audio dip fakes are used for fraudulent calls in messengers
Cyber security experts FACCT (formerly Group IB) have revealed the rise in the use of audio dipfakes for scam calls on messengers. With the help of AI, hackers falsify the voices of company managers to authorize the transfer of funds. Small and medium-sized businesses, where many processes are tied to the owner, are most prone to such attacks.
The fraudulent scheme was called FakeBoss. First, attackers create a fake account of the manager with his name and photo from social networks. They usually use Telegram. After that, with the help of AI tools, an audio deepfake of his voice is created, samples of which are obtained from a telephone conversation or when hacking a messenger from voice messages. Then hackers call subordinates with the help of an audio deepfake, enter into trust and force an employee, for example, the chief accountant of the organization, to make a payment to the right accounts.
As Informzakhist notes, it is difficult to keep statistics of such incidents, as companies usually do not disclose them. Experts estimate a 30% increase in the new type of fraud compared to 2022.
Despite the fact that Russia has an “Antifraud” system designed to combat calls with a replacement number, it does not respond to calls through messengers.
The vice-president of the Association of Banks of Russia Oleksiy Voilukov believes that the growth of such fraud should lead to increased attention to operational risks and compliance procedures.
Commercial director of SafeTech, Darya Verestnikova, is sure that the problem needs to be solved by banks, which “must not skimp on means of confirming transactions, including legal entities, and on anti-fraud systems, and the head of the company must see who is being paid.”
Similar incidents also happen abroad. So, in 2020, fraudsters cloned the voice of a bank director in the UAE and used his withdrawal of $35 million.
At the same time, the IS company Servicepipe reported that SMS bombers attacked banks 20% more often in the last six months than a year ago. They used combinations of logins and passwords from previously disclosed databases and tried to log into customers’ bank accounts using them. The systems sent an SMS with a verification code to the client. Each such attack could lead to the sending of several hundred thousand messages per day, and losses from it for the bank could amount to 2 million rubles. As a result, the costs of banks and credit organizations for SMS mailings increased by 1.5 times over the last six months.