AI is making phishing scams more dangerous

AI chatbots have taken the world by storm in recent months. We’ve been having fun asking ChatGPT questions, trying to find out how much of our jobs it can do, and even getting it to tell us jokes (