With the widespread of personal speech and development of automatic speaker recognition algorithms， personal privacy protection is in a high-risk situation. Audio adversarial examples can protect personal voiceprint features through disabling automatic speaker recognition algorithms while the subjective hearing of the human ear remains unchanged. We improve the typical adversarial attacks algorithm FoolHD with multi-head self-attention mechanism， and we call it FoolHD-MHSA. First， convolutional neural networks are introduced as the encoder to extract adversarial perturbation spectrograms. Second， we use self-attention mechanism to extract correlation features of different parts of perturbation spectrogram from a global perspective ， focus the network on the important information and suppress the useless information. Finally， the processed perturbation spectrogram is steganographed into the input spectrogram with a decoder to get adversarial example spectrogram. Experimental results show that FoolHD-MHSA can generate adversarial examples with higher attack success rate and average PESQ score than FoolHD.