What's the problem?
Vishing, voice phishing, is a growing problem that due to one old problem, number spoofing, in combination with a new problem, ai deepfake voice.
Number spoofing
Number spoofing is someone telling the phone network that they are actually calling from another number, for example your husband's number, or your CEO's number.Number spoofing is a problem due to how telephone networks work, and have a couple of legitimate use cases. It's unlikely to be fully resolved anytime soon. Possibly ever. But it has never been a very big problem, because even if they pretend to call from your CEOs number they couldn't sound like your CEO.
AI deepfake voice technology
AI deepfake voice technology on the other hand is a much newer phenomena that has come out of the most recent generative AI popularity wave. With the right model trained on a persons voice you can sound like anyone, in real time. And with the recent advances in the field it's training a model to sound like you doesn't even take a minute of your voice. This isn't going away o matter what some might hope, and it will only get better and better. Fast. AI deepfake voice technology on it's own isn't a huge problem either.The combination
So what is the problem then? The combination of number spoofing and AI deepfake voice technology is a huge and growing problem.They can sound like your wife or CEO, and the phone call is coming from their number too. When your phone says your CEO is calling about an emergency transaction, how do you know it's really them? Just because it's from their number and sounds like them?
Vishing attacks has already hit other companies
The threat has escalated during the last two years, a couple of examples that has reached the news. How many have not?
- Wiz CEO says company was targeted with deepfake attack that used his voice, TechCrunch, 2024-10-28
- Ferrari exec foils deepfake attempt by asking the scammer a question only CEO Benedetto Vigna could answer, Fortune, 2024-07-27
- Voice Deepfakes Are Coming for Your Bank Balance, NY Times, 2023-08-30
- Fraudsters Cloned Company Director's Voice In $35 Million Heist, Police Find, Forbes, 2023-05-02
Swedish Bankers
Swedish Bankers, an organization for the Swedish banks, includes enhanced voice phishing in their 2024 report, available in Swedish and English. You can read it here, page 15 "Artificial Intelligence intelligence and deep fakes".
What's the solution?
CISA and codewords
CISA has a PSA recommending people and companies to establish codewords to combat this threat. You could do that, and for a family with normal threat level it's probably enough, but for a company it leads to following questions along the lines of
- How often do you rotate your codewords? More often is more hassle, but also more secure
- How do you know that your codeword hasn't been sold by a disgruntled employee?
Protect your company
It can help your organization stay safe and avoid voice phishing attacks without people discussing random books on a daily basis. Read more about the Protect your Company use case.
Protect your customers
There's a scourge of scammers calling people pretending you be you, fooling them into transferring over their retirement savings. Get TrickTrapper to help your customers verify that it's you calling, limiting fraud. Read more about the Protect your Customer use case.
How does it work?
The user facing side of TrickTrapper is an app that installs on your phone, or on your customers phones, helping everyone verify that the caller is who they say they are.
Users then make verified calls through the TrickTrapper, it also verifies incoming phone calls. Just start using the app and keep making calls.
This has several advantages:
- No new workflows, no new procedures, no training
- Doesn't require constant data traffic
- You can use TrickTrapper for all calls, the other side doesn't need to use TrickTrapper. No separate apps for internal vs external calls.