AI Voice Clone + BEC Combo Attack

How This Attack Works

In this hybrid attack, employees receive an email from an impersonated executive claiming a confidential wire transfer was verbally authorized — referencing a phone or voicemail the victim may actually have received. Attackers use AI voice-cloning tools to generate a brief, convincing audio clip mimicking the executive's voice, sent as a follow-up email attachment or embedded link. The combination of email authority and realistic voice confirmation bypasses skepticism that pure-email BEC would not.

Red Flags to Watch For

• ✗
  Email from a "C-suite executive" references a phone call you just received asking for urgent wire transfer
• ✗
  Wire request is confidential, time-sensitive, and outside normal approval channels
• ✗
  Voicemail or audio attachment sounds like your executive but the call-back number is different
• ✗
  Request bypasses your organization's dual-authorization payment controls
• ✗
  Executive is described as traveling, in a meeting, or unreachable for follow-up
• ✗
  AI voice clones can replicate a voice from as little as three seconds of public audio

Known Malicious Domains

These domains have been associated with this attack. Never click links going to these addresses.

• cfo-urgent-wire-request.comMALICIOUS
• exec-payment-approval.netMALICIOUS
• voice-confirmed-transfer.comMALICIOUS

Glance automatically blocks emails from domains on this list. Domain list is not exhaustive — attackers register new domains continuously.