Can you still trust an incoming phone call when AI can imitate a familiar voice, personalize the conversation and target information specifically to you?
In this episode, I speak with Alex Quilici, CEO of YouMail, about how artificial intelligence is changing phone fraud and why the personal devices carried by employees are becoming part of the corporate attack surface.
Alex explains how YouMail uses data from its consumer call-protection service to identify scam behavior, understand the type of fraud taking place and connect those patterns with the phone numbers involved. Advances in large language models have improved this analysis, but the same technology is also helping criminals build far more convincing campaigns.
Generic robocalls are being replaced by personalized conversations designed to extract information, impersonate trusted people and manipulate victims. Fraudsters can use AI throughout the attack chain, from identifying targets and analyzing stolen data to generating dialogue and adapting an approach during the call. Alex argues that attackers have adopted these capabilities faster than many defenders expected because successful fraud produces an immediate financial return.
The conversation also examines why voice biometrics can no longer be treated as sufficient proof of identity. As voice-cloning tools improve, companies may need to combine multiple forms of authentication and move sensitive communications into trusted applications. A call received through a banking app, for example, could give the customer greater confidence that the caller really represents their bank.
For businesses, the risk extends beyond company-managed technology. Attackers can identify where someone works, learn about their role and contact them through a personal phone that may sit outside corporate monitoring. An employee's private number can therefore provide another route into the business through impersonation and social engineering.
Alex also makes a persuasive case for collecting less personal data. Personalization can improve a service, but every additional piece of information becomes something an attacker might obtain during a breach. His advice is to identify the minimum information needed to deliver the intended experience rather than gathering data simply because it may prove useful later.
Despite the seriousness of the threat, Alex offers evidence that coordinated action can produce results. He has seen brand-impersonation campaigns reduced from tens of millions of calls each month to around 100,000 through monitoring, disruption and cooperation between businesses and telecommunications providers.
If AI is making fraudulent calls harder to recognize, should businesses stop treating the telephone network as a trusted communication channel by default? Listen to the episode and share your thoughts with me.
[00:00:04] Quick straw poll for everyone out there. Have you reached a point where you ignore every single call from an unknown number? If so, you're not alone. I must admit, I'll let my phone ring out until I get a voicemail confirming that it is someone I know or someone I want to talk to.
[00:00:22] And the problem is that today's scammers are not just relying on obvious robocalls anymore. Yep, you guessed it. They're also using AI to clone voices, personalise conversations and build attacks that sound frighteningly believable.
[00:00:41] So in this episode, I'm going to be talking with the CEO of YouMail. We're going to discuss how AI is changing the fraud playbook, why trust in everyday communications is under pressure, and what businesses and consumers can do to stay one step ahead.
[00:00:58] I think this is a great one because I think it impacts each and every one of us. And we've all looked down at that phone thinking, do I know this person? Should I answer? I know I'm like it all the time. So I'd be interested if you are, but we'll get to that later. But right now, let me introduce you to my guest. So thank you for joining me on the podcast today. Can you tell everyone listening a little about who you are and what you do?
[00:01:23] Sure. So I'm Alex Felicia and the CEO of YouMail. As a company, we protect phone numbers in the US. We do that a couple ways. We have a consumer app that consumers download and then it protects them from scam calls and scam texts and all that sort of stuff. We then take all the data we have from all those users that shows what the bad guys are doing and we use it to protect carriers and enterprises.
[00:01:47] And so we have a business that sells our data to carriers or sell services to carriers that allow them to see what they're actually doing. Think of it like a third party monitoring service. And we sell services to enterprises to help shut the bad guys down. So we really want to protect your phone number any way we can. That's what I do. But, oh man, you are the unsung hero of the world there because of all these robo calls, etc. I find myself now that I don't even answer my own mobile unless they leave a voicemail first. It's a real problem, isn't it?
[00:02:17] It is. I think consumers have lost all trust that this incoming call, if it's not one of their friends, is one they want to answer. And, you know, that's terrible. It feels like the PSTN is slowly dying as people get used to finding other ways to communicate. Yeah, completely agree with you. And then as this is a tech podcast, of course, AI is going to make fraud even more sophisticated, but it's also becoming an essential tool for defending against it.
