If you answer a phone call from an unknown number, let the caller speak first. Whoever is on the other end of the line can record your voice – and later use it to imitate you very convincingly.
This warning came recently from the US Federal Trade Commission. She warned citizens to beware of fraudsters who secretly record people’s voices on the phone and later call relatives and pretend to be a relative injured in an accident, asking for money urgently.
At the heart of the new type of fraud is the rise of artificial intelligence-based software tools similar to Microsoft’s ChatGPT and Vall-E. They convert text to speech by imitating different voices based on a pre-submitted voice “sample”. The Redmond-based software company demonstrated a similar tool in January.
Vall-E isn’t available to everyone yet, but other players like Resemble AI and ElevenLabs make similar voice tools – and they’re available to the general public. Using a short sample of someone’s voice, the technology can accurately convert written sentences into a convincing-sounding “voice.”
The scheme is largely familiar. You receive a call. A panicked voice is heard from across the street. Your grandson is calling. He says he’s in big trouble – he hit a man with his car and went to jail. But you can help him by sending money. You worry and calculate what money you have. The difference compared to the “traditional” telephone fraud of this kind is that there is no sobbing and hiccups on the other side, and the voice is exactly that – the grandson’s.
It only takes 3 seconds
Criminals are using readily available “voice cloning” tools to trick victims into believing their loved ones are in trouble and need money fast, experts say. All that is needed for such a scheme is a short recording of someone’s voice, which may even be available on the Internet. If not, the sample can be collected by spam call recording. An AI voice cloning application such as ElevenLabs’ speech software or VoiceLab is then applied.
“If you made a TikTok video with your voice on it, that’s perfectly enough,” said Hani Farid, a professor of digital forensics at the University of California, Berkeley. Even a voicemail recording would suffice.
The professor is not surprised by the prevalence of such scams. “It’s part of a continuum. We started with spam calls, then phishing email scams, then phishing text scams. So voice is the natural evolution of the scams in question,” says Farid.
“Don’t Trust the Voice”
The trend practically means that we can no longer trust voices that sound identical to those of our friends, relatives, family members.
“Don’t Trust the Voice,” State Commerce Commission Warns. “Call the person who allegedly contacted you and check the story. Use a phone number you know is his. If you can’t reach your loved one by phone, try another way, through other family members or friends.”
The manufacturer of Vall-E Microsoft mentioned this problem not long ago. The firm said the technology “may carry a risk of misuse of the model, such as spoofing voice identification or impersonating a specific speaker.” The warning also says that if the tool is released to the general public, it “must include a protocol to ensure that the speaker approves the use of their voice.”
Back in January, ElevenLabs wrote on social media: “We are seeing an increasing number of cases of voice cloning abuse.” For this reason, the company indicated that identity verification is essential to remove malicious content and that the technology will only be available for a fee.
Technological means to protect against this kind of fraud are yet to be discussed. Until then, the only solution for the mass consumer is vigilance. When taking a call from an unknown number, the person should let the caller speak first. Even just answering with “Hello, who’s calling” can be enough for a voice sample that can then be used to spoof with our own voice.
Farid himself says he no longer answers his phone unless he is expecting a call. And when he receives calls from supposed family members, such as his wife, he asks her for a pre-agreed code word.
“Now we even mispronounce it if we suspect someone else knows it,” says Farid. “It’s like a password you don’t share with anyone. It’s a pretty easy way to get around scams as long as… you don’t panic.”
True – the method is a low-tech way to combat a high-tech problem. Of course, the mere request for money is a cause for doubt. If the caller wants to be paid in cryptocurrency, this should definitely make the “red light go on”. “Scammers ask you to pay or send money in ways that make it difficult to get your money back,” experts say.