Cybercriminals use voice phishing to scam $243000 out of a UK Energy Firm

January 2, 2020
uk energy firm vishing voice phishing ai

Phishing has already been popular for its vast attacks from individuals to big companies around the world thus many cyber-security firms have already investigated and found cyber-crime solutions to combat these attacks. But what’s shocking in today’s news is that cyber-criminals developed a sophisticated form of phishing called voice phishing or vishing, to steal money from its victims via phone call and is now targeting companies situated in UK.


Researchers found this new form of phishing when the CEO of an unnamed UK energy firm was tricked into transferring €220,000 or approximately $243,000 to the chief executive officer of its parent company which occurred last March this year.


Euler Hermes Group, the firm’s insurance company who handled the case, shared the information on how cyber-criminals impersonate the voice of the company’s boss. He explained that the CEO of energy firm which was based in UK recognized the subtle German accent in his boss’s voice and that it carried the man’s melody. He also shared that the cyber-criminals behind the attack called the company three times. The first call was to initiate the transfer of funds, followed by falsely claiming that the funds had been reimbursed, and lastly, seeking for a follow-up payment.

Even though the same fake voice was used, the last call was made with an Austrian phone number and the reimbursement had not gone through. When the CEO noticed that the funds he transferred didn’t appear, he became suspicious of the caller’s authenticity. After realizing his fault, he did not send a second payment. But unfortunately, the funds that he first transferred had already been moved to Mexico and other locations.

Further investigation revealed that the cyber-criminals had used a voice-generating AI (artificial intelligence) software that impersonates the voice of the company’s boss. What’s more threatening is that this commercial voice-generating software is readily available from many software vendors.

Vishing is the illegal access of data via voice over Internet Protocol (VoIP). Voice Phishing stems from cyber-criminals who develop a new kind of phishing. Phishing is the practice of using deception to get you to reveal personal, sensitive, or confidential information. However, instead of using email, regular phone calls, or fake websites like phishers do, voice phishing use an internet telephone service.

The security fraud of Euler Hermes Group also believes that the commercial software used to spoof the German executives voice was coming from Dessa, an AI (artificial intelligence) company based in Toronto. This May, the AI company Dessa released a simulation of the podcaster Joe Rogan voice that was similar of his gravelly timbre using only text inputs. The impersonated voice was so similar to the real voice of Joe Rogan which makes a longtime listener having difficulty distinguishing the real voice from the fake voice.

But aside from successfully creating a “human-like” speech software, the AI company was also aware of the implications it will bring to the society. Aside from the good side of having a human-like speech software, cyber-criminals had found a new way of hacking individuals and companies, just like what happened to the UK-based energy firm.

Since cyber-security experts was not able to identify who was behind this attack, it was difficult for them to identify the voice-generating software used. But what is clear to them are the possible ways that the voice-generating software will be used in the future against individuals and companies around the world.

About the author

Leave a Reply