[00:02:43] And that's one of the things that I invited you on here to talk about today. So how are you at Umilt using AI to stay ahead of these increasingly intelligent scams, robo calls and everything in between that seems to just intrude our lives? Well, I think there's two big questions that AI helps us answer really quickly, which is, is this particular behavior fraud? You know, what's going on with it? Is it a problem? And then exactly what kind of fraud or what kind of scam is it?
[00:03:10] Is it a product scam where they tell you you purchased something, but you really didn't. So you have to go, you know, they tell you to call a number, they do identity theft, right? Is it something more basic where it's just impersonating a bank trying to get your personal information? AI is really good at helping us say, yep, this is a fraud and here's what it's actually doing.
[00:03:30] And that's really important because we can map that to the phone numbers that are being used for those particular kind of scams. And so for us, we've been doing this for a long time, but the recent leaps in LLMs and things make that much better for us.
[00:03:45] And I've mentioned robocalls a couple of times already, but, and that of course is a legacy problem really, because I was reading, you've said scammers are now replacing those generic robocalls with highly personalized AI generated conversations. So what's made this shift possible and why is it happening so quickly now?
[00:04:03] Well, I think it's a couple of things like the, the bad guys are always on the bleeding edge of technology, right? So they were using AI to target their audience very early on. But what we've seen is that you, we've all had conversations with LLMs, right? You sit there and you use your voice and you ask questions and you have a whole dialogue. The bad guys just said, well, let's use the right prompts. So the dialogue is extracting information and impersonating people. It's not that hard to do. And so they took advantage of it first.
[00:04:31] And that it's just a nice new technology for the bad guys to use. People are wrapping it into kits. There's skills out there for Claude that essentially help it generate these kinds of conversations. It's, you know, the bad guys are very motivated. The interesting thing is bad guys make money from adopting this stuff for fraud, where the good guys spend money to try to protect themselves from losses. And so the good guys are always trailing. They don't want to spend as much money. They really don't want to deal with this where the bad guys are on offense.
[00:05:01] Yes. And something that we've got to highlight today is AI voice cloning is becoming more and more convincing. The bad guys are focusing on fooling parents or spouses into transferring money by just imitating almost perfectly our own voice.
[00:05:18] And I know a few people that use safe words before giving away any personal information. But how should businesses be rethinking the way that they authenticate their customers and build trust during these everyday communications? It feels like a real minefield here.
[00:05:37] It is a minefield. I think, you know, for a while, everybody was moving to voice biometrics as, hey, this is going to be the way we handle security. I think we've proven that we're seeing that that doesn't work, right? The bad guys are able to get around that. So the number one thing is some sort of multi-factor authentication.
[00:05:53] But I think the second thing is if you have a way to connect with your consumers outside of traditional phone calls and texts, you need to use it. Right? So if you're a financial institution, you've got an app on the phone, that app is going to become your communication channel. Right now we see the push notifications, but eventually you're going to see calls.
[00:06:10] You're going to see your banking app pop up and the bank's calling you and you're going to know that's really the bank. And so it's going to work the same way with internal communications. Hey, if you don't get a call from this particular number, you know, for an internal thing or for the, through our own app, don't take it. We're going to move to these walled gardens. And I think it's, that's where it's all headed.
[00:06:31] And you and your team must see attack patterns evolving in real time. And you, you're right in the eye of the storm, so to speak. So I'm curious, is there anything that has surprised you most about how fraudsters are putting AI to work today? You're probably almost unshockable. You've seen it all, but is there anything that has surprised you?
[00:06:52] I think it's the way they've used AI for every aspect of the attack chain. So they're using AI to figure out who to target. They're using AI to use data and extract data to use for a particular person that they're targeting, right? They're using AI to do these dialogues now. It's the whole thing. Like they, they adopted it so fast. And I think the speed at which they adopted it and how sophisticated they are has, has surprised me.
[00:07:19] And of course, all we see on our news feeds is how AI is promising greater efficiency, but criminals are using the same technologies to scale their operations as you're highlighting here. But are there any big lessons that leaders listening to this podcast today can learn from the speed at which attackers are adopting AI?
