Deepfake attacks leveraging voice cloning and AI-generated audio are on the rise, posing a serious threat to individuals, businesses, and democratic institutions. According to the latest research, 37% of businesses affected by identity fraud were attacked with voice clones, and the most frequent method used for deepfake impersonation is AI-generated audio. To create an audio deepfake, attackers use brief samples of their target’s voice and employ deep learning models to weave a full synthetic replica of the subject’s intonation, pitch, speaking style, and even their accent. Using readily available generative AI tools that cost little to no money and require no technological know-how, malicious actors can use voice-cloning tools to create eerily realistic audio clips of people saying things that were never actually spoken.
The risks of audio deepfakes are no longer theoretical, as the recent barrage of attacks has shown how vulnerable enterprises and public institutions are when it comes to voice cloning. Companies are facing deepfake-fueled financial fraud, account takeover, identity theft, and breaches of user data and privacy. Malicious actors leverage AI-generated voices of real customers to breach know-your-customer measures and voice-based biometric systems and overwhelm call centers with attempts to initiate fake transactions, open fraudulent accounts, and steal customer data. Cybercriminals utilize the voice clones of company CEOs to manipulate workers into transferring money. In one recent case, the deepfake of a CEO convinced an employee to transfer $25 million into the fraudster’s account, while in another instance, a Ferrari executive received a phone call from cybercriminals using the company CEO’s voice clone in an attempt to access sensitive information and initiate transactions.
Workers at the software developer Retool were targeted by hackers using a voice clone of the company’s IT employee to request a multi-factor authentication code. This allowed the hackers to breach the company’s internal systems and take over the accounts of nearly thirty customers in the cryptocurrency industry, resulting in tens of millions of dollars lost in the hijacking.The onslaught of attacks on companies has raised concerns among experts about how deepfakes could be used in the future to manipulate the stock market, spread lies about companies, products, and executives to eliminate competition, and steal trade secrets.
Reputational damage caused by audio deepfakes can be as devastating as material theft. Influencers, entrepreneurs, and celebrities now routinely see their voices and likenesses used in deepfakes to peddle fake products and get-rich schemes. Insurance companies are bracing for the impact of AI in fabricated claims, while experts in the healthcare industry report that fraudsters now employ voice cloning to hijack patient data and demand ransom for their release, putting patients’ lives at risk.
Companies are not the only ones facing risks from cybercriminals utilizing audio deepfakes. Individuals are being targeted by deepfake voices belonging to their loved ones, making fake phone calls that ask for financial help or, in more extreme cases, try to convince the target that their loved one was kidnapped for ransom. During this election year, we have seen extraordinary efforts from engineers of disinformation to influence public opinion, sow discord, create social unrest, undermine national security, and interfere with democratic elections via the use of audio deepfakes. Robocalls deploying deepfake recordings of Joe Biden encouraged New Hampshire voters not to vote in the presidential primaries, while AI-generated voice clips of a leading candidate were used in Slovakia to manipulate the parliamentary elections. Deepfakes of London Mayor Sadiq Khan’s voice disparaging Remembrance Day were used to inflame the passions of the public, while the recent deepfake of Kamala Harris’ voice reached over 150 million users on the social media platform X. As malicious actors are only still learning how to best deploy deepfakes for maximum damage, the instances we’ve seen are only a preview of what’s to come.
Solutions
To address audio deepfake attacks, organizations must adopt a multi-pronged approach to fighting fraud, particularly in high-traffic and data-sensitive environments like call centers. The integration of deepfake detection technologies into the existing cybersecurity measures is essential. Implementing AI-driven systems that analyze voice patterns, inconsistencies, and unnatural speech anomalies can help identify deepfake audio in real-time. Reality Defender’s real-time call center deepfake detection tools are platform-agnostic and can be integrated into any call center communication platforms, providing alerts when a potential deepfake is detected and allowing workers and managers to isolate the deepfake calls and proceed according to company policies.
At the carrier or device level, future advancements in AI will enable the embedding of deepfake detection algorithms directly into telecommunication networks or smartphones. Such measures would offer a first line of defense, screening incoming calls or messages for signs of tampering before they reach the intended recipient.
Employee training is equally crucial. Regular workshops and training sessions about the newest developments in AI-enabled fraud can educate staff about the risks of deepfakes and how they are leveraged in social engineering attacks. Employees should be trained to report any suspicious calls and verify unusual requests, especially those involving sensitive information or financial transactions. Although individuals shouldn’t carry the burden of manually spotting deepfakes that can easily trick the human senses, training the workforce on the basic signs of AI-manipulation can go a long way.
Finally, simple passphrase verification protocols can serve as a practical defense against voice deepfake fraud. By implementing a system where callers are required to provide a pre-agreed passphrase or answer security questions, organizations can add a layer of authentication that is difficult for deepfake technology to replicate (for now).
Investment is Key
As experts anticipate that AI-fueled attacks will cause companies to suffer $40 billion in fraud losses by 2027, the rise of audio deepfake fraud is a growing threat that organizations cannot afford to ignore. Investing in solutions today is crucial to staying ahead of these sophisticated attacks. Deepfakes will only become more convincing, making it easier for cybercriminals to impersonate voices and manipulate individuals or systems. To mitigate this risk, businesses must be more proactive than ever before.
Investing in deepfake detection technologies that leverage the power of AI to catch AI like Reality Defender is a fundamental first step, as integrating such solutions into the company’s communication infrastructure adds an essential layer of defense against potential threats. Training the company workforce is also vital. Employees should be educated on the basics of using deepfake detection technology as a routine part of their workflow, learn to identify and report suspicious or unnatural-sounding voices, and integrate simple verification steps, like confirming requests through alternate channels or using pre-agreed passphrases.
Finally, routinely monitoring the company’s security practices ensures that its defenses remain robust. Regular reviews and updates to protocols will help adapt to the evolving landscape of audio deepfake fraud, ensuring that organizations stay protected.
–
Reality Defender’s Real-Time Voice Deepfake Detection is available now and is already deployed in some of the biggest financial institutions in the U.S. Our team of top AI experts is standing by to discuss how our product can protect any organization’s reputation, customers, and assets from the growing audio deepfake threat by adopting cutting-edge cybersecurity tools bolstered with the newest deepfake model data.