Voice and video phishing, effectionally called “vishing” is now the future of cyber fraud. What’s more worrying is although we thought that this human and AI cyber fraud system was a few years away, it’s actually already here and being used to disrupt financials from businesses.
So what is it? Check out this video below for a brief rundown on what is expected to be one of the most viralent methods of cyber fraud in 2020.
So essentially we all know that phishing uses emails to pretend to be something or someone they are not and attempt to capture your data, money or private information through cyber fraud. Vishing is the same premise but instead of using emails to commit cyber fraud, they use telephone, audio and video to do that.
So how do cyber fraudsters commit a vishing attack?
Well, they use deek fake videos, utilise skype, facetime, teams, webex, zoom (amongst thousands of other cloud communication platforms) and spoof telephone calls from names and numbers you might even recognise (like your partner or colleague). This sounds like some cyber threat from the future but it’s scary stuff and is happening right now. There are apps that are free to download from mobile app stores or even to use on your web browser to achieve a deep fake and launch a vishing attack.
For example, using Lyrebird and SpoofCard, together with time, patience, AI (artificial intelligence) improvements and perserverance, it will be fairly simple to launch a malicious fraudulent cyber security attack on a business or consumer group. In fact with just 100 hours of video, a truly sophisticated and believable vishing attack can be executed on an unsuspecting business or individual.
Now for a couple of resources to look at
- This was one of the first vishing attacks to be committed and be successful, where a women transferred $243,000 to the cyber fraudster after receiving a telephone call that she presumed was from her manager. This article explains how AI is helping to enable vishing cyber fraud at https://www.computing.co.uk/ctg/news/3081119/ai-mimick-voice-crime
- Hiscox launched a great advert about how you can’t really tell the difference between an artificial voice and a human voice. Check out the video below.
3. How can you spot a deep fake video? This article from cyber security platform Heimdal Security explains some tips to identify the “tell” such as blinking, slow or unusual speech, artificially-looking skin and more at https://heimdalsecurity.com/blog/deepfakes-can-ruin-your-business/amp/
You can also watch the video below from Bloomberg about how deep fakes are getting harder to spot.
What can we do or what do we need to protect us from vishing?
Unfortunately, not much yet! Unlike email filtering with advanced protection or web filtering that protects against phishing, there isn’t the technology yet that can protect from vishing. Because it’s just so new. Until some sort of sophisticated MDM (Mobile Device Management) or other cyber security technology can be developed and launched that can scan audio and video on mobile phones or computer and cloud applications, cyber security awareness training (SAT) is what must be continued to be run inside organisations. Vishing is a very personal cyber fraud mechanism so training your company to spot and stop a vishing attack before it becomes a success is key.
If you compare in the UK in the last 12 months the hugely popular cyber term phishing, with deek fakes and vishing, you can see that people are not even searching about vishing as they don’t know about it. This shows that cyber security experts and IT support companies need to be updating their clients with this important and crucial information on vishing and other emerging cyber threats.
Using a cyber security expert to keep you and your staff updated on new cyber threats out there is key to keeping your business protected. It goes back to the old phrases, if it seems to good to be true or if something just doesn’t feel right, don’t follow what you’re being asked to do (just like with phishing, don’t just click on that link!), call/speak to an official valid member of your company, investigate, challenge and ask for help.