Voice biometrics spoof nets fraudster $29M
The U.S. subsidiary of financial media giant Nikkei, has been victimized by a voice biometric spoof attack that netted a $29 million wire transfer, PYMNTS reports.
The wire fraud occurred in September, when a malicious third-party posing as a management executive of Nikkei instructed a company employee to send the funds in a combination phishing and imitation attack.
“I don’t want to applaud [the fraudsters] — far from it. Our job is to stop them. But you almost have to give them kudos for actually moving to foil voice biometrics. That is pretty slick. Just not in a good way,” Chief Experience Officer David Barnhardt, chief experience officer at fraud detection company Giact told PYMNTS.
PYMNTS points out that unlike some types of fraud and breaches which must be reported, incidents like the one at Nikkei are likely underreported. Barnhardt estimates that fraud of this type likely nets hundreds of millions of dollars a year, and refers to the incident as a “canary in the coal mine.”
Giact urges enterprises to use proactive security solutions that will detect fraud before it starts, rather than reactive ones.
“If I were a voice biometrics security firm today, I’d be sitting up, taking notice and then figuring out how to get ahead of this, because the criminal want[s] to get ahead of them,” Barnhardt says.
ID R&D recently announced its results in the Global ASVspoof Challenge, and cautioned at the time that increasing technical capabilities could enable spoofed speech to be used against individuals, businesses, and governments.