You can no longer simply trust the voice on the other end of the line.
According to a recent report, 25% of consumers have received an AI-cloned voice call in the last 12 months, and nearly half admit they cannot tell the difference between a synthetic voice and a real one.
If your business authorizes wire transfers, processes invoices, or handles password resets over the phone, “recognizing their voice” is no longer a valid security check. You need to establish an internal “safe word” protocol for any sensitive verbal requests immediately.
But don’t stop there. Attackers are getting smarter, often using publicly available audio from social media, voicemails, or even short video clips to build convincing voice replicas. In many cases, they pair the voice with urgency (“I need this done right now”) or authority (“This is the owner. Handle it.”) to pressure employees into skipping verification steps.
To reduce risk, implement a layered approach:
- Require a secondary form of verification for any financial or credential-related request (text, email confirmation, or internal system approval)
- Limit what information can be changed or approved over the phone alone
- Train staff to treat unexpected or urgent requests with skepticism, even if the voice sounds familiar
- Document and enforce a clear escalation process when something feels off
The bottom line: trust processes, not voices. A simple verification step can be the difference between a routine request and a costly mistake.