A quick demo POC of how using multiple AI based technologies, you can simulate a voice phishing attack by simulating a high profile employee within an organisation.

There are a lot of products that do both voice cloning and video deepfakes, but this is a simple POC to demonstrate some of the technologies in a step by step manner, and also an attempt at showing how the entire process could be automated by an attacker.

I used ElevenLabs (https://elevenlabs.io) to create a voice clone of a high profile employee. It's a simple process that just requires clipping a few minutes of audio from YouTube videos of the target speaking.

Then using its API, we can generate an audio file of the target by providing a text string.

ChatGPT is used to provide the basic conversational capabilities to the voice clone. Using it means that the conversation can be completely automated, and should be able to handle any variations in the conversation without requiring any hardcoded replies.

It has been provided basic instructions on how to handle the conversation and eventually direct the victim to an email they have sent but this can be modified to whatever the test requires. It is located in the messages_run.json file

OpenAI's Whisper is finally used to convert the input on a call from the potential victim

The system currently requires manual input to trigger each step of the generation, but it wouldn't be too difficult to automate the entire process, doing stuff like listening for noise and triggering the entire response generation process after a short period of silence.