AI abused to clone voices, FBI warns

The San Francisco division of the Federal Bureau of Investigation (FBI) is warning individuals and organizations to be aware of an increasing use of artificial intelligence (AI) by cybercriminals.

The FBI states that cybercriminals are using AI to “conduct sophisticated phishing/social engineering attacks and voice/video cloning scams.”

“AI provides augmented and enhanced capabilities to schemes that attackers already use and increases cyberattack speed, scale, and automation,” the FBI said at the RSA cybersecurity conference in San Francisco.

Cybercriminals use publicly available and custom-made AI tools “to orchestrate highly targeted phishing campaigns, exploiting the trust of individuals and organizations alike.”

The use of AI in phishing attacks allows threat actors to create convincing messages that are tailored to the recipient.

While conventional messages may have tell-tale signs of deception, such as poor spelling and grammar, AI-generated phishing messages often contain accurate grammar and spelling, increasing the chance of the recipient being deceived and their data being stolen.

Cybercriminals are also using AI to clone voices and impersonate individuals such as family members, co-workers, or business partners, the FBI warns.

“By manipulating and creating audio and visual content with unprecedented realism, these adversaries seek to deceive unsuspecting victims into divulging sensitive information or authorizing fraudulent transactions.”

The FBI has sent out the alert to warn businesses and individuals of the risks surrounding AI when used with criminal intent.

The Bureau “encourages individuals and businesses to mitigate the risks associated with AI-powered phishing and voice/video cloning” by remaining vigilant and implementing multi-factor authentication where possible.

The Bureau also included some tips on how to protect yourself against these kinds of threats:

  • Stay vigilant: Don’t trust urgent messages requesting your funds or credentials. Organizations and businesses should “explore technical solutions to reduce the number of phishing and social engineering emails and text messages that reach employees.” Businesses should instruct their employees on the dangers of phishing and social engineering attacks while emphasizing the importance of verifying the authenticity of digital communications. Particularly those asking for sensitive information or financial transactions.
  • Use multi-factor authentication: Enabling multi-factor authentication solutions will add another layer of security, making it harder for cybercriminals to obtain unauthorized access to your accounts or systems.