Top WPP advertising executive hit by scammers using voice cloning attack

Robot typing text on a typewriter. Artificial intelligence generated text and future of journalism concept. Vector illustration.
(Image credit: Moor Studio via Shutterstock)

Hackers recently tried to scam WPP executives into giving away sensitive information and money. 

As reported by the Financial Times, the scam was quite elaborate, and used a combination of deepfake videos and AI voice software to trick the executives into thinking they were discussing a business venture with their peers.

In a letter sent to employees explaining the incident, WPP chief executive officer Mark Read said unnamed threat actors used a publicly available photo of him to set up a fake WhatsApp account. Then, they arranged a Microsoft Teams call with an agency head and another senior executive. 

Increasing sophistication

That other senior executive was impersonated using YouTube footage and a voice clone, and the fake Read was off-camera and only participated in the discussion via chat. 

“The pretext was that the individual targeted was being asked to set up a new business with the ultimate aim of extracting personal details and money,” Read said in the email. “Fortunately the attackers were not successful.”

In recent times, WPP had experienced an “increasing sophistication in the cyber attacks on our colleagues, and those targeted at senior leaders in particular,” Read added.

For a few years now, cybersecurity researchers and experts have been warning of increasing sophistication in cyberattacks, especially since the proliferation of Artificial Intelligence (AI) tools. Deepfakes have gotten so good that they are often indistinguishable from authentic videos, while voice-cloning tools, for obvious reasons, are even more dangerous.

To defend against the increasing use of AI in cybercrime, businesses should also invest more and, ironically enough, deploy AI themselves, the researchers said. However, since most of these attacks are aimed at employees (often on low-level positions, first), investing in tools without investing in employee education won’t bear much fruit.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.