[00:07:38] I think the biggest thing is they need to take security really seriously. I think a lot of, a lot of folks give lip service to it, but they don't have anything in place for the kind of attacks that are coming. So one of the biggest things is consume, consume an employee's personal cell phone. That's an attack vector. Now with AI, they can figure out what company you work with, who's all the employees, what's the best way, what do they do? What's the best way to attack them? And they're not going to call on your device at the company.
[00:08:08] They're going to call on the company provides. They're going to call on the person's personal phone, which they figure out with the right attack vector and do their social engineering with AI helping them. And I think that's going to be the biggest thing that everybody's got to watch out for. You're only as good as your weakest link. Your weakest link is some employees, personal cell phone.
[00:08:25] And precision targeting is something that has been a major concern for some time and increasingly growing there. And if you know, for example, the CEO is at a conference one weekend, he could easily fake that person's voice and call the CFO and ask for something to be transferred somewhere. It's a scary thought.
[00:08:43] And I think especially when sensitive personal data falls into the wrong hand. So the question I've got to ask you is how can organizations better balance personalization with privacy and ethical responsibility? That's a really tough question because the more personal data you have, the better experience you can provide. Right. And so like for us, we don't we're lucky. We don't need a lot of personal data, but we still need to know this robocaller called this phone number.
[00:09:11] And here's what they did in order to do our job. So we try to really minimize what we use. And that's that's kind of our whole philosophy is minimize the personal data you have to get the experience you want. A lot of times I think people collect everything and say, hey, we got all this stuff. Let's go use it. You know, the more we have, the better. It's not the more you have, the more the attackers are going to get when they do a data breach.
[00:09:33] So it's really carefully designing stuff there. Personal data is helpful, right? You can't have a bank, you know, do a banking app without knowing somebody's bank account number. But how much else do you need to know? Do you struggle to keep your AI agents from acting outside of compliance? Well, Denodo provides an AI data layer connecting your data systems, keeping guardrails consistent across all of your data platforms.
[00:10:00] So start scaling your business carefree with Denodo. And you can do that by visiting Denodo.com to learn more. But now on with today's show. And you don't have to mention any names here, but to bring to life the kind of solutions and best practices that can be put in place.
[00:10:18] Are there any practical changes that organizations working with you have made after recognizing that traditional inbound communication and their traditional verification processes are no longer enough? Is there any examples you can share of how they've changed and the benefits they've enjoyed as a result? I think there's two things. So most of the organizations we've worked with have used us to protect their customers from brand impersonation scam.
[00:10:43] So they've hired us to monitor what's going on out there. What are the threats? How big are they? And then how do you disrupt those threats? How do you work with carriers that are allowing someone to make all these calls to their customers? Well, they've started to realize that same thing applies to their employees. So let's monitor the threats for our employees. And one of the best things they can do is make sure the employees are running apps like ours on their phone that are collecting the data we need to understand what those threats are.
[00:11:10] So to summarize, it's all about monitoring. You need to be able to monitor what's going on. What are the threats that are out there and be able to move very fast to try to disrupt them? Once they get established, it's a real problem. And on a personal level, you're an entrepreneur with what, 25 plus years experience in the tech industry. You've got so much expertise spanning telecommunications and security. I think you've also got 30 plus patents in these fields.
[00:11:34] Did you ever see it heading this way or the state that we're in now and the scale of the threats? Did you all always see this coming or has it took even you by surprise? I think it took me somewhat by surprise. I've always been aware of threats on a computer, right? I've used computers forever and there's been viruses forever. And, you know, it's one of those things that's obvious. I think I didn't realize that once everybody had a phone in their hand, that would become an attack vector.
[00:12:00] And it would be that easy to use the public telephone network as the way to do those attacks. And now you throw AI on top of it. You've got this chain of events. Everybody's got a device in their hands. The threats can get right to the people and you've got great tools for doing the threats. Like, I think that combination I didn't see long ago.
[00:12:20] And if you could give every business leader listening to this podcast today all around the world one piece of advice about how they should be preparing their organization for this next generation of AI-enabled fraud that we're talking about here, what would it be? Because we've probably set off a few light bulb moments and a few scare factors out there as well. Anything that they should be doing that you would recommend?
