Voice Messages – the New Cybercrime Frontier

image provided by pixabay

This post is also available in: עברית (Hebrew)

With many reports claiming voice messages are gaining popularity, especially among the younger generation, malicious actors are now trying to use this trend to their advantage.

AI-generated audio deepfakes are already a known concept, and they are increasingly used in cyberattacks, especially those related to identity. Another common type of attack is “account takeover attacks”, as they are the highest value for the bad actor – Aaron Painter, the CEO of security solutions provider Nametag, explains: “Taking over someone’s account lets you control whatever that account has access to. For an employee account, this means planting ransomware or accessing sensitive company data. For a customer account, you could hijack social media or bank accounts. Deepfakes make it easier. They are superpowers for bad actors.”

According to Cybernews, the main reason audio deepfakes are on the rise is the ease with which they can now be created – while it took 20 minutes of sound to produce an audio deepfake back in 2020, now only a few seconds are enough. Painter adds that while more might be required for a higher-quality fake, a successful attack could work with a relatively low-quality deepfake.

Jason Glassberg from Casaba Security theorizes that the next wave of cyberattacks is going to exploit the young generation’s habits of sending voice notes. “Keep in mind, most people – especially those who are younger – are now well aware of the risks of phishing, smishing, and even conversation hijacking in the context of text-based exchanges,” he says. “They’re more likely to be skeptical when something seems off or not quite right in a written message, such as a financial request. But a voice message is different. It’s more convincing.”

When it comes to determining if an audio is a deepfake, Glassberg thinks the best approach is to evaluate the context, consider who the sender is and what channel is being used (for example, a voice message in a large open group chat is more suspicious than a message in a private, one-on-one chat).

He also mentions noticing edits or unnatural noises, out-of-character remarks by the speaker, and recommends paying attention to breathing, as many deepfake voices do not breathe.