This feature is extremely insecure now that there’s several AIs that can replicate voices. If a scammer calls you and you say a few words, a recording of that can be enough for them to replicate your voice.
This happened at my workplace. An attacker got into someone’s Schwab account by calling Schwab support and successfully getting past the voice verification, and nearly successfully transferred $100k (from a recent stock sale) out of their account. Schwab sent out a notice saying they’re improving their security, but I’m not sure if they’ve actually improved it.
Yup, I almost didn’t enable it, but since I was on vacation and didn’t want to go set up the app (I try to never set up security features when away from my desk), I let them set it up. They claimed it was AI-resistant, but I honestly don’t believe them.
But I don’t think enabling it alone would increase risk of anything, it just adds another barrier to impersonating me over a phone. I think they said it wouldn’t bypass any other checks, it just increases the likelihood that the call will be dropped before getting to those other checks. But I’m not sure how it works in practice.
This feature is extremely insecure now that there’s several AIs that can replicate voices. If a scammer calls you and you say a few words, a recording of that can be enough for them to replicate your voice.
This happened at my workplace. An attacker got into someone’s Schwab account by calling Schwab support and successfully getting past the voice verification, and nearly successfully transferred $100k (from a recent stock sale) out of their account. Schwab sent out a notice saying they’re improving their security, but I’m not sure if they’ve actually improved it.
Yup, I almost didn’t enable it, but since I was on vacation and didn’t want to go set up the app (I try to never set up security features when away from my desk), I let them set it up. They claimed it was AI-resistant, but I honestly don’t believe them.
But I don’t think enabling it alone would increase risk of anything, it just adds another barrier to impersonating me over a phone. I think they said it wouldn’t bypass any other checks, it just increases the likelihood that the call will be dropped before getting to those other checks. But I’m not sure how it works in practice.