New advancements in generative AI voice cloning come at a time when banks are looking for additional ways to authenticate their customers – and they’re choosing your voice.
Banks adopted the principles of multi-factor authentication years ago. But continued cyber attacks aimed at providing SIM swapping services have increased the risk of assuming the credential owner actually possesses the mobile device. So, where do they go next to prove you’re you? Voiceprint.
Wells Fargo touts using “your unique voiceprint to access your accounts when you call Wells Fargo. Voice Verification is simple because it makes your voice your password” (Wells Fargo has recently announced to customers they have disabled the voiceprint service).
The problem? Advancements in voice cloning. Take OpenAI’s new Voice Engine for example. With just 15 seconds (seconds!) of recording, this engine can make you say anything.
Sure, AI may not know exactly how to sound like the everyday person, but they can be convincing enough to potentially bypass voice as an authentication method.
It also means we’ll be seeing an increase in voicemails from the “CFO” being used as a means of further establishing credibility for digital fraud scams with subordinates in finance departments as the victims.
Does this mean technologies like Voice Engine are bad? Certainly not. But it does mean those that could be socially engineered by the use of a voice message to act in the interest of an attacker should be enrolled in security awareness training so they understand that communications should always be scrutinized when money is involved.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
