An interesting thread in this story is the "pay to play" nature of the businesses that people were getting conned in. My only exposure to that business has been in small time music performances, and I instinctively steer clear. In my world of regular tech-industry employment and (for that matter) as a freelance musician the "opportunity" to front my own money in return for a job would be an instant red flag and polite no-thanks response.
The perpetrator(s) are very shrewd about getting the mark significantly involved by the time they are asked for money. They are alone in a foreign country with a flight paid for and the promise of work before they are asked. Still like to think I would spot it, but in the situation I am sure a lot more difficult.
I wonder if is definitely a single voice impersonator or a deep-voice application. I don't hear any glitches and you'd have to have a lot of voice samples and confidence there wouldn't be glitches during the conversation.
Also probably a single impersonator, because if they were successful with synthetic simulation they probably wouldn't stick to impersonating just one gender.
Yes. Technology can do that. Voices can definitely be simulated. Even faces can be simulated with the voice if you want to do video calls. (More artifacts there)
Claims are from seconds to 20 minutes of the original speaker's voice to creat a model that can be made to say anything:
A good example of why trust validation is important and why social engineering is one of the most difficult threat vectors to protect against. Hacking the human brain to get trust is a lot easier in most cases than cracking a lot of digital defenses (although it seems a lot of people neglect basic digital defense too...). With some companies I've worked for, I've realized how sometimes customer support could be easily duped, because they want so badly to help the person who is obviously having difficulties and paying us so much money... :P
I once worked for a large telco, and although there were some basic security and verification processes in place internally, they were not rigorously enforced. An imposter or social engineer with malicious intent and the level of company-specific inside knowledge this scammmer had about their chosen targets for impersonation could wreck havok at my old employer, or I suspect many other large companies.
In my mind it is defintely a male voice. Telling his victims he is a woman could be the very first con. If they believe it, it tells the scammer they are gullible. Like scam emails being obvious about being a scam so that if anyone seriously replies it must be a terribly gullible person … which makes a great victim.
It's not even close to socially acceptable to tell someone on the phone that they "sound like a man," or "sound like a woman." If they didn't believe you, you'd never find out.
I thought the impersonator's voice in the first video was male for sure. I had to go back and reread portions of the article to confirm that the impersonated person was female.
It’s really sad that our government is so dysfunctional that they can’t do anything to help. It’s pure laziness, dysfunction and mismanagement as to why when you call the FBI and they brush you off. What good are they?
> "There is an important element of social engineering going on with these victims," says Snezana Gebauer, K2's head of investigations and disputes practices, who has worked on the case with Kotsianas. "They know everything about their victims' personal lives and use the necessary pressure points, and they use publicly available information about the executives they are impersonating."
So it seems Google/Alphabet finally found how to monetize their new robocaller!
Fascinating read. My hypothesis why the scammer knows intimite/non-public quirks of impersonated people: The scam seems to be a larger operation, e.g. local people in Thailand surrounding the victim. So why shouldn’t they also have inside people in the industry working near those impersonated people? The spies relay everything to the shared scam database/wiki and the scammer on the phone plays his role and pretends to have experienced it first hand.
OA says in several places that the FBI said when contacted that the amount of money involved was too small to warrant an investigation. Just wondering (as an interested Brit) if the FBI would get around to looking at the whole series of scams as a single case and begin to think that the total would be enough to meet the threshold? As the scam escalates, the likelihood of someone getting into trouble abroad increases.
Using common sense, it should be the total sum of money that matters. I can't imagine the FBI not being interested in someone stealing 1 dollar from 1 billion people in separate criminal acts.
Exactly, but the FBI (or whoever) has to recognise that the billion crimes are connected and to do that you need record keeping and some keywords/criteria applied to each case/report. Just wondering if they do that...
