Researchers in the US have reportedly used OpenAI’s voice API to create AI-powered phone scam agents that could be used to drain victims’ crypto wallets and bank accounts.
As reported by The Register, computer scientists at the University of Illinois Urbana-Champaign (UIUC) used OpenAI’s GPT-4o model, in tandem with a number of other freely available tools, to build the agent they say “can indeed autonomously execute the actions necessary for various phone-based scams.”
According to UIUC assistant professor Daniel Kang, phone scams that involve perpetrators pretending to be from a business or government organization target around 18 million Americans every year and cost somewhere in the region of $40 billion.
GPT-4o allows users to send it text or audio and have it respond in kind. What’s more, according to Kang, it’s not costly to do, which breaks down a major a barrier to entry for scammers looking to steal personal information such as bank details or social security numbers.
Indeed, according to the paper co-authored by Kang, the average cost of a successful scam is just $0.75.
During the course of their research, the team carried out a number of different experiments, including crypto transfers, gift card scams, and the theft of user credentials. The average overall success rate of the different scams was 36% with most failures due to AI transcription errors.
“Our agent design is not complicated,” said Kang. “We implemented it in just 1,051 lines of code, with most of the code dedicated to handling real-time voice API.
“This simplicity aligns with prior work showing the ease of creating dual-use AI agents for tasks like cybersecurity attacks.”
He added, “Voice scams already cause billions in damage and we need comprehensive solutions to reduce the impact of such scams. This includes at the phone provider level (e.g., authenticated phone calls), the AI provider level (e.g., OpenAI), and at the policy/regulatory level.”
The Register reports that OpenAI’s detection systems did indeed alert it to UICU’s experiments and moved to reassure users that it “uses multiple layers of safety protections to mitigate the risk of API abuse.”
It also warned, “It is against our usage policies to repurpose or distribute output from our services to spam, mislead, or otherwise harm others — and we actively monitor for potential abuse.”