Phishing attacks are one of the most common security threats to your business, not only because they are effective, but because they can be utilized in many different ways. You can become the victim of a phishing attack through email, instant message, phone, or even your voicemail. These “phoicemail” attacks are quite crafty in their approach, and you should be wary of them.
To understand the phoicemail scam, one must first understand what deepfakes are. These deepfakes are artificially generated footage of someone based on various data points. These scams generally rely on audio, so if a significant amount of audio sampling is available for someone—like, say, through speeches or States of the Union—it makes sense that some could doctor footage, video or audio, to fool someone.
Phoicemail scams use audio generated to mimic the supposed caller, and they are left as a voicemail message with instructions on what to do next. These instructions will often include the request that the victim not involve anyone else in the conversation.
Let’s examine a possible scenario. Imagine you leave the office to go on your lunch break, only to find a voicemail on your phone from your manager telling you to send credentials to someone with an odd email address. The voicemail definitely sounds like your manager, so it has to be them… right?
Wrong. These scams are much more convincing than a poorly structured email phishing attempt, and even the most seasoned IT workers have been known to fall for these scams from time to time. This means you have to take them seriously.
Identifying a phishing threat can be challenging, especially for those who might not be tech-savvy. Just look to the study that MIT is currently running for a perfect example. Individuals are challenged to identify deepfakes generated from transcripts, audio recordings, and videos of Joe Biden and Donald Trump. Some of them are real, and some of them are fake, with the end result being that the truth is not always what it would seem.
Be sure to share with your team how they can identify phishing messages–not just in their email inboxes, but in their text messages, phone calls, and yes, voicemails. Even search engine results can be tailored to the needs of hackers. The key to identifying these threats is to remain ever-vigilant.
i-medIT wants to help your business overcome the challenges presented by network security, including phishing and phoicemail attempts against your organization. To learn more, reach out to us at 630-549-6199.