The information security company ESET warns against an increase in telephone scams and forgery

A familiar voice on the phone is no longer enough to prove that it is the real person. The information and cyber security company ESET warns against the strengthening of the wave of telephone scams based on voice forgery using artificial intelligence, in which attackers impersonate senior officials, suppliers or known business entities. The goal is simple and dangerous: get the employee to act quickly, without checking, and transfer money, reset a password or provide sensitive information.

According to the company’s warning, the ability to fake a human voice has become available, cheap and far more convincing than in the past. An attacker no longer has to have access to the organization’s systems or break into the CEO’s mailbox. In many cases, short audio clips from the web, from a podcast, an interview, a video on social networks, a recorded conference call, or a public performance, are enough for him. He then feeds the voice sample to an artificial intelligence tool, builds a conversation script, and selects an employee who is in a sensitive position in the organization.

According to Alex Steinberg, manager of ESET products at ComScore, the official distributor of ESET in Israel, “One of the main reasons for the increase in risk is the relative ease with which such an attack can be carried out today. The attacker first chooses the character he wants to imitate, for example a CEO or CFO, finds a short voice sample from a podcast, interview, video, conference call or public appearance on the Internet, and then chooses a target for the attack Within the organization, we have seen that in some cases, the attackers send a preliminary email to increase the sense of credibility and urgency, and only then make the call itself using a fake voice that sounds particularly convincing, even to those who know the original voice well.”

These types of scams are especially dangerous because they don’t just rely on technology. They combine voice falsification with old methods of social engineering: exerting pressure, creating urgency, demanding confidentiality, and sometimes also exploiting rival relationships within the organization. An employee who receives a call that sounds like the CEO, the CFO or an old supplier, may fear delaying the request or challenging the authority of the person on the other end of the line.

ESET emphasizes that the threat does not end with money transfers. A fake voice can also be used to bypass customer identification processes, verify accounts, change supplier details, open access to internal systems or reset means of identification. In other scenarios, hostile actors may also use voice spoofing to impersonate job applicants, gather internal information, or get through initial stages of admissions processes for sensitive organizations.

There are signs that may raise suspicion: unnatural speech rate, flat emotional tone, strange pauses between sentences, abnormal breathing or the absence of breathing, a slightly robotic sound, background noise that is too uniform or answers that sound prepared in advance. But as AI tools improve, relying on the human ear becomes problematic. In a short conversation, under pressure, even an experienced employee may have difficulty distinguishing between a real voice and a duplicated voice.

One of the most prominent cases associated with voice spoofing occurred in the United Arab Emirates. According to reports published on the basis of legal documents, a bank manager received a call in which a voice was played that sounded like a familiar company manager, and was persuaded to approve the transfer of approximately 35 million dollars as part of a transaction that was deemed legitimate. The case was published in 2021, and concerned an incident that occurred in 2020. Since then, voice spoofing tools have improved greatly, and the ability to produce a credible conversation has become more accessible to attackers