AI technology is fueling a rise in online voice scams, with just three seconds of audio required to clone a person’s voice, according to McAfee. McAfee surveyed 7,054 people from seven countries and found that a quarter of adults had previously experienced some kind of AI voice scam, with 1 in 10 targeted personally and 15% saying it happened to someone they know. 77% of victims said they had lost money as a result.

In addition, McAfee Labs security researchers have revealed their insights and analysis from an in-depth study of AI voice-cloning technology and cybercriminal use.

Scammers are using AI technology to clone voices – Everybody’s voice is unique, the spoken equivalent of a biometric fingerprint, which is why hearing somebody speak is such a widely accepted way of establishing trust.

…

AI voice cloning protection:

• Set a verbal ‘codeword’ with kids, family members or trusted close friends that only they could know. Make a plan to always ask for it if they call, text or email to ask for help, particularly if they’re older or more vulnerable.
• Always question the source. If it’s a call, text or email from an unknown sender, or even if it’s from a number you recognize, stop, pause and think. Does that really sound like them? Would they ask this of you? Hang up and call the person directly or try to verify the information before responding and certainly before sending money.
• Think before you click and share. Who is in your social media network? Do you really know and trust them? Be thoughtful about the friends and connections you have online. The wider your connections and the more you share, the more risk you may be opening yourself up to in having your identity cloned for malicious purposes.
• Identity monitoring services can help make sure your personally identifiable information is not accessible or notify you if your private information makes its way to the Dark Web. Take control of your personal data to avoid a cybercriminal being able to pose as you.

Striking while you’re asleepA Singapore-based woman lost $20,000 to an stealthy scam after visiting a bubble tea shop.

The 60-year old woman who has not been named, saw a sticker on the bubble tea shop’s glass door encouraging visitors to scan a QR code and fill out a survey for a “free cup of milk tea.”

To an average person and even fairly technically savvy one, this alone may not raise red flags considering loyalty and rewards programs often tout such offers, and use QR codes to do so.

“Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the ‘survey,'” reports Straits Times.

As she went to bed at night, her phone suddenly lit up. The bogus “survey” app she’d downloaded siphoned out $20,000 from her bank account.

Mr. Beaver Chua, head of anti-fraud at OCBC Bank’s group financial crime compliance department, who relayed the news of the victim to local media calls the scam particularly “insidious.”

“This scam is so insidious because scammers take over the victim’s phone. And because victims lose control of their Internet banking account, they won’t even know when their savings have been completely wiped out,” says Mr. Chua.

…

Fake parking tickets and QR codes – Meanwhile, cases of scammers leaving fake parking tickets on drivers’ windshields have been observed across the US and UK. Last week, a Reddit user spotted fake parking ticket claiming to have been issued from San Francisco’s city government.

“This time thieves in San Fran are leaving fake parking tickets on cars w/ malicious QR codes that, when scanned, take mobile phones to a fake web site to pay fine.”

Tagged:

Filed: https://www.bleepingcomputer.com/news/security/