Roger Bescoby at Conflict International outlines a troubling new fraud and explains how to manage it
Fraud is continually evolving; AI voice scams have now knocked phishing emails off their pedestal, as fraudsters continuously embrace new technologies to dupe individuals out of their money.
According to a recent report by McAfee, one in four have either experienced or known someone who has experienced an AI scam. IT security training from five years ago is no longer relevant and businesses need to ensure they are keeping up to date, to ensure they are staying ahead.
What is an ‘AI imposter’ scam?
Once a scammer has access to as little as a three second clip of audio, they can clone the voice to create falsified voice messages, usually intercepted from social media.
Whilst three seconds doesn’t seem like a lot, the outcome is often more convincing than expected, with 70% of individuals not confident they could tell the difference between a real voice and a fake and 77% losing money as a result.
Individuals are the typical target for scams like this one – with fraudsters able to mimic the voices of loved ones in distress – but, with AI now coming to the fore, businesses are in the firing line and should be increasingly wary.
A chain is only as strong as its weakest link, and its paramount that businesses offer their employees the appropriate training to ensure they can stay vigilant to these scams.
What kinds of voice fraud might impact businesses
With a distinct lack of training and many firms not having stringent enough policies in place to protect against attacks before they happen; as well as the chance of a larger pay off for fraudsters, businesses make a prime target.
Whether it is an employee calling to give HR new bank account details, or a supplier calling to ask you to pay into a new account, these are both things that should ring alarm bells for businesses. In the current climate, any phone call relating to payments and changing accounts must be approached with caution, given the increasing sophistication of fraudsters and their schemes.
AI scams can also be the gateway into more complex schemes. Where a business falls victim to an AI invoice scam, where the supplier calls asking an invoice to be paid by an alternative route, this could be a sign of collusion fraud. This is usually where someone within the supplier’s company has cloned the contact’s voice to dupe your firm out of money, especially if the fraudster appears to have possession of insider information such as the invoice number, amount due and due dates of payments.
What action to take following a scam?
Collusion fraud is naturally a police matter, with the infringement of confidential and sensitive documents elevating the seriousness of the crime.
However, in other scams where collusion was likely not involved, you’ll need to take care to provide a full paper trail to the authorities, to prove you took proper care to prevent the fraud, for example, noting the times of any calls with the scammer and the real individual.
Saying this, the bank also needs to prove that it took measures to protect against the fraud, and it may be that they also took undue care when progressing the payment.
Preventing fraud
This is where robust cyber-security protocols come in. Prevention is the best protection, after all. If you have processes in place to prove that employees are trained, at all levels, and the proper tests need to be passed before money is sent, it should be a relatively clear road to recouping the funds.
Without the proper training in place, employees may not have the skills or the foresight to recognise an AI voice scam before it is too late, and this should act as a welcome reminder for firms to do a full audit of cyber-security protocols.
In essence, there need to be identity verification procedures in place to protect both firms and their employees and at the very least, phone calls should be treated with a degree of scepticism before giving the green light to transferring any funds.
Still in their infancy, AI scams will no doubt start commanding more headlines as technology becomes ever more advanced. If your firm doesn’t have cyber-security protocols in place already, now is the time to act.
Roger Bescoby is Director of Client Relations at Conflict International
Main image courtesy of iStockPhoto.com
© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543