Artificial intelligence (AI) tools are rapidly growing in number, as are data-stealing cyber scammers. Combine the two with existing cyber security threats, and you end up with a particularly tricky, and frankly quite scary, digital landscape. Small and medium-sized enterprises (SMEs) are often less equipped than larger corporations with robust defences, leaving them particularly vulnerable. Today, we’re exploring AI voice manipulation, its implications, and the means to protect your business against it.
What is AI Voice Manipulation and Where is it Happening?
AI voice manipulation involves analysing audio samples of a person’s voice, gathered from sources like social media, and then using artificial intelligence to clone or mimic it. Advanced algorithms can then generate audio of the cloned voice saying anything the scammer chooses. Initially developed for legitimate purposes, such as helping those with speech impairments, this technology has since been exploited by cyber criminals, who are putting it to far darker uses.
We’ve seen a rise in voice manipulation scams in the last year, predominantly targeting the general public. Playing on people’s empathy, scammers use the forged voices of friends and family members to try and extract money or other sensitive information from their targets. Someone might receive a call from their ‘grandmother’ (really a scammer using a spoofed number), telling them she’s lost her bank details and needs reminding of them for an urgent bill payment. Naturally, unsuspecting loved ones want to help, so they provide the information. Just like that, a cyber-criminal has everything they need to access Nana’s money and drain her account.
How Could Voice Manipulation Affect My Business?
It’s not just your average Joe at risk. For greedy cyber scammers with their sights set on bigger rewards, professional enterprises make lucrative targets. In lieu of breaching cyber security defences, scammers might use manipulated voice audio to impersonate CEOs, requesting urgent bank transfers from the finance department or sensitive employee information from HR. They could also target customer support channels, pretending to be clients or business partners to gain access to accounts and confidential data.
Distinguishing between real and AI-generated voices is incredibly difficult due to the personal and often informal nature of voice interactions. This is especially true over the phone, where voice quality may already be compromised. Take staff working remotely, for example; the rest of their team is used to them having limited control over background noise, so a muffled call could easily be excused by claims of a busy environment.
Isn’t My Current Cyber Security Enough?
You may be all over it when it comes to installing traditional cyber security measures for your business. Here’s the thing: defences like firewalls and antivirus software are designed to protect against intrusions into networks and systems, not deceit through human interaction channels. While these shields are essential, they don’t address the threat posed by AI voice manipulation, which leverages social engineering rather than technical vulnerabilities. As a result, even businesses with up-to-date cyber security can find themselves unprepared for these types of attacks. Regardless of your current IT knowledge or security strategy, it’s best not to assume you’re safe.
What is a Safe Code and How Do I Set One Up?
It all sounds a bit 007, but safe codes are actually far less enigmatic than espionage. All ‘safe code’ means is a pre-arranged code or phrase known only to specific people. Did you ever build a pillow fort as a child that required a (definitely very grown-up and not at all rude) password for entry? It’s essentially the same idea.
This code can be used to verify the identity of individuals in voice communications, particularly when sensitive information or financial transactions are involved. It acts as a simple yet effective layer of security to confirm that the person on the other end of the line is who they claim to be, not a scammer using an AI-generated voice.
Considering what an effective defence they are, setting up a safe code is fairly straightforward:
- Select Your Code: Choose a code or phrase that is easy to remember but hard to guess. Avoid common phrases or numbers associated with the business that could be easily deduced from public information. ‘Cyber security’, for example, would be a terrible choice for us.
- Educate Your Team: Ensure that all employees, especially those in sensitive roles, are made aware of the importance of a safe code. Educate them on where and how to use it, and reiterate that they’re not to disclose it outside the organisation.
- Implement a Verification Process: Establish a protocol for using the safe code during phone calls involving sensitive interactions. Train your team to request the safe code before proceeding with the conversation when they receive calls that require action on their part.
- Regularly Update the Code: Regularly change the safe code and keep its distribution limited to those who need to know. This practice helps maintain the security integrity of the safe code system.
There are a number of ways to spot AI voice scams, from scam callers providing distinctly short messages to not responding to laughter, but the best way to avoid any doubt is to enforce safe code policies from the jump.
What Makes a Good Safe Code?
- Something memorable – We mentioned it before, but it bears repeating. It’s no use having a safe code if none of your team can recall what it is.
- Something unique – A word, phrase, or call-and-response that only current employees, clients, or stakeholders would know. Some go as far as assigning different safe codes to different clients, but this increases the chances of confusion, so we wouldn’t necessarily advise it.
- Something amusing – Making your safe code a little entertaining means it’s easier to remember, and in an era where defending yourself from digital criminals calls for some MI5 antics, you might as well lean into it. Who says cyber security can’t be fun?
Shield Yourself from Scams with Confidence
AI voice manipulation presents a formidable new challenge for SMEs, capitalising on the human side of business operations to breach security. By understanding the nature of these threats and adopting simple, effective measures like safe codes, businesses can significantly enhance their defences against this modern cyber tactic and avoid falling victim to costly scams.
Solution Consultants: Quality IT Services for Businesses in Berkshire
Based in Reading, Solution Consultants provides IT Support to SMEs across Berkshire and the Thames Valley. We specialise in simplifying IT and making valuable technology accessible to all. If you’re worried about scams, cyber security, or any other aspect of IT, get in touch for some actionable insights to elevate your business.