Artificial Intelligence has been in the news a lot lately. One of the latest trends is to use AI tools to autogenerate text for articles, school assignments, and more.
AI tools are also being used to generate audio files that mimic human voices. This application has spawned another scam threat: voice cloning.
With just a few seconds of audio from any person, scammers can use voice cloning technology and AI language models to imitate a person’s voice.
In this article, we’ll explore what voice cloning is, how it works, and its potential impact on businesses large and small.
At Kelser, we track emerging technology and cybersecurity trends and threats. Whether you work with us or not, we want you to be informed so you know how to keep your business and data safe.
What Is AI Voice Cloning?
I always like to make sure everyone is on the same page when it comes to technology topics, so I’ll start with a general definition.
Developed in the late 1990s, voice cloning is the duplication of a person’s voice using AI.
With just a small amount of voice data, AI uses machine learning to analyze the data and create an artificial simulation of someone’s voice. Scammers use voice cloning technology to manipulate unsuspecting victims into taking unauthorized actions.
The proliferation of AI tools available on the open market has made voice cloning easier, cheaper, more effective, and more accessible to a wider international network of users.
Who Is At Risk Of AI Voice Cloning Scams?
Individuals, organizations, and businesses are all vulnerable.
Earlier this year, the Federal Trade Commission issued a general warning that scammers are increasing their use of voice cloning programs to ratchet up their family emergency scams.
You’ve likely heard of these scams in which a family member receives a call from someone they think is a relative asking them to wire money because they are stuck traveling, have been kidnapped, or had some other disaster befall them.
The victim doesn’t realize that they’ve been scammed until they talk next with their relative who has no idea what they are talking about.
What Is The Danger For Businesses?
Most businesses have authentication procedures in place to verify requests to transfer money.
What many business leaders don’t realize is that whether the request is an internal one or involves your organization’s financial institution, the procedures in place may not be enough to protect against voice cloning scams.
Scammers are up on the latest technology and know how to use it to meet their goals.
For example, with just a 3-5 second voice data sample, scammers can convincingly duplicate the voice of a member of the leadership team and ask a staff member to take actions that have significant financial and potentially legal implications.
Voice data samples are easily obtained through social media, videos, and even voicemail greetings.
If a staff accountant received an urgent request from a member of the leadership team, they likely will take action immediately and may not realize until it’s too late that the voice they heard over the phone wasn’t really the CEO.
While it used to be common practice for questionable requests to be verified by returning the call of the person making the request, SIM card duplication, while relatively uncommon, means a return phone call is no longer a guarantee of sufficient authentication for important, consequential transactions.
Businesses need to proactively develop authentication methods that go beyond voice recognition or calling the person at the number that shows up on their caller ID.
Voice cloning is challenging even advanced biometric technology currently used by financial organizations to verify identity.
6 Ways To Protect Your Business From AI Voice Cloning Attacks
Business leaders need to create a culture of security through a combination of tools, procedures, and training.
Here are 6 important ways to stay ahead of potential voice cloning attacks:
1. Procedures & Policies
If you don’t already have procedures and policies in place for financially and operationally significant actions, get them in place. If you do have them, make sure you review and update them regularly as new threats emerge.
2. Stay Informed
As with all security threats, there is no such thing as a “set it and forget it” solution for voice cloning scams.
Make sure that you continue to pay attention to emerging threats and adjust your protections and procedures accordingly. Attend conferences, read articles in trade magazines, and work with your internal or external cybersecurity experts to learn about new threats.
3. Identify Risks
Your organization likely has certain procedure that are more susceptible to voice cloning threats. Knowing which procedures are more likely to be exploited will make it easier to develop proactive ways to protect your business.
4. Multiple Authentication
In the same way that two keys are needed to open safe deposit boxes, some organizations have implemented second-factor authentication (via authorization or code words) for financial and other significant business transactions.
This is a simple but effective way to add another layer of security to certain processes and procedures.
5. Incident Response Plans
The age-old expression is true: the best defense is a good offense.
When it comes to voice cloning and other cybersecurity threats, understand what actions you will take when your organization is scammed.
Having a plan and reviewing it often ensures that when you detect a scam, you’ll know who is responsible for actions like alerting your customers and employees as well as your financial institutions and other important stakeholders. You’ll know where your back up data is and how to access it.
Being prepared will make the entire recovery process move more quickly and effectively.
6. Employee Security Training
Regularly scheduled employee security awareness training is one of the most effective and least expensive ways to keep threats like voice cloning in front of employees at all levels.
You may have internal IT experts that can handle this for your organization, or you may need to rely on external IT support. Either way, this is an investment that will pay dividends and engage your employees as active participants in your overall cybersecurity efforts.
Related article: What Is Employee Security Awareness Training? Do I Need It?
Many of these tools provide additional cybersecurity benefits as well, giving you extra protection!
What's Next?
In this article, we’ve explored what voice cloning is and how it works. We’ve talked about who is at risk of a voice cloning scam and the danger for businesses. We’ve discussed actions business leaders can take to protect their organizations.
We’ve also identified 6 actions you can take to protect your organization from AI voice cloning scams.
At Kelser, we offer security awareness training and other cybersecurity tools as part of our comprehensive managed IT support services. But, I’ll be honest: we know managed IT isn’t the right solution for everyone.
As we mentioned, you may have internal staff that can help implement the actions we’ve identified. If you don’t, consider partnering with an external IT provider to take proactive steps to keep your business safe from AI voice cloning and other threats.
I always encourage readers to explore several options when exploring external IT providers. The reason is simple: you want to make sure your IT partner is the right fit for your business.
You want a provider that treats your business like you would. It’s important that they understand your business strategy and goals. How else can they recommend the best technology solutions to help you succeed?
If you are just beginning to explore working with an external IT support provider, this short article explains different types of IT support.
Have a few providers in mind? Ready to start evaluating your options? Here’s a list of the 10 best questions to ask any IT provider.
Or, if you prefer to talk with a human, click the button below and one of our IT solutions experts will reach out to schedule a 15-minute call at your convenience to discuss your business, your goals, your strategy, and your current IT pain points.
