Deepfake AI scammers target the Big Yin

Generative AI (GenAI) tools used by cyber criminal fraudsters to create convincing deepfake voice scams appear to have mastered the fine art of the Glaswegian accent, according to stand-up comic Billy Connolly.

In a post to his Facebook page earlier this week, Connolly warned fans that online scam artists were impersonating him with fraudulent social media accounts and direct messages soliciting direct interactions with the star.

Connolly, a former welder in Glasgow’s shipyards who embarked on a career as a folk singer in the 1960s before becoming one of Scotland’s most beloved comedians, said: “I never interact directly with fans or supporters and would never suggest they direct message me, meet me, send me money or purchase goods directly. If you are asked for any of the above, it is a scam. My likeness and the sound of my voice can be created by AI, so beware.”

Fraudsters and scammers have long exploited celebrity status to target their victims, and the use of social media to do so is nothing new in and of itself.

In the autumn of 2020 a breach at X, still known as Twitter at the time, saw the social media accounts of former celeb power couple Kanye West and Kim Kardashian hijacked to promote cryptocurrency scams, while earlier that year the UK’s National Cyber Security Centre (NCSC) was forced to issue a public warning after the identities of singer-songwriter Ed Sheeran, entrepreneur Richard Branson, and consumer champion Martin Lewis were similarly hijacked.

However, since 2020 the gathering power of GenAI tools has helped make these scams even more convincing as the perpetrators are now able to create extremely convincing video and voice deepfakes. These techniques are also being used by more sophisticated threat actors – in the summer of 2024 Russian cyber operatives were accused of fabricating an AI-generated Tom Cruise to spread the false narrative that terrorists were planning to attack the Paris Olympics.

In the enterprise world, AI bait for such cyber criminal scams less frequently centres on access to celebrities, but rather on impersonating trusted individuals within an organisation to trick employees as a form of social engineering.

In a 2023 Computer Weekly interview, SailPoint founder and CEO Mark McClain revealed how he allowed his business to spoof his identity using AI in an experiment that successfully fooled a third of those who took part in it.

Spotting AI deepfakes is a particular issue for conventional security systems which tend to be less effective at detecting synthetic media simply because they look for the wrong things, although a number of startups and scaleups among them voice security specialists Pindrop and GetReal Security, are emerging to address this.