Watch how a hacker can ‘hack’ a business with just a few clicks - as Vodafone issues warning
and on Freeview 262 or Freely 565
- Ethical hacker shows how simple it is to ‘hack’ a business.
- AI-voice cloning attacks just need a few seconds of audio.
- Study finds younger staff are ‘more likely’ to fall for AI-phishing attacks.
A terrifying video shows just how simple it is for cybercriminals to hack you or your business. In fact all it takes is just a few clicks and they could be in.
Vodafone teamed up with renowned ethical hacker Dr Katie Paxton-Fear to see if she could execute a ‘successful’ AI-driven phishing attack on entrepreneur Chris Donnelly. And in a video released to the public, it turns out to be surprisingly easy.
Advertisement
Hide AdAdvertisement
Hide AdIt comes as a new study from Vodafone Business UK found that the majority of UK business leaders believe their staff could spot an AI phishing scam – yet only a third of employees were able to identify one when put to the test. Researchers quizzed 3,000 UK office workers and business leaders from small, medium and large firms on a range of cybersecurity matters, including awareness of AI phishing attacks.
The Vodafone research revealed that more than three-quarters (78%) of bosses felt “confident” their employees could successfully spot a sophisticated AI phishing attack. However, when faced with a series of images and emails, only a third (36%) of workers were able to distinguish the fakes from the real things.
‘It’s a wake-up call to businesses’
Chris Donnelly, Entrepreneur and CEO, Lottie, volunteered to see if Dr Paxton-Fear would be able to ‘hack’ his business in the video. The ethical hacker used AI-voice cloning software and just a few seconds of audio from a clip on social media to copy Chris’ voice and ‘target’ one of his employees.
Advertisement
Hide AdAdvertisement
Hide AdHe said: “Cybersecurity has always been a priority for my business, it’s something we think about all the time, and we ensure we keep our security protocols as updated as possible. You can imagine my surprise by how effortlessly the ethical hacker was able to breach our defences using sophisticated AI phishing tactics, like voice cloning.
“As someone who runs a health tech platform where we manage vast amounts of personal and private data, this experience highlights the importance of staying one step ahead in cybersecurity, especially with evolving AI threats.
“It’s a wake-up call for all businesses to strengthen their security measures and provide consistent training for staff to protect against even the most advanced forms of deception. Today, staying vigilant and adaptive is essential to protecting our organisation and clients.”
Businesses need to ‘understand the risk’ of AI-phishing attacks
Dr Paxton-Fear, Ethical Hacker and Cybersecurity Lecturer at Manchester Metropolitan University explained: “I’m delighted to have partnered with Vodafone Business on this new campaign to drive awareness of the rising threat of AI phishing scams in the business sector.
Advertisement
Hide AdAdvertisement
Hide Ad“Today, cybercriminals have access to powerful artificial intelligence tools that make creating convincing phishing scams alarmingly easy and scalable. With AI, attackers can tailor messages to appear highly personalised, making it harder than ever for employees to distinguish a fake email from a legitimate one.
“Businesses, no matter their size, need to understand the real risk at hand and take proactive measures to defend against these threats. Strengthening cybersecurity practices, implementing advanced detection systems, and educating staff on recognising AI-driven scams are essential steps to safeguard valuable data and maintain trust.”
Younger staff ‘more likely’ to fall for AI-driven scams
The study also highlighted an ‘age gap’ in awareness – with younger staff aged 18 to 24 appearing more likely to fall for AI-driven phishing scams than their older peers.
Gen Z staff were also more likely than most to fall victim with nearly half (47%) having not updated their password for more than a year and two in ten (19%) having never changed it at all. Junior staff also left themselves the most exposed to hackers, with nearly two-thirds (62%) having social media profiles that were open to the public, compared to two-fifths (40%) of Brits.
Advertisement
Hide AdAdvertisement
Hide AdAn open social media account enables hackers to access private information that can be used for criminal activities, while fraudsters can use AI tools to replicate a person’s voice with only three seconds of audio.
AI-driven phishing attacks are on the rise globally with a 60% increase in activity in 2023 alone. Alongside reputational damage, a successful breach could cost an organisation up to £4,200. And, the UK was among the top three nations where businesses were targeted by AI phishing scams, together with the United States and India respectively.
The findings are revealed during International Fraud Awareness Week as Vodafone Business launches Proactive Security – Phishing of the Future, a new cybersecurity campaign designed to help businesses boost their digital security posture and keep themselves protected from advanced AI-driven cyber threats.
Cybersecurity training ‘would be helpful for staff’
While four-fifths (80%) of bosses agreed cybersecurity training would be helpful for staff, in mitigating AI-driven cyber threats, only two-thirds (64%) had provided any kind of cybersecurity training in the past two years. A third (31%) of employees admitted their current cybersecurity training needed ‘updating’ to reflect modern forms of cyber threats powered by AI.
Advertisement
Hide AdAdvertisement
Hide AdAnd, two-thirds (67%) of young workers said their cybersecurity training was not adequately tailored to the needs of their role. Less than a quarter of staff were confident that they could identify an image phishing (23%) or a search engine phishing scam (24%) while only slightly more (28%) said they could spot a social media scam.
Some two-fifths (40%) said they would be able to recognise a voice call phishing scam, while two-thirds (63%) said they would spot a text message scam.
Vodafone launches ‘proactive security’ recommendations
To assist the UK Government in its own mission to better prepare businesses for the rising threat of AI-driven cybersecurity scams, Vodafone Business has outlined several policy recommendations in its ‘Proactive Security - Phishing of the Future’ report, which include:
- Incentivising cybersecurity adoption: Introduce financial incentives, such as tax breaks, grants or subsidies, for businesses that invest in cybersecurity measures, including training and certification.
- Launching a ‘Cyber Safe’ PR campaign: Develop a nationwide PR campaign to promote Cyber Resilience Centres (CRCs) and the Cyber Essentials certification among businesses of all sizes.
- Reallocating funding for local cybersecurity training: Reallocate funds within the National Cyber Security Strategy budget to support targeted local initiatives for businesses, focusing on effective engagement programmes.
- Enhancing cybersecurity skills to prevent AI-led cyber-attacks: Promote the development and adoption of AI-driven cybersecurity tools and provide training to businesses on preventing AI-led cyber-attacks.
- Expanding Cyber Resilience Centres (CRCs): Establish additional CRCs in underserved regions and enhance the capabilities of existing centres to offer tailored support for businesses.
Are you concerned about AI-phishing scams and techniques like voice cloning? Share your thoughts by emailing me: [email protected]
Comment Guidelines
National World encourages reader discussion on our stories. User feedback, insights and back-and-forth exchanges add a rich layer of context to reporting. Please review our Community Guidelines before commenting.