Cybercriminals are using AI tools to defraud businesses with faked images and audio of coworkers, highlighting the need for technology to safeguard finances.
SYDNEY, February 29, 2024 (Newswire.com)
–
Artificial intelligence made headlines this month, with OpenAI releasing cinema-quality videos with its new Sora system. Cybercriminals also made headlines for using similar tools to defraud businesses. Eftsure, makers of leading end-to-end B2B payment protection software, are cautioning businesses that they may be unprepared to defend against this new threat.
“Many businesses are doing the right thing and have strict control procedures in place. Unfortunately, those procedures were designed in an era before generative AI advances made voice cloning and image generation so easy,” said Mark Chazan, CEO of Eftsure.
Those practices – which create phony images and speech known as deepfakes – have already surfaced in cybercrimes. In early February, CNN reported that an employee at a multinational firm in Hong Kong was tricked into paying $25 million USD to criminals who used deepfake technology to pose as the company’s chief financial officer in a video conference call.
Faked video and audio can be created through a machine learning technique known as generative adversarial networks, or GANs. In short, two neural networks compete trying to fool the other with their creations, and each learns from the other.
“We’re seeing increasingly widespread access to GAN-generated audio,” said Lucas Whittaker, a doctoral student and deepfake researcher at Queensland Institute of Technology. “Easily accessible voice cloning services generate pitch-perfect voice clones off of voice samples, permitting anyone to generate highly realistic speech audio from mere text input.”
“All you need is a few seconds of someone’s voice to create an imitation of them,” Whittaker added. “Given the increasing accessibility and sophistication of voice cloning tools and the vast amounts of rich audio content people post online, impersonation incidents are unfortunately going to become more common.”
For businesses, the proliferation of deepfake video and voice conversion will challenge security controls, voice and facial authorization systems, and other procedures designed for a pre-AI world. Organizations should take steps now to see if their defenses are adequate.
“Leaders should be reassessing and pressure-testing their current processes to understand just how vulnerable they might be to these sorts of scams,” Eftsure’s Chazan said.
“To manage these new risks, organizations’ finance leaders need to think creatively, stay informed, and implement technology-driven processes. This should involve a combination of solutions rather than relying only on training or financial controls designed before the advent of AI.”
Chazan recommends that leaders assess three major areas: processes, people, and technology.
Control procedures are an organization’s most critical defenses against scams, regardless of the attackers’ methods. Pressure testing can determine which processes may be most vulnerable to the new class of AI-assisted scams.
The organization’s people can be both its strongest asset and greatest vulnerability. In the Hong Kong case, training to assess the authenticity of voice and video could have thwarted the attack.
Eftsure also recommends that organizations counter attackers’ new technology by reassessing their own technology stacks. Solutions that provide employees with additional information and automate manual steps in control procedures can reduce the risk of human error.
To learn how Eftsure’s end-to-end B2B payment protection software can safeguard an organization’s financial systems, visit https://eftsure.com.
About Eftsure
Eftsure is a market leader in payment fraud prevention. Specifically designed for businesses, our end-to-end solution safeguards more than $216B in B2B payments per year. Our mission is to build a safer business community. With a large and continuously growing database of verified supplier details (the only one of its kind), we use multi-factor verification to give businesses greater knowledge and control over onboarding suppliers, receiving invoices, and making payments. In short, we ensure our customers never pay the wrong people.
Source: Eftsure