WPP’s top advertising executive hit by scammers using voice cloning
Hackers recently tried to scam WPP executives into giving away sensitive information and money.
As reported by the Financial timesthe scam was quite elaborate and used a combination of deepfake videos and AI voting software to trick executives into thinking they were discussing a business venture with their colleagues.
In a letter to employees explaining the incident, WPP CEO Mark Read said unnamed threat actors used a publicly available photo of him to set up a fake WhatsApp account. They then arranged a Microsoft Teams call with an agency head and another senior executive.
Increasing sophistication
That other senior executive was impersonated using YouTube footage and a voice clone, and the fake Read was off camera, participating in the discussion only via chat.
“The pretext was that the targeted individual was asked to set up a new company with the ultimate goal of obtaining personal information and money,” Read said in the email. “Fortunately the attackers were not successful.”
Recently, WPP has experienced an “increasing sophistication in cyber attacks on our colleagues, and those targeting senior leaders in particular,” Read added.
Cybersecurity researchers and experts have been warning about the increasing sophistication of cyberattacks for several years, especially since the proliferation of artificial intelligence (AI) tools. Deepfakes have become so good that they are often indistinguishable from authentic videos, while voice cloning tools are even more dangerous for obvious reasons.
To defend against the increasing use of AI in cybercrime, companies must also invest more and, ironically, deploy AI themselves, the researchers said. However, because most of these attacks target employees (often at lower positions in the first place), investing in tools without investing in employee training will not pay off much.