Be careful !

New forms of phishing – deepfake & voice theft

Author: Mick Mooren

Phishing remains one of the most common tactics used by cybercriminals to deceive individuals and steal sensitive information. With the rise of deepfake technology and voice theft, phishing attacks are becoming not only harder to recognize but also more personal and sophisticated.

In this blog, we will explore these techniques, how they work, and most importantly, how to protect yourself and your organization against them.

What are deepfakes and voice theft?

Deepfakes are artificially generated videos (or images) created using AI technology. They appear authentic but are entirely simulated. Imagine a video in which your CEO instructs you to make a confidential transaction and explicitly tells you not to inform anyone else.

Voice theft, also known as voice cloning, is the AI-powered imitation of a person’s voice. With just a few minutes of recorded audio, such as a video or a voice message, it is possible to generate a convincing replication of someone's voice.

Why is this so effective?

People instinctively rely on visual and auditory cues. If something looks or sounds real, we are less likely to question it. When we see or hear someone we (think we) recognize, our guard is often down. Furthermore, deepfake and voice imitation technologies have advanced to the point where distinguishing them from reality is increasingly difficult.

Just like traditional phishing attacks, cybercriminals exploit urgency and authority. A seemingly urgent voice saying, “This must happen now!” can be enough to persuade someone to act without second-guessing.

What is the best defense?

1.

Don’t blindly trust videos, voices, or other forms of communication. If something seems suspicious, insist on calling the person back using their verified contact details.

2.

Educate employees on how to recognize deepfakes and voice theft. Provide training sessions and conduct regular phishing simulations to raise awareness.

3.

Implement strong security measures for sensitive processes, such as payment approvals, and enforce the four-eyes principle (dual approval process).

4.

Leverage deepfake detection software. These technologies are continually improving and can help differentiate between real and manipulated content.

5.

Be mindful of what you share online. Cybercriminals can gather voice and video samples from public profiles, so limit what you post on social media.

Security awareness

Deepfakes and voice theft are taking phishing attacks to a new level. This serves as a reminder that cybersecurity isn’t just about technology - it’s also about security awareness among employees. By taking preventive measures and providing adequate training, organizations can minimize the risks associated with these threats.

Strengthen your
human firewall

Let Defenced support you with targeted awareness campaigns. Our experts help your employees recognize and prevent phishing attacks. Through realistic simulations and hands-on training, we build a resilient organization together.

Next Gen SOC

Please contact me!

Detect unwanted network activities and cyber threats much faster.