Numerous articles have shown up about malicious actors using AI-generated voice with real-time conversation to trick people into providing account details. This adds automation to vishing (voice phishing) and also allows non-native language-speaking attackers to place convincing calls in the local language.
These attacks will contain a sense of urgency or try to get you in panic mode so you act in haste and make mistakes. Other giveaways are that they ask for confidential information or login information. Legit companies will not ask for this information.
The most recent articles are related to an attack on Gmail users. This attack is a combination of phishing and vishing. Below is an excerpt from one article from PCWorld;
***
“Mitrovic received a message asking him to restore his Gmail account. In addition to the included confirmation link, Mitrovic also received a call that purported to come directly from Google. At first, he didn’t pick up, assuming that Google wouldn’t make such a call.
But a week later, he got another call — and this time he answered. On the other end was the American-sounding voice of an alleged Google support employee, who informed him that suspicious activity had been detected in his Gmail account. Someone from Germany had apparently logged in within the past seven days and downloaded his account data.
At this point, Mitrovic did what many people do when they’re in this kind of situation: he googled the phone number. To his surprise, it actually led to a Google business page, reinforcing the impression that it was a genuine call from Google itself.
Fortunately, Mitrovic knew better and was able to recognize it for the phishing attempt it was. Although the AI-generated voice on the phone seemed very convincing, he made a quick check and found that everything was fine with his Google account. For the average person, though, it’d be extremely hard to see through the ruse.”
Daniel Weatherly, CISSP
Director of Security Services
Mainstream Technologies Inc.
501-801-6706
