Untitled attachment

Notices where this attachment appears

1. racheltobac :verified: :donor: (racheltobac@infosec.exchange)'s status on Tuesday, 23-May-2023 15:23:27 JST racheltobac :verified: :donor:

   Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over Sharyn's passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name on the caller ID with a spoofing tool.
   The hack took 5 minutes total for me to steal the sensitive information.

   So, how do we protect ourselves, our loved ones, and our organizations?
   1. Make sure the people around you know that caller ID is easily faked (spoofed) and that voices can also be easily impersonated.
   2. If they receive a dire call from “you”, verify it’s really you with another method of communication (text, DM, FT, call, etc) before taking an action (like sending money). Kind of like human MFA.

   Some suggest setting up a secret “verification word” with their folks ones so that if someone impersonates & demands money/access etc you can ask for the verification word to see if it’s a real crisis. This won’t work for all people but could work for some. If it’s a match, use it.

   In general, I recommend keeping advice simple: if premise of call is dire use a 2nd method of communication to confirm a person is in trouble before taking action (like wiring money or sensitive data). Rapid text, email, DM, have others message repeatedly — before wiring money.

   Bottom line is:
   Scammers use urgency & fear to convince victims to take actions (like sending money, data, etc).
   If premise of a call, text, email, or DM is too dire (or too good to be true), that’s a likely scam.
   Use a 2nd method of communication to check it’s real before taking action!

   https://www.cbsnews.com/news/how-digital-theft-targets-people-from-millennials-to-seniors-60-minutes-2023-05-21/