What if tomorrow’s con-artist speaks with your lover’s voice?
Advancements in artificial intelligence (AI) are redrawing the battle lines in the ongoing war between your clients and the con-artists who want a slice of your client’s hard-earned cash. As a professional financial adviser or planner, you will be quite familiar with the growing number of phishing, spoofing and vishing attempts that your client’s face each day; but you might not be prepared for what comes next. Imagine, for example, if the next dodgy email your client receives is backed up by a phone-call from his or her spouse or business partner? To make matters worse, imagine if the voice on that call is indiscernible from that of the ‘cloned’ party.
Science fiction is here, today…
Science fiction? Afraid not. In an article published on SingularityHub.com, this writer learned that Microsoft researchers have just released a paper discussing a new AI, called VALL-E, which can accurately simulate a human voice based on a three second voice sample. The risk is obvious, and something the article picked up on its opening paragraph: “VALL-E is not the first speech simulator to be created, but it has been built in a different way than its predecessors, [thus] carrying a greater risk for potential misuse,” wrote Singularity Hub’s editor, Vanessa Bates Ramirez.
Without getting too technical, this AI is based on a new technology called EcCodec, by Meta, which “uses a three-part system to compress audio to 10 times smaller than MP3s with no loss in quality”. Bottom line, the AI can pick up and replicate voice traits that previous voice simulators could not! The deployment of AI by confidence tricksters, cybercriminals and ordinary conmen will introduce tremendous return dividends from typical phishing, spoofing and vishing attacks. Just so that we are all on the same page, we offer a quick definition of each of these attacks, by combining Oxford English and Wikipedia.org definitions.
Casting the net wide…
Phishing is ‘the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’ It is further described as ‘a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware’. You will be quite familiar with these types of emails, which often masquerade as one of your trusted product or service providers but take you into some dark corner of the internet if you dare click on any links they contain. An example from my inbox this morning purported to be from Sanlam Finance with a very sketchy return email address.
Spoofing is described in the context of information and network security ‘as a technique in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage”. This is exactly the benefit that someone using a cloned voice might seek to attain. Just imagine the creditor’s clerk who gets a call from a very irate CFO, whose voice he or she recognises, screaming for a payment to be authorised and rushed through, per an email sent earlier that day? Spoofing can apply to all manner of communications including emails, telephone calls or websites; the trick being that the user must believe he or she is interacting with the original person or website.
An incredible case for corrupting AI
And Vishing, again a technique that VALL-E might excel at, is described as ‘the use of telephony to conduct phishing attacks’ or ‘the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers’. At its most extreme, con-artists will trick their targets into believing that the con-artist represents a reputable firm, such as Microsoft. The target is convinced to give the con-artist access to his or her PC, at which point malware is installed… To illustrate the lengths to which these crooks go, they will then demand a credit card payment for their services, using the malware to get details needed for further credit card fraud.
Clearly, AI has the potential to disrupt the fraud detection strategies in place at South Africa’s financial services firms. Garth de Klerk, CEO at the Insurance Crime Bureau, says they expect to face challenges as criminals develop AI technology that clones voices. “We are also seeing a product called ChatGPT which is evolving rapidly around language models for dialogue; it is a trained model that will interact in a conversational way,” he says. It is important to note, however, that the voice analysis layers deployed by banks and insurers go way beyond ‘voice only’ analysis. “These products conduct live tests that look for inflections in the voice as well as measuring stress points dependent on the questions being asked; once the software identifies a cloned or ‘robotic’ voice other checks will be deployed to validate it,” De Klerk says.
Preparing for an AI explosion
It is unclear how the current AI explosion will unfold. Clearly, it has myriad productivity benefits; but given mankind’s history and the prevalence of unethical individuals across all spheres of society, we have to wonder whether we are ready for it. “The team that created VALL-E knows it could very easily be used by bad actors; from faking sound bites of politicians or celebrities to using familiar voices to request money or information over the phone, there are countless ways to take advantage of the technology … they have wisely refrained from making its code public,” wrote Ramirez, though she shared this writer’s concerns over the effectiveness of the ethics statement included at the end of the paper in dissuading criminals from using AI for harm.
“The claims, onboarding and underwriting processes in the financial services sector are a lot more advanced than merely confirming that the individual’s voice is a match; you are not going to fool the model purely by copying someone’s voice,” concludes De Klerk. “Emerging AI technologies are something to keep an eye on; they are going to present challenges, but our financial services sector is pretty advanced, and I think they will remain on top of things, staying in front of the syndicates”.
AI versus AI
Who knows, we may soon face a future where we run a caller voice authentication AI alongside our caller ID app to make sure that both the number and person who we believe we are connecting with are authentic. Forget spy versus spy, our future is increasingly looking like AI versus AI!
Writer’s thoughts:
AIs such as ChatGPT and VALL-E have the potential to disrupt many aspects of business, introducing incremental productivity and profitability gains… Unfortunately, these AIs could also be leveraged by bad actors to take advantage of vulnerable consumers, among other criminal acts. Do you think the South African financial services sector is ready for the next evolution in AI? And are you? Please comment below, interact with us on Twitter at @fanews_online or email us your thoughts [email protected].
