Chatbots & Voice Phishing: How To Safeguard Against Potential Risks From AI

By Ankush Sabharwal

The rapid adoption of AI-driven chatbots has transformed customer service, automating tasks from information retrieval to order processing. However, with this growth comes a rise in cyber threats, notably voice phishing or "vishing," where attackers manipulate users into revealing sensitive information. 

Understanding the Risks

Chatbots have evolved to mimic human-like conversations, making them a valuable tool in customer engagement. However, they are increasingly susceptible to cyber-attacks. Voice phishing, a tactic where attackers use artificial intelligence to impersonate voices, is a growing concern. According to a 2024 study by Cybersecurity Ventures, voice phishing attacks are expected to rise by 50 per cent this year, driven by advancements in AI voice synthesis. The objective of vishing is to trick individuals into revealing personal, financial, or corporate information.

Cybercriminals can use chatbots to perform “phishing-as-a-service” attacks. This process involves hackers using AI-powered bots to engage potential victims and subtly elicit confidential details. In fact, IBM's 2024 Cyber Threat Intelligence Index reports that AI-based attacks, including those using chatbots, have risen by 27 per cent this year. 

Key Tactics Used in Vishing Attacks

• Caller ID Spoofing: Attackers manipulate caller IDs to appear as a trusted organisation. Sophisticated AI-driven algorithms then generate a voice that sounds like an authentic representative (voice cloning), making it easier for the caller to deceive the victim.
• Psychological Manipulation: Phishers use time-sensitive language and high-pressure tactics, such as mentioning “urgent account issues,” to coerce victims into sharing sensitive data.
• Scripted Scenarios: AI chatbots can also be programmed with scripts mimicking legitimate customer service interactions, tricking users into giving up their information.

According to a 2024 report by Palo Alto Networks, 73 per cent of organisations experienced an increase in phishing attacks involving AI technologies, with voice phishing accounting for 18 per cent of these attacks. Another study from the 2024 Data Breach Investigations Report reveals that voice phishing attacks increased by 34 per cent from the previous year, with 80 per cent of these attacks targeting companies in finance, healthcare, and tech.

Consequences of Voice Phishing Attacks

Voice phishing attacks have significant repercussions, especially for businesses and individuals who fall victim to them. Financial loss is a primary concern; a 2024 FBI report estimates that businesses and individuals have lost over $3 billion to fishing scams this year. Besides financial damage, these lead to reputational harm, regulatory penalties, and loss of trust from customers.

Safeguarding Against Chatbot and Voice Phishing Threats

• Implement Advanced Authentication Mechanisms: Multi-factor authentication (MFA) is essential for protecting customer and business accounts. Biometric authentication further improves security, making it harder for attackers to gain unauthorised access.
• Educate Users and Employees: Training programs focused on recognising phishing tactics can help employees and customers become more vigilant. For example, showing users how to identify caller ID spoofing or suspicious language in messages can reduce their vulnerability to such attacks.
• Use AI-Based Detection Tools: Cybersecurity firms now offer AI-driven threat detection solutions capable of identifying phishing patterns in real time. Tools can monitor unusual patterns in chatbot interactions, helping prevent phishing attacks.
• Update Security Protocols Regularly: Regular updates are critical for minimising vulnerabilities. Businesses should ensure their chatbots use end-to-end encryption and adhere to the latest cybersecurity standards. Regular audits and vulnerability testing also contribute to a proactive approach to mitigating threats.
• Leverage AI in Defense: AI can also be part of the solution. Machine learning models can detect unusual speech patterns or behaviour indicative of phishing attempts. According to a 2024 Gartner report, 45 per cent of large enterprises plan to integrate AI-based security protocols in their customer service departments by the end of this year.
• Use of NLP: Voice recognition and NLP (Natural Language Processing) enable accurate interpretation of user intent, even in noisy settings or across diverse accents. After intent identification, a secure PIN-based authentication via the user's linked UPI app ensures safe transactions. It enhances convenience and speed, particularly in hands-free situations.

The 2024 surge in chatbots and voice phishing highlights the need for robust cybersecurity. Businesses should secure AI-driven tools with advanced authentication, continuous monitoring, and employee-customer education. Proactive steps can minimise vulnerabilities, allowing organisations to benefit from AI’s convenience while ensuring security remains uncompromised.

(The author is the Founder and CEO, CoRover)

Disclaimer: The opinions, beliefs, and views expressed by the various authors and forum participants on this website are personal and do not reflect the opinions, beliefs, and views of ABP Network Pvt. Ltd.