Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over Sharyn's passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name on the caller ID with a spoofing tool. The hack took 5 minutes total for me to steal the sensitive information. So, how do we protect ourselves, our loved ones, and our organizations? 1. Make sure the people around you know that caller ID is easily faked (spoofed) and that voices can also be easily impersonated. 2. If they receive a dire call from “you”, verify it’s really you with another method of communication (text, DM, FT, call, etc) before taking an action (like sending money). Kind of like human MFA. Some suggest setting up a secret “verification word” with their folks ones so that if someone impersonates & demands money/access etc you can ask for the verification word to see if it’s a real crisis. This won’t work for all people but could work for some. If it’s a match, use it. In general, I recommend keeping advice simple: if premise of call is dire use a 2nd method of communication to confirm a person is in trouble before taking action (like wiring money or sensitive data). Rapid text, email, DM, have others message repeatedly — before wiring money. Bottom line is: Scammers use urgency & fear to convince victims to take actions (like sending money, data, etc). If premise of a call, text, email, or DM is too dire (or too good to be true), that’s a likely scam. Use a 2nd method of communication to check it’s real before taking action! https://lnkd.in/gSuxdVvP
Awesome segment! Way to go, Rachel 👏
This plays a few degrees away from an ITYSL skit
This is incredible, congrats on all your success!
You’re killing it! Love to see this
You're killing it, great segment!
Wow - very scary -
I know dozens of infosec people ranging from the age of 12-21 (never mind the experts) who could actually get Rachel’s passport number or passwords easily because everyone, including her, uses the internet or a phone or a credit card or an alexa or a baby monitor or a connected tv etc etc. Nobody is safe. It’s been that way for over a decade and will never change. No credit card number or password isn’t on a hundred darkweb sites. It’s a matter of managing risk.
So out of curiosity. What MFA functions do we have for business phone calls ?Something like family code words or distress codes, but for business calls (obviously known partners/colleagues) which direct to sensitiv information. Obviously shouldn’t be something like any information you get out in the social and business media and perhaps some more technical approach then getting suspicious, which is clearly also needed, and telling the telephone partner that you call back, which I assume is currently the safest method. Rachel Tobac 🤗Jayson E. Street🤗 Swantje Westpfahl Filipi Pires Reinhold Nawroth Immanuel Bär
Sr. Director, XDR Product Marketing at Darktrace, ex-Microsoft Security, Duke MBA | Talent Development Coach & Mentor
1yYou’re the pride of Pittsburgh Rachel Tobac ♥️♥️