The Three-Second Theft: Why AI Voice Fraud Outruns Every Defence
32 points
by dxs
48 minutes ago
| 3 comments
| smarterarticles.co.uk
| HN
reactordev
17 minutes ago
[-]
What’s terrible is each time I am forced to call the bank, the more they try to tell me voice ID is secure and want me to provide my voice to authenticate. Never. Did ya’ll never play Uplink? With voice cloning as good as it is now, there’s no way a voice ID is secure enough for authentication.
reply
chuckadams
25 minutes ago
[-]
One reasonably effective defense: "Okay, let me call you right back." Yes, there's always the whole "my phone is dead, I borrowed someone else's" or "I'm calling from a jail payphone", so I think it might become common practice to start making authentication phrases or "tell me something only we know".

Another pillar of basic trust that's being eroded on an industrial scale. Sigh.

reply
jonathanlydall
13 minutes ago
[-]
In practice this often doesn't work.

Article said the imposter in this case claimed her phone had been confiscated.

Fraudsters tend to also plan things such that the impersonated person can't be reached by phone at that time, either by choosing a time when they somehow know they're unavailable (e.g. impersonated person posted on social media they're boarding a plane) or in one case (12 years ago though) my SIL's parent's landline was bombarded with spam calls until they decided to leave the phone off the hook at which point the scammers phoned bank who couldn't reach the parents on their main line, of course this was the bank's problem (and there was probably an inside person facilitating) so they got their money back, but still a major inconvenience for the victim.

Probably the only sure advice is to be exceptionally weary of phone calls with supposed extreme time pressures to send the money now.

reply
wccrawford
18 minutes ago
[-]
The example in the article says the police took her phone. Then her "attorney" gets on to talk instead.

Yes, having a secret code is probably the right answer. My wife's family always has, but mine doesn't. I suppose we should probably fix that.

reply
sudb
14 minutes ago
[-]
For extra security against these text-to-speech model zero-shot clones, you might also want to use made-up gibberish words for which the pronunciation can't be reliably inferred from the spelling
reply
dwa3592
7 minutes ago
[-]
me and my wife made up a word in 2024 for this. the word doesn't exist in any language. we say it to each other all the time. even if i give you the spelling for it, you will say it wrong. i recommend everyone to do something similar. i should do it with my parents too.
reply
briffle
10 minutes ago
[-]
our family has had a special 'code word' we have had since the kids were in elementary school. If someone ever needed to pick up our kids from school (they never did) our kids were taught to ask for that word.

This is a good reminder that we should review that, since its been 10 years or so.

reply
ActionHank
20 minutes ago
[-]
I mostly answer unknown calls with monotone "hello" and then wait for their introduction before talking normally.
reply
ghaff
18 minutes ago
[-]
I mostly just don't answer them unless it seems like something that may be legit.
reply
etchalon
14 minutes ago
[-]
We're gonna need two-way passwords for conversations.

Fun.

reply
croes
15 minutes ago
[-]
Family OTP helps against passphrase leakage
reply
intended
18 minutes ago
[-]
The opening example is of a person listening to their daughter’s voice on an unknown number, how would calling them back help? Or am I missing something obvious?
reply
ThrowawayTestr
20 minutes ago
[-]
They make you give a voice sample now when you're arrested. You need to do so in order to use the phone.
reply
dec0dedab0de
13 minutes ago
[-]
who is they?
reply
ThrowawayTestr
2 minutes ago
[-]
The US government
reply