What's Artificial Intelligence (AI) Voice Cloning? What Do I Need To Know?
Most of us have heard of scams where a person (often a grandparent) is conned into thinking a relative is in trouble because they receive a telephone call from someone who sounds just like their relative.
Or maybe a parent receives a phone call from what sounds like their child saying they have been kidnapped. The voice is followed by the voice of a “kidnapper” saying unless the parents wire them a ransom, the child will be harmed. Only to find out that the phone call was a hoax.
Why do phone calls like this matter to businesses?
According to published reports, artificial intelligence (AI) tools can clone your voice after hearing you speak for just three seconds. Why does this matter? What are the implications for your business?
Imagine you work in accounting and receive a phone call from someone you think is a work colleague. They ask you to perform a routine action such as transferring money from one corporate bank account to another.
You make the transfer, only to learn later that it wasn’t really your work colleague making the request, but rather an unauthorized person who sounded exactly like your work colleague.
Ever posted a video online and narrated it with a funny commentary? Criminals can use a short snippet of your voice to create a recording that sounds just like you and that directs one of your employees to do something like provide sensitive information or money.
Who would question a request from the boss or a senior-level colleague?
Consider your personal voicemail greeting on your business phone. It seems more personable, right? Even a brief voicemail greeting can be used by bad actors who may call your telephone number just to record a voice sample they can use for nefarious purposes.
Although rarely used, even SIM card duplication is also possible, meaning that calling a verified phone number is not a guarantee of sufficient authentication for important and/or consequential transactions.
Understand the implications for your business now?
Examples like these are reason businesses need authentication methods outside of “I recognized the voice” or “I called their phone number.”
At Kelser Corporation, our experts keep up with developments in AI as part of their job. Whether you work with us or not, this is an important topic for business leaders at organizations of all sizes to understand. (And, don't worry, I'm not writing this article to convince you to work with us.)
This article explores how cybercriminals are using voice cloning to target businesses, how it works, the potential implications, and steps you can take to guard against becoming a victim.
What Is Voice Cloning?
Voice cloning is the duplication of someone’s voice using AI software.
How Does Voice Cloning Work?
Between TikTok, YouTube, and other online applications (as well as telephone calls and voicemail greetings), it’s relatively easy for cyber thieves to find a snippet of a person’s voice online. They feed it into software and use a voice-generator program to craft a message in another person’s voice.
With the proliferation of artificial intelligence software, this process has become easier, cheaper, and more accessible to the general public.
The end goal is to receive money or sensitive information that the criminals can use to their advantage.
Who Is Vulnerable?
Voice cloning used to be primarily used by thieves who were looking to exploit money from private citizens, but a whole new focus has sprung up that targets companies with deep pockets and sensitive information.
Related article: Top 10 Cybersecurity Tools To Protect Business Data
Who Needs To Be Careful?
Everyone needs to be careful.
If you receive a telephone call advising you to take urgent action, slow down and think logically about how you can verify this request.
How Can You Protect Your Business?
In recent times, it’s become more important than ever for businesses to guard against voice cloning.
Some of the ways business leaders have chosen to protect their organizations are as simple as implementing procedures that require double verification when a finance person receives a request to transfer money.
This verification process is similar to the one many organizations have put in place to deal with social engineering tactics like spoofing emails that may (at first glance) appear to come from an authorized company representative.
Related article: What Is Social Engineering? Tactics, Impact & 6 Tips To Avoid It
For smaller businesses, the procedure could be as simple as confirming a request by verifying it in person either via a face-to-face conversation or reaching out to the requester via a phone call to their direct line. (Although, as discussed, the potential for SIM card duplication can make even phone verification less reliable.)
For larger organizations the verification process is likely to be a bit more formal and may require more than one step.
Other organizations have implemented the use of safe words that must accompany any request for sensitive information or wire transfers.
Whether you have specific procedures in place or not, the Federal Trade Commission recommends verifying any phone calls that encourage you to take immediate action (whether they seem suspicious or not) with the person either in person or via telephone.
Basically, that old saying "trust, but verify" comes into play
Why Is AI Voice Cloning Dangerous?
AI voice cloning can be dangerous on many levels.
It can be financially devastating. It can be a way for someone who is seeking to do harm to find out the address of or other sensitive information about an employee.
It can be a way for people to gain access to bank accounts.
Those are just some examples off the top of my head. The implications can be significant.
What’s The Bottom Line?
In this article, we’ve explored what voice cloning is and how it works. We’ve talked about who is vulnerable and who needs to be careful. We’ve discussed the actions business leaders can take to protect their organizations and the potential implications of voice cloning.
Business leaders need to be alert, implement verification procedures, and ensure that their users know what to do and how to verify requests for immediate action.
One effective way to keep issues like voice cloning top of mind for employees is to provide security awareness training on a regular schedule. Learn what security awareness training is and who needs it.
At Kelser, we offer security awareness training and other cybersecurity tools as part of our comprehensive managed IT support services. But, I’ll be honest: we know managed IT isn’t the right solution for everyone.
You may have internal staff that can help develop procedures and training modules to foster employee awareness of security issues like voice cloning.
And, if you don’t and are considering partnering with an external provider, let me be the first to encourage you to explore several options.
You may be surprised to hear that, but the truth is there are a variety of options out there and the most important thing is that you find a provider that is a good fit for your organization.
You want a provider that treats your business like you would. You want them to understand your business strategy and goals. How else can they figure out the best technology to help you succeed?
Explore your options for IT support by reading this short article that explains different types of IT support.
In our 40 years of business, we’ve learned businesses often have unique industry-related regulatory or contractual IT requirements. Whether it’s NIST 800-171 or HIPAA, multi-factor authentication (MFA) or preparing for CMMC 2.0, your IT partner must be well versed in your industry to help move your infrastructure forward.
Not sure where to start? Here’s a list of the 10 best questions to ask any IT provider.
If you have questions you can use this checklist to self-assess whether managed IT might be a good solution for you.
Or, if you prefer to talk to a human, click the button below and one of our IT solutions experts will reach out to schedule a 15-minute call at your convenience to discuss your business, your goals, your strategy, and your current IT pain points.