On the Feasibility of Fully AI-automated Vishing Attacks

TL;DR

This paper demonstrates that AI-powered systems like ViKing can automate convincing vishing attacks, raising security concerns and highlighting the need for enhanced awareness and defenses against AI-enabled social engineering threats.

Contribution

The study introduces ViKing, an AI-based vishing system that automates social engineering attacks, and empirically evaluates its effectiveness through a participant experiment.

Findings

ViKing successfully persuaded many participants to disclose sensitive info.

Interactions with ViKing were perceived as highly realistic.

AI tools like ViKing are accessible to malicious actors.

Abstract

A vishing attack is a form of social engineering where attackers use phone calls to deceive individuals into disclosing sensitive information, such as personal data, financial information, or security credentials. Attackers exploit the perceived urgency and authenticity of voice communication to manipulate victims, often posing as legitimate entities like banks or tech support. Vishing is a particularly serious threat as it bypasses security controls designed to protect information. In this work, we study the potential for vishing attacks to escalate with the advent of AI. In theory, AI-powered software bots may have the ability to automate these attacks by initiating conversations with potential victims via phone calls and deceiving them into disclosing sensitive information. To validate this thesis, we introduce ViKing, an AI-powered vishing system developed using publicly available AI technology. It relies on a Large Language Model (LLM) as its core cognitive processor to steer conversations with victims, complemented by a pipeline of speech-to-text and text-to-speech modules that facilitate audio-text conversion in phone calls. Through a controlled social experiment involving 240 participants, we discovered that ViKing has successfully persuaded many participants to reveal sensitive information, even those who had been explicitly warned about the risk of vishing campaigns. Interactions with ViKing's bots were generally considered realistic. From these findings, we conclude that tools like ViKing may already be accessible to potential malicious actors, while also serving as an invaluable resource for cyber awareness programs.