If this sounds bad, imagine the scam being bolstered by AI-enabled voice cloning. Welcome to the world of vishing scams. 

The era of grammatically awkward phishing emails requesting your Social Security number now looks positively quaint in comparison to modern scamming techniques. Vishing scams are among the most effective, primarily because they put the target on the spot: Rather than having a few minutes to consider how to respond to an email or text, the person on the other end needs information and they need it now.

It gets worse: Modern AI solutions have made it relatively easy to create convincing facsimiles of voices using pre-existing recordings. If there’s a video of a colleague giving a TEDx talk or keynote speech, it takes a short time (three minutes, according to Microsoft) to clone their voice in real-time. 

What you can do:

1. Train your employees: Being fooled by vishing scams is one thing, not even knowing they exist is something else entirely. Informing your employees that even the most convincing of phone calls can still be suspect can help build a foundation of security awareness.

2. Have a security policy in place: Vishing scams tend to work because their targets generally don’t want to be seen as impeding critical processes. Having a security policy in place that they can refer to can help take the pressure off of them.

3. Verify the calls: If someone calls requesting access or a password reset, try following up with them via other means, including sending a text, emailing their personal account, or using a two-factor authentication app. If a caller has somehow lost access to their phone, passwords, personal email accounts, and social media accounts, you can assume it’s a scam call (or horrible life decisions on the caller’s part). 

Scammers are only getting more clever, AI is only getting more powerful, and the combination of the two makes small businesses and studios easy prey. Having a proactive plan to deal with incoming vishing calls can help protect your business, data, and finances.

Worried about your organization’s cybersecurity protections? Fell prey to a vishing scam? Nodal can help! Contact us today.