simulando la voz

This post is also available in: Español

As The Wall Street Journal recently published, last March cybercriminals, whose identities are still unknown, contacted the CEO of a UK-based energy firm impersonating the voice of the CEO of the German parent company using deepfake software that, by means of Artificial Intelligence (AI), learns and copies the voice characteristics of individuals.

In that call, the alleged CEO ordered the British CEO to urgently wire €220,000, in less than an hour, to a supplier in Hungary.

Apparently, the British CEO, who had previously spoken by telephone with the German executive, never suspected that the call was being placed by a computer, since the voice, the accent and all of its characteristic traits (tone, modulation, rhythm, intensity and natural flow) were exactly the same as those of the German CEO, so he proceeded to wire the transfer.

As  The Wall Street Journal investigation reveals, the money was moved from Hungary to Mexico, and from there to other territories.

Although the British company was able to recover the full amount of the transfer from its insurance company, the authorities continue investigating the case, about which few details are known.

This type of scam, made in turn by identity theft, is a type of vishing (a term that combines the English terms “voice” and “phishing”): a type of social engineering deriving from phishing that, instead of using email to mislead the user or victim, it does so by telephone calls placed by Voice Over Internet Protocol (VoIP).

According to Rüdiger Kirsch, fraud expert from the Euler Hermes insurance firm who participated in the investigation, this is the first known case of this specific crime type using AI, which represents a formidable challenge for the future, since a large part of the software used by cybercriminals is readily available commercially.

These fraudulent practices, that can be prosecuted under the Spanish Criminal Code (Código Penal), represent a direct attack on the principles of Regulation (EU) 2019/881, of April 17, 2019, on Cybersecurity, which came into force on June 27, 2019, and which we have already discussed in this blog.

This post is also available in: Español



13 artículos