As companies ramp up protections against account takeovers, spearphishing and other impersonation attacks, attackers are upping their game by collecting more and richer personally identifiable information (PII). Unfortunately for defenders, this information is often easily available through public sources, leaked databases and black markets. That’s enabling more sophisticated business executive compromise attacks.
Voice deepfakes prove effective
Companies often post recordings of earning calls online, making it easy for attackers to find examples of the target’s actual voice, says Merritt Maxim, vice president and research director at Forrester Research. “You can then use those audio files to create the equivalent of a fake recording from the CEO,” he says. “‘Please transfer money to this person, it’s urgent.’ We’re going to see more of that scenario.”
The technology is getting better and easier by the day. To see this technology in action, check out a demo by artificial intelligence (AI) firm Dessa, in which they recreated podcaster Joe Rogan’s voice using a text-to-speech deep learning system they developed.