Voice Cloning Attack
What is Voice Cloning Attack?
Voice Cloning AttackAn attack that uses AI-generated speech mimicking a real person to bypass voice authentication or trick victims into authorising payments or actions.
A voice cloning attack uses a deep-learning model trained on a few seconds of a target's audio to synthesise convincing speech in that person's voice. Modern systems such as ElevenLabs, Resemble, and open-source tools have made high-quality cloning available with minutes of training data scraped from public videos or voicemail. Attackers leverage cloned voices for CEO fraud and 'grandparent scams' where a relative is impersonated in distress, for bypassing voice-biometric authentication at banks and call centres, and for social engineering helpdesks. Defences include liveness detection, out-of-band callback to a known number, code words shared inside families, and replacing voiceprint as a primary authentication factor.
● Examples
- 01
An attacker clones a CFO's voice from a conference talk and phones the accounting team to demand an urgent wire transfer.
- 02
A parent receives a panicked call from what sounds like their child asking for bail money - in reality a cloned voice.
● Frequently asked questions
What is Voice Cloning Attack?
An attack that uses AI-generated speech mimicking a real person to bypass voice authentication or trick victims into authorising payments or actions. It belongs to the AI & ML Security category of cybersecurity.
What does Voice Cloning Attack mean?
An attack that uses AI-generated speech mimicking a real person to bypass voice authentication or trick victims into authorising payments or actions.
How does Voice Cloning Attack work?
A voice cloning attack uses a deep-learning model trained on a few seconds of a target's audio to synthesise convincing speech in that person's voice. Modern systems such as ElevenLabs, Resemble, and open-source tools have made high-quality cloning available with minutes of training data scraped from public videos or voicemail. Attackers leverage cloned voices for CEO fraud and 'grandparent scams' where a relative is impersonated in distress, for bypassing voice-biometric authentication at banks and call centres, and for social engineering helpdesks. Defences include liveness detection, out-of-band callback to a known number, code words shared inside families, and replacing voiceprint as a primary authentication factor.
How do you defend against Voice Cloning Attack?
Defences for Voice Cloning Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Voice Cloning Attack?
Common alternative names include: Audio deepfake, AI voice fraud, Vishing 2.0.
● Related terms
- ai-security№ 1203
Video Deepfake Attack
An attack that uses AI-generated synthetic video of a real person, often in a live meeting, to authorise fraudulent transactions or spread disinformation.
- ai-security№ 036
AI-Generated Disinformation
False or misleading content produced or amplified by generative AI to deceive audiences, manipulate opinion, or influence elections, markets, or conflicts.
- attacks№ 1205
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
- ai-security№ 037
AI-Generated Malware
Malicious code written, mutated, or assisted by large language models, lowering the skill bar for attackers and accelerating variant production.