There are programs that exist that can listen to someone speak for 20 minutes and then be able to replicate that voice, and that is exactly what is being used in this campaign. The Israel National Cyber Directorate (INCD) has disclosed a new attack method that makes use of Artificial Intelligence (AI). Company executives’ voices are being impersonated in an effort to carry out malicious activity. These mimicked voices will leave a message or talk to an employee directly in an attempt to get them to submit an invoice and make them pay within a time-sensitive period, provide sensitive information, or give them access to the targeted company’s network. This new tactic falls under the business email compromise (BEC) which is described as frauds by email against commercial and government organizations to motivate employees using social engineering methods to act for the attacker’s benefit. Many companies are not educated on these types of scams and could easily become victim to them, causing monetary loss.
Analyst Notes
Companies should train their employees on different types of scam campaigns and how to react to them. Deviations in organizational processes should also be paid close attention to, and technological methods should be used to reduce the misuse of email.
