We tried phishing our YC F24 batchmates

Last week, we got to demo Rulebase (voice fraud defence systems for financial services) at YC's product showcase.

Before the demo, Gideon Ebose and I spent hours thinking about how best to show the nature and gravity of the problem Rulebase is trying to solve: businesses and their customers are susceptible to fraud from voice channels, even more so with ever more realistic AI voice agents!

We came up with a slightly mischievous idea—we'll try phishing our batchmates! We made a voice clone of Garry Tan (YC's president) and called a few batchmates, urgently asking what they would demo the next day in Garry's voice.

The phishing operation was (unfortunately?) quite successful: two of the six founders we called shared their pitches for the next day before realizing it was a deepfake!

Here's what we learned from this (and what this means for the rest of us):

• Phishing attacks rely on urgency and time pressure. Starting the calls by saying the founders had to respond quickly made them less likely to question if it was really Garry. (We're all human and susceptible to this!)
• Social engineering relies on having context about the caller and callee. The fact that our cloned caller knew there was a demo the next day also made founders less likely to question it. (There's much context about all of us on social media, which makes things easy for attackers.)
• Creating and deploying voice clones is now ridiculously cheap: the six calls cost less than 5 dollars! (Fraudulent attackers can now easily deploy massive-scale call operations, putting many businesses at risk.)

Rulebase is best prepared to protect fintechs, banks, contact centres, and customers from fraudulent voice callers. We can prevent and detect fraudulent calls from human and AI callers in real time, and we create phishing simulations to train and prepare your front-line staff.

If your business needs this (it probably does), book a demo with us: https://cal.com/chidi-rulebaseco/30min!