[00:12:41] I think it comes down to taking it seriously, which means real budget, real teams, really working with third parties to understand what the threats are and to try to work to minimize them. I think a lot of folks are not taking it as seriously as they need to. And then finally, there's a social engineering attack. And then there's a breach. And now they're all of a sudden in a huge problem. And so it's really reviewing what they're doing. Find that weakest link and pay attention to your employees' cell phones.
[00:13:10] Those are where a lot of these are starting. And for people listening, whether they are in the office or just want to better protect themselves from a personal point of view, how do they get up and running with you now? What can they expect? How do they get involved there? So if you're an individual and you want to protect yourself, you just download our app. You go to the app stores, download email, go to email.com, follow the directions. You're up and running in a few minutes and you're starting to get some level of protection. Then you can kind of work your way up to more and more protection over time.
[00:13:39] If you're a business, what you can do is go look at emailps.com. That's email protective services where we provide services to block bad calls at the network level. If you're a carrier to tell you where you're putting this data on that's bad, who are your bad customers? We help you find all that so you can keep your network clean. If you're an enterprise, we can monitor your phone numbers and say, here's what we're seeing, right? Here's the scams that are out there using your numbers, right? Or sometimes even like, well, here's how you're not complying with the law and you have a problem.
[00:14:10] So it's a lot about we provide those services I talked about to monitor and then disrupt the fraud for enterprises. Awesome. And for anybody interested in carrying on this conversation we started today and keeping up to speed with some of the announcements and what you're seeing coming out, this space is moving so quickly at the moment, especially with how scammers are combining AI's voice cloning, call fingerprinting, and message level analysis to optimize their campaigns.
[00:14:38] Tell me more about where they can find more information about anything we talked about today. So you can start at YouMailPS. Our blog at YouMailPS.com tries to address these various issues. Follow us on LinkedIn. Follow me on LinkedIn. I'm Alex Kalichi at Umail. It's pretty easy to find. And we talk a lot about this and what's going on. It's not all a sad story. You are actually seeing things like the FCC shut down carriers that have been putting a lot of fraud on the network.
[00:15:06] You're seeing Google sue, I think it's a $1.9 billion lawsuit against a bunch of people who had phishing kits and things and fake websites used to leverage Google to go after their customers. So there's a lot of positive stuff too, and we actually try to talk about that quite a bit. I was going to say, what makes you hopeful and optimistic about the future? We have talked around a lot of the dangers today and how the attacks are getting more sophisticated. What makes you most hopeful and optimistic about where we're heading?
[00:15:34] I think we see progress. So we've seen carriers that used to have a lot of crummy stuff that was winding up on the phone network, and they're really clean now. We saw massive brand impersonations on some of our customers, and they've gone down to not zero but near zero, right? From tens and 20, 30 million calls a month to 100,000. So you can make progress. It's just everybody's got to be working together and doing this. The bad guys will always find the weakest link.
[00:16:02] Well, we've covered a lot today around the rise of highly personalized AI scams, how AI is accelerating fraud, precision targeting vulnerable populations, and how some of the implications can impact both consumers and businesses. But as you said, there is room for optimism here. You've seen spam calls go from, what, millions to thousands, which is a huge step forward. So I encourage anyone listening interested in this, and let's be honest, it impacts each and every one of us.
[00:16:31] Go check out the links associated with this episode over on the blog post at techtalksnetwork.com. But more than anything, Alex, thank you for shining a light on this. Really appreciate your time today. Thank you for having me on. I think today's conversation was a timely reminder that the battle between attackers and defenders has entered a new phase. Yes, AI is helping criminals move faster and target victims with greater precision.
[00:17:01] But it's also giving security teams new ways to detect, disrupt, and stop those attacks before they spread. And I think we did talk a lot about the problems today, and Alex left us with an encouraging message. Progress is possible when businesses, technology providers, and regulators all work together rather than isolation.
[00:17:26] And it is possible to reduce those fraud calls from millions down to thousands. But I'd love to hear your thoughts. Have AI-powered scams changed the way that you answer calls and the way that you trust messages or verify someone's identity? Let me know. techtalksnetwork.com. Send me an audio message over there. Connect with me on socials, but don't just hit follow. Send me a little message and I'll get straight back to you. But that's it for today. So thank you for listening.
[00:17:57] And I'll speak with you all again very soon. Bye for now. Bye for now.

