AI has made our lives better in many ways, but Arizonans are now facing a new and deeply unsettling type of scam: audio cloning.
Audio cloning is the process of creating a digital replica of someone’s voice using artificial intelligence. While the technology has legitimate uses in content creation and accessibility, it is increasingly being used for fraud.
In 2023, the danger became all too real for Scottsdale resident Jennifer DeStefano. She received a call that sounded exactly like her 15-year-old daughter begging for help, followed by a ransom demand. The voice was later confirmed to be an AI-generated clone, created using publicly available audio samples.
This was not an isolated incident. According to a McAfee study, 77% of victims lost up to $15,000 to voice scams that mimicked friends and family.
Businesses aren’t doing any better. A Hong Kong employee of engineering giant Arup transferred $25 million to scamsters posing as the CFO over a conference call. Last year, scammers mimicked Ferrari CEO Vigna’s southern Italian accent to dupe an executive over a call.
AI-powered cyberattacks have terrifying accuracy due to their social engineering and context-based systems. Consequently, Arizona Attorney General Kris Mayes has warned people of AI scams, including the voice cloning ones.
To know how you can protect your close ones and your business, you need to understand how these attacks work.
How do voice cloning scams work?
Voice cloning scams follow a simple but effective playbook.
- Scammers first collect short audio samples of a target from public sources such as social media videos, voicemail greetings, interviews, webinars, or company presentations.
- Then they use in-house voice recognition software or mainstream AI tools such as ElevenLabs, Resemble AI, Descript, or Lovo AI. These tools can recreate a highly convincing voice by learning vocal tone, cadence, accent, and speech patterns. The result is a synthetic voice that sounds authentic enough to bypass initial doubt.
- Once the voice is generated, attackers layer in social engineering. They place urgent calls designed to trigger panic or authority bias. For individuals, this usually involves a distressed family member claiming to be in danger. For businesses, the impersonation targets executives, finance leaders, or vendors.
- The urgency is paired with a believable context, like a confidential file, a payment transfer, or a meeting that cannot wait. Some scams escalate realism by combining voice cloning with deepfake video calls, as the one Arup faced.
The impact is significant because these attacks bypass traditional fraud defenses. Victims act quickly, follow tasks before critical thinking kicks in, and end up not only losing money but also relationships and opportunities.
The impact of audio deepfakes
While the financial losses are staggering, the true impact of audio deepfakes goes far beyond the balance sheet. Arizona has a thriving community of retirees and small business owners, two demographics frequently targeted by these scams.
- For Arizona families, it creates a climate of fear. When you can’t trust the voice of a panicked relative on the phone, families are forced to delay help during genuine emergencies
- Arizona businesses, including retail, legal practices, and medical offices are seeing an increase in vendor fraud, where a cloned voice authorizes changes to payment details for invoices. Employees must now second-guess every urgent instruction from their bosses
- For leadership, the risks are identity theft and reputation hijacking. “Leaked” audio of executives is released to manipulate stock prices and public sentiment
Steps to protect yourself from audio cloning scams
AG Kris Mayes laid out essential steps that might help you safeguard against voice cloning attacks. The strategy used by threat actors is sophisticated, so the defense has to be up to the task.
Establish a family safe word
This is the number one defense recommended by Mayes. Agree on a specific word or phrase unique to your household; something that wouldn’t be found in a social media post or public bio. If a family member calls claiming to be in distress, kidnapped, or arrested, ask for the safe word. If the caller cannot provide it or tries to deflect with urgency, you know immediately it’s a scam.
The Ferrari employee thwarted the cyberattack after asking a question only CEO Vigna could answer.
Audit your passive voice data
You might not post on TikTok, but you likely have a voicemail greeting. Security researchers have confirmed that many AI-powered TTS tools can clone a voice with as little as 10-15 seconds of call monitoring. A standard “Hi, you’ve reached [Name]” greeting often provides enough data for a clone.
Switch your mobile and office voicemail to the default automated system greeting. This eliminates a primary source of high-quality audio that scammers can easily scrape.
Hang up and call back
According to Arizona’s Better Business Bureau (BBB), scammers are now spoofing local area codes to make calls look like they are coming from Arizona neighbors or local police.
If you receive any urgent call from a source you don’t recognize, hang up immediately and step back. Locate the person or organization’s official number from your contacts and call them back. Delay breaks the scammer’s flow and bypasses the spoofed number.
Train employees and enforce alternate verification
Business owners should stop relying on voice orders alone. Train employees to follow a strict cybersecurity policy and report anomalies. Any request to change payment details, wire funds, or buy gift cards requires out-of-band verification.
If a request comes via phone, employees must verify it via Slack, Microsoft Teams, or a known internal extension. This multi-layer check makes it nearly impossible for a single cloned voice to succeed.
Partner with a local managed IT service provider
You cannot fight AI with free antivirus software. An MSP like MyTek acts as your cybersecurity shield by implementing the enterprise-grade tools that stop these scams before the phone rings.
MyTek implements advanced secure cloud hosting, email filtering to catch the phishing attempts that usually precede a voice attack, and sets up secure multi-factor authentication (MFA) that AI cannot bypass. As a local partner, we understand the specific trends of Arizona industries, ensuring SMB defenses are tailored to your actual risks.
MyTek: Arizona’s answer to rising AI deepfake scams
As AI risks go up for Arizona businesses, relying on generic security is no longer enough. At MyTek, we build resilient businesses through our MyTek Butler managed services.
We block entry points that filter cyberattacks, implement authorization and access controls, and train the employees so they can spot the subtle signs of social engineering that software might miss.
Contact MyTek today to secure your business with a local managed IT partner.