TLDR: Threat actors are combining AI voice cloning with traditional spear-phishing to target C-suite executives. Victims receive voicemails from “colleagues” directing them to credential harvesting sites.
Attack Chain:
- Open-source intelligence gathering on targets
- AI voice clone generation from public recordings
- Voicemail + email combination attack
- Credential harvesting via lookalike domains
At least 12 successful compromises confirmed at Fortune 1000 companies.