Contact

News

Vishing and the Role of AI: A New Threat to  Cybersecurity

The digital age has brought a wealth of opportunities for connection, communication and convenience. But as with any progress, there are those who want to exploit these opportunities for malicious purposes. One of the cyber threats that has become more prominent in recent years is "vishing", or voice phishing. While vishing in itself is not new, the use of Artificial Intelligence (AI) has taken it to the next level, posing a serious threat to individuals and businesses alike.

What is Vishing?
Vishing is a cyberattack method where the attacker calls the victim and tries to trick them into disclosing sensitive information or performing specific actions that benefit the attacker. Unlike traditional phishing, which relies on e-mails, vishing focuses on voice channels to trick people.

The AI dimension
Progress in AI has led to the development of deep-fake voice technology that can create highly realistic voice recordings. These AI-generated voices can be modified to sound like someone the victim knows. In addition, attackers can now automate a large number of calls, targeting a wider audience. These systems can also respond dynamically to a victim's queries, making the scam more convincing.

The power of AI makes it possible to rapidly analyse huge amounts of data. With access to small pieces of information about a person, an AI system can predict and generate plausible scenarios that can be used to manipulate victims during a vishing call.

The impact in the real world
These threats are not hypothetical. Several cases have hit the news in recent years. In a remarkable case, the CEO of a British energy company was tricked to transfer $243,000 to a Hungarian bank account after a vishing call from an AI-generated voice that mimicked the voice of the German CEO of the company's parent company.

Recently, we have seen many articles appear online highlighting the risks and dangers. Politie Midden-Nederland(@politie_eenheid_midden_nl) also launched an Instagram post in early August informing their followers about this phenomenon.

How Do You Protect Yourself?

Awareness
The Instagram-post by Politie Midden-Nederland calls for you to be alert when you receive a call and agree on a code word with your loved ones for such ‘emergency’ situations. Being aware that such technologies and scams exist is the first step. Always be sceptical of unsolicited calls, especially those asking for personal information or financial transactions.

Verify identities
If you receive a call from someone claiming to be an entity you trust, hang up and call back with a known number, not the one the caller has provided.

Training and Education
One of the first steps that can be taken to protect individuals and businesses is education. Within DataExpert, in addition to full Cybercrime training courses where these topics are extensively covered, we also offer Cybercrime/Cybersecurity gerelated workshops. At these workshops, we inform our clients about current risks and dangers, in addition to providing our clients with tools to arm themselves against these threats.

Check our Academy page for an overview of all trainings.

Clear filter