back to article Is that croaky voicemail of your CEO just a Fakey McFake Fake – or does he normally ask you to wire him $1m?

An infosec biz has shared an audio clip of what may be a software-generated voicemail message, designed to impersonate a CEO to trick a company employee into unwittingly committing fraud. Rumors of these so-called audio deepfake attacks have been circulating for a while. For instance, it's believed a British energy biz was …

  1. Pascal Monett Silver badge

    a "software-generated voicemail message"

    That's interesting, but if the Boss is calling you, you have his number and can check that it is the right one. Plus, your boss may a have croaky voice, but I don't think software is yet up to the stage where it can convincingly impersonate someone you know.

    Of course, I'm situating the whole thing as boss-calls-financial-person-as-usual kind of scenario. I don't see how this could really work. If the company is small, the finance guy is going to know the boss very well and it won't pass mustard. If the company is big, the finance guy being called will wonder why the hell he's the one called, go to his manager and it shouldn't pass mustard either.

    And yet some numbskull did fall for this.

    There's always a better idiot.

    1. Doctor Syntax Silver badge

      Re: a "software-generated voicemail message"

      Any large transfers of money should have some sort of procedure to check. Although I suppose ego might resist anything even suggestive of being questioned.

      1. Anonymous Coward
        Anonymous Coward

        Re: should have some sort of procedure to check

        I still don't get how this kind of thing works.

        - "Hi, I'm your boss or supervisor or person-in-charge, please transfer a bazillion dollars to this account.".

        - "Sure, boss or person-in-charge -- a bazillion dollars transferred to account number 1234-56 that I never knew existed and is not in our payments or contacts records".

        How hard it is to the receiving bank (with a proper request from the authorities) to get the deposit information and track down the account owner? At least here in Brazil, you cannot open a bank account without several identification documents.

        I guess one could use a third-party account and withdraw the scam money as soon as it is deposited, but there are so many ways that this could go wrong...

        AC, but not because I'm contemplating changing careers.

        1. Yet Another Anonymous coward Silver badge

          Re: should have some sort of procedure to check

          >I still don't get how this kind of thing works.

          Worked with a few companies that did offshore oil kit in dodgy parts of the world. They were often run by an owner/founder who would ring up and need to hire an airliner/pay a bribe/be got out of jail.

          Mind you the AI would have to do a very good line in Aberdonian swearing to fool anyone.

          The security protocol was to say "no" until the person threatened to go totally BOFH on you and everyone else in the office in graphic anatomical detail - at which point you knew he was the real deal.

    2. trevorde

      Re: a "software-generated voicemail message"

      We should get scared when AI impersonates a Boss in real time, rather than a pre-recorded message

      1. james 68

        Re: a "software-generated voicemail message"

        @trevorde some might suggest that this is the current status of ai.

        Cognitive abilities ⩽ a 3 year old, can't make a correct decision on its own regardless of the size of its training set, shows extreme bias, gets confused when asked to distinguish between a picture of a dog and a duck. Certainly sounds like most of my prior bosses.

        1. julian.smith

          Re: a "software-generated voicemail message"

          How many times did you work for Donald the Deranged?

          1. james 68

            Re: a "software-generated voicemail message"

            None, that I'm aware of. Though I did install an optical network link in a certain Irish golf club, I'm pretty sure that was prior to the mandarin man of tiny hands fame buying a controlling share.

    3. Anonymous Coward
      Anonymous Coward

      Re: a "software-generated voicemail message"

      > it won't pass mustard

      The phrase is "pass muster" (from military inspections), but I find this particular eggcorn rather amusing.

      Unfortunately, my first interpretation is that, for one to "pass mustard" the mustard must have been indigestible, and therefore fake - the complete opposite of the intended meaning.

      Fortunately, a less scatological interpretation would be that something might "not pass [the] mustard" because it wanted the mustard all for itself, and is therefore a selfish bastard not to be associated with.

    4. JulieM Silver badge

      Re: a "software-generated voicemail message"

      Passing mustard?

      Is that like cutting the muster?

      Mine's the one with the Mondegreene and Malaprop label .....

      1. Yet Another Anonymous coward Silver badge

        Re: a "software-generated voicemail message"

        One news show here subtitled police protestors were throwing "Mazeltov cocktails", oi vey

        1. renke

          Re: a "software-generated voicemail message"

          > Mazeltov cocktails

          Sounds like a more fun and/or anarchistic variant of the wedding tradition of breaking a glass.

      2. LoPath

        Re: a "software-generated voicemail message"

        Pardon me... Do you have any Grey Poupon?

    5. Anonymous Coward
      Anonymous Coward

      Re: a "software-generated voicemail message"

      Pass Muster, not mustard :-D

    6. Antron Argaiv Silver badge

      Re: a "software-generated voicemail message"

      One of our IT guys got one of the "help, I've lost my passport and I need $$$ to get home" calls from a "close friend".

      His reply was "sure, I'll go right down and send you the money as soon as you tell me the name of the play we were in the last year of high school"

      Cue protestations on the part of the scammer, while our guy calmly promised immediate transmission of the money after the answer to the question was provided. Needless to say, the scammer eventually gave up.

  2. Mike 16 Silver badge

    (at least) two possibilities

    So, you get a message like

    “immediate assistance to finalize an urgent business deal."

    there are two very obvious ways this could happen:

    1) it is an inept attempt at phishing

    2) The Executive Search firm your board hired has managed to place an idiot/crook as CEO.

    Meanwhile, those who suggest that an employee would know what the CEO sounds like?

    You must not be familiar with the sort of place where the only time you hear from "El Jefe" is when you personally are in deep ____ or the lot of you are about to be declared redundant to usher in a Golden Age for the company.

    Although, I will say that I once got an email (consisting entirely of a Word .doc) "from our CEO", in the same batch of email as one "from Steve Case", pushing Penis Pills. IT admin wondered why I was hesitant to open the CEO's message...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020