This CBC article (linked above) on “Deep Fakes” is a very interesting read, and Deep Fakes are something we should all be aware of.
This concept feels like a derivative of social engineering, but it goes much deeper than researching a potential target and using some of their available information and social media against them. It takes the Phishing and Spear-phishing to a new level, by mimicking the source information (a voice in a phone call in this article’s example) far better than we’re used to seeing. This isn’t just a phishing email that looks like it’s coming from Microsoft or the Canada Revenue Agency. Voice and video can now be copied and altered in ways that make the reproduction seem quite realistic. Capturing someone’s unique voice on a phone call or an in-person meeting, then using software to alter the order or content of words, allows a malicious actor to deliver voice messages or even have entire voice conversations with the targeted person not knowing it’s a computer on the other end of the line.
Pair this Deep Fake technology with email and phone number spoofing and we’re looking at the complete spoofing package for malicious actors. That’s right; email addresses and phone numbers (including the name) can be completely faked by a malicious actor these days. If you see a phone call from “Canada Revenue Agency” and the phone number is correct (the same as on the CRA’s website), it doesn’t mean that it’s the CRA calling.
Always take caution when someone calls you asking for sensitive information, or asking for funds to be transferred or gift cards to be purchased. Even if the voice sounds familiar and the name and number are correct, it never hurts to call someone back on their trusted phone number to verify their identity.