10.10.2024 - Social engineering is successful because it exploits human needs and weaknesses. Studies show that social engineering plays a role in almost all cases of cybercrime. AI is also increasingly being used in these attacks. Audio deepfakes in particular are increasingly being used to attack businesses.
A tried and tested scam with a new twist: while most cases of CEO fraud still follow the classic approach, today, scammers are increasingly using audio deepfakes to mimic the voice of the CEO or other senior executives. This increases their chances of success in tricking employees or finance and other departments into transferring money or revealing confidential information. Clearly defined processes can help organisations minimise the risk of this happening.
For now, you can still spot a deepfake if you pay attention
Typical signs of audio deepfakes (also called voice cloning) are:
- The person's voice sounds metallic and monotonous
- The content of the conversation seems strange
- The person is uses words they don't normally use
Typical signs of video deepfakes are:
- Strange shadows or a haircut that does not match the face
- Transitions between parts of the face appear blurry
- Differences in resolution (person vs. background)
Online lunch meeting
To provide insight into the possibilities of AI in the context of social engineering attacks, the NCSC is hosting an online lunch meeting on 22 October 2024 with Campaign Ambassador Ivano Somaini and NCSC Technical Analyst Brian Ceccato.
To register for the event, visit:
Online Brownbag Lunch — ECSM
Or directly via MS Teams:
Registration
Tips:
- Do not trust every caller, email or message you receive.
- Establish processes for financial transactions (double-checking or confirming transactions via a second communication channel) and stick to them, even if you are put under pressure by a superior.
- Do not allow yourself to be intimidated or put under pressure.
- Never share your passwords or PINs on the phone or via email.
- Do not disclose business information to strangers.
- End suspicious calls and delete suspicious emails immediately.
- If you see unfamiliar people at your place of work, ask them what they’re doing there.
Further Information
«Im Visier» – Industrial espionage in Switzerland – YouTube
NCSC - National Cyber Security Centre Switzerland - YouTube
Last modification 10.10.2024
