Will Your Employees Fall for a Deep Fake Audio?
AI is good and getting better. We already saw a deep fake video fool some EU presidents into thinking they were talking to the head of the African Union.
And another deep fake video fooled an accountant at a large European company to wire $25 million to a hacker.
Here is another one. The hacker just picked the wrong company.
This story has a name and the name is LASTPASS – the security software company.
In fairness, Lastpass is far from perfect. In 2022 they suffered a massive data breach. On top of that breach, their response to the breach was “less than stellar”, shall we say. To the point that we no longer recommend them. Still, in this case, score one for Lastpass. Maybe that shook the culture up.
Okay, here is the story.
Hackers targeted a Lastpass employee with a deep fake voice phishing attack with audio impersonating Lastpass’s CEO Karim Toubba.
Lastpass says that the employee received multiple calls, texts and at least one voicemail (see below):
Where the hacker screwed up is that they used Whatsapp voice, likely in an effort to disguise his/her location.
In addition to the unusual method of contacting the employee, the communication was outside of normal business hours and tried to create a heightened sense of urgency.
The employee did not fall for it and reported the incident to the company’s security team.
Kudos to Lastpass for publicly acknowledging this. Likely they would have been much less willing if the attack was successful, but still, good for them.
Both the FBI and Europol have issued alerts on the attack style in t he past.
How would your employee handle this situation?
Are they trained on it or are you just hoping that they will catch this?
In many cases, especially for people who speak publicly on behalf of the company **OR** have a significant social media presence, there is an excess of material available to train an AI model. It really does not take that much.
If you need help with the training, please contact us.
Credit: Bleeping Computer
by 