Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Cybersecurity experts FACCT (formerly Group IB) reported on the growing use of audio deepfakes for fraudulent calls in messengers. Using AI, hackers fake the voices of company executives to authorize the transfer of funds. Small and medium businesses, where many processes are tied to the owner, are most susceptible to such attacks.
The fraudulent scheme was called FakeBoss. First, the attackers create a fake account of the manager with his name and photo from social networks. Usually, they use Telegram. After that, using AI tools, an audio deepfake of his voice is created, samples of which are obtained from a phone conversation or from voice messages when hacking a messenger. Then the hackers call subordinates using an audio deepfake, gain their trust and force an employee, for example, the chief accountant of the organization, to make a payment to the necessary accounts.
As noted by Informzashchita, it is difficult to keep statistics on such incidents, since companies usually do not publicize them. Experts estimate the growth of the new type of fraud at 30% compared to 2022.
Despite the fact that the Antifraud system, which is designed to combat calls with number substitution, is operating in Russia, it does not respond to calls via messengers.
Vice President of the Association of Russian Banks Alexey Voylukov believes that the growth of such fraud should lead to increased attention to operational risks and compliance procedures.
SafeTech Commercial Director Daria Verestnikova is confident that the problem needs to be solved by banks, which “should not save on means of confirming transactions, including legal entities, and on systems to combat fraudulent calls - antifraud, and the head of the company should see who the payment is going to.”
Similar incidents happen abroad as well. In 2020, fraudsters cloned the voice of a bank director in the UAE and used it to withdraw $35 million.
At the same time, the information security company Servicepipe reported that over the past six months, SMS bombers have attacked banks 20% more often than a year ago. They used combinations of logins and passwords from previously disclosed databases and tried to log into clients' bank accounts using them. The systems sent the client an SMS with a verification code. Each such attack could result in sending several hundred thousand messages per day, and the damage from it for the bank could be up to 2 million rubles. As a result, the costs of banks and credit institutions for SMS mailings over the past six months have increased by 1.5 times.
Source
The fraudulent scheme was called FakeBoss. First, the attackers create a fake account of the manager with his name and photo from social networks. Usually, they use Telegram. After that, using AI tools, an audio deepfake of his voice is created, samples of which are obtained from a phone conversation or from voice messages when hacking a messenger. Then the hackers call subordinates using an audio deepfake, gain their trust and force an employee, for example, the chief accountant of the organization, to make a payment to the necessary accounts.
As noted by Informzashchita, it is difficult to keep statistics on such incidents, since companies usually do not publicize them. Experts estimate the growth of the new type of fraud at 30% compared to 2022.
Despite the fact that the Antifraud system, which is designed to combat calls with number substitution, is operating in Russia, it does not respond to calls via messengers.
Vice President of the Association of Russian Banks Alexey Voylukov believes that the growth of such fraud should lead to increased attention to operational risks and compliance procedures.
SafeTech Commercial Director Daria Verestnikova is confident that the problem needs to be solved by banks, which “should not save on means of confirming transactions, including legal entities, and on systems to combat fraudulent calls - antifraud, and the head of the company should see who the payment is going to.”
Similar incidents happen abroad as well. In 2020, fraudsters cloned the voice of a bank director in the UAE and used it to withdraw $35 million.
At the same time, the information security company Servicepipe reported that over the past six months, SMS bombers have attacked banks 20% more often than a year ago. They used combinations of logins and passwords from previously disclosed databases and tried to log into clients' bank accounts using them. The systems sent the client an SMS with a verification code. Each such attack could result in sending several hundred thousand messages per day, and the damage from it for the bank could be up to 2 million rubles. As a result, the costs of banks and credit institutions for SMS mailings over the past six months have increased by 1.5 times.
Source
