The Rise of AI Voice Cloning in Social Engineering
Hackers are now using artificial intelligence to clone the voices of CEOs to authorize massive wire transfers. Here is how to train your team to spot it.
GeoHotz Threat Research
Security Advisory Team
The New Phishing Paradigm
Traditional phishing relies on spoofed emails and fake login pages. Today, attackers are scraping public speaking appearances, podcasts, and social media videos to train AI models on the exact vocal cadence of company executives.
In a recent attack, a finance director received a phone call from what sounded exactly like his CEO, ordering an urgent, highly confidential wire transfer of $400,000 to a 'new overseas supplier.' The voice was an AI clone generated in real-time.
Implementing Defense Protocols
To defend against deepfakes, companies must implement zero-trust communication protocols. High-value transactions should never be authorized via a single phone call, regardless of who is on the other line.
We recommend establishing a 'safe word' policy for executives. When ordering emergency transfers, the executive must provide a pre-agreed phrase that an AI scraping public data would never know. Furthermore, all financial requests must require multi-signature approval across different communication channels.
About GeoHotz Threat Research
Our elite team of reverse-engineers and security analysts publish weekly advisories on emerging threats, blockchain exploits, and extortion defense strategies. We monitor the dark web so our clients do not become statistics.