That's not your boss: Hackers pretend to be CEOs, use AI to make employees transfer money
For an organisation that falls prey to such frauds, economic damage may be high.
The main innovation is the attacking software, which learns to mimic the voice of a person defined for it and makes a conversation with an employee on behalf of the Chief Executive Officer (CEO).
The most common types are phishing messages and an invoicing fraud in which the attacker impersonates the vendor, submits an invoice to the company and tries to motivate an employee under time pressure to make a bank transfer, provide information or allow access to the company's network, informed the Israel National Cyber Directorate (INCD).
In this method, instructions are given to the companies staff members to perform transactions such as money transfers, as well as malicious activity on the company's network.
Reports on cyber attacks of this kind were received at the operations centre of the INCD, reports Xinhua.
Boost Productivity With Tech: 5 Gadgets That Make You More Efficient At Work
Communication, Focus, Connectivity
The new offensive is of the business email compromise (BEC) type -- frauds by email against commercial and government organisations to motivate employees using social engineering methods to act for the attacker's benefit.
The method of attack escalates and includes the use of the AI-based software, which makes voice phishing calls to senior executives.
Today, there are already programmes that, after listening 20 minutes to a particular voice, speak in the voice everything that the user types.
According to the INCD, for an organisation that falls prey to such fraud, economic damage may be high.
In its announcement, the INCD also issued suggestions for taking precautions and raising awareness among organisations - such as training employees, paying attention to deviations in organisational processes, verifying instructions and using technological means to prevent misuse of email.