The FBI Releases Warning of AI Voice Cloning Scams

image provided by pixabay

This post is also available in: עברית (Hebrew)

The San Francisco division of the FBI is warning individuals and organizations to be aware of cybercriminals increasingly using artificial intelligence to “conduct sophisticated phishing/social engineering attacks and voice/video cloning scams.”

The FBI said at the RSA cybersecurity conference in San Francisco that “AI provides augmented and enhanced capabilities to schemes that attackers already use and increases cyberattack speed, scale, and automation.”

Cybercriminals use publicly available and custom-made AI tools to orchestrate highly targeted phishing campaigns, exploiting the trust of individuals and organizations alike. According to Interesting Engineering, the use of AI in phishing attacks lets threat actors create convincing messages that are tailored to the victim.

While conventional phishing scam messages usually have signs of deception (like poor spelling and grammar), AI-generated phishing messages often have accurate grammar and spelling that increase the chance of deceiving the recipient.

The FBI further warns that cybercriminals nowadays are also using AI to clone voices and impersonate individuals like family members, co-workers, or business partners: “By manipulating and creating audio and visual content with unprecedented realism, these adversaries seek to deceive unsuspecting victims into divulging sensitive information or authorizing fraudulent transactions.”

The FBI released an alert to warn businesses and individuals of the risks surrounding the malicious use of AI. They said they “encourage individuals and businesses to mitigate the risks associated with AI-powered phishing and voice/video cloning” by remaining vigilant and implementing multi-factor authentication where possible.

The following tips were also included in the warning reports, advising how to protect yourself against these kinds of threats:

The first advice is to stay vigilant, and not trust any messages requesting funds or credentials – organizations should instruct their employees on the dangers of phishing and social engineering attacks and emphasize the importance of verifying the authenticity of digital communications, particularly those asking for sensitive information or financial transactions.

They also advised using multi-factor authentication solutions that will ultimately add another layer of security, making it harder for cybercriminals to get unauthorized access to accounts or systems.