Virtual Kidnapping, a form of cyber extortion in which fraudsters feign the abduction of a loved one and demand immediate payment, is on the rise, reports ISMG Network. Craig Gibson, a threat defence architect at Trend Micro, warns that criminals can use SIM hijacking to take control of a victim’s mobile phone account, and utilise AI-driven voice-faking tools to mimic the alleged abductee’s voice. These tactics aim to manipulate the victims’ emotions, encouraging them to act promptly and pay the demanded ransom. Gibson suggests more complex, identity-based signals within a zero trust framework to help mitigate such threats.
- Virtual Kidnapping refers to cybercriminals pretending to have kidnapped an individual, demanding payment from their loved ones before ending the phone call, a ruse on the rise according to the FBI.
- Craig Gibson, principal threat defense architect at Trend Micro, warns that cybercriminals employ tactics such as SIM hijacking to take over a victim’s mobile phone account.
- AI-driven voice faking tools are also used to emulate the voice of the supposed abductee, thus enforcing the illusion and creating a sense of urgency within the victim.
- Non-technical tactics such as sharing “secret knowledge” among family members or employees may help in uncovering scams.
- Gibson suggests the implementation of complex, identity-based signals within a zero trust framework to mitigate threats like virtual kidnapping.
Cybersecurity researchers constantly study the threat landscape of various sectors, including government, health, banking, and telecommunications. Gibson emphasizes the importance of understanding the current cyber threats and developing multi-tiered risk management solutions. These should be based on governance, processes, and information systems, and should additionally include implemented measures such as the selection, application, and monitoring of information security controls.