This Caller Does Not Exist: Using AI to Conduct Vishing Attacks
As technology advances, threat actors increasingly leverage these innovations to conduct social engineering attacks including vishing, targeting the human element that technical controls often cannot fully safeguard.
What is Vishing?
Voice phishing, also known as Vishing, is a type of social engineering attack that uses phone calls or audio messages as a delivery method. These calls deceive people into divulging personal, financial or sensitive information. Vishing calls can also be used to convince people to carry out a malicious action such as resetting the password of a user account or transferring money to a threat actor’s bank account.
Social engineering attacks are increasing year-over-year in complexity, sophistication, and frequency. Threat actors are looking for alternative attack paths as defensive technologies improve at detecting, mitigating and stopping cyberattacks. These technological advancements are apparent in the prolific use of artificial intelligence and machine learning in defensive operations. However, AI is also being used in offensive operations as well. In this blog post, GuidePoint’s Threat and Attack Simulation Team (TAS) will explore how threat actors can leverage AI-generated voices to social engineer their targets and provide guidance on how to protect you and your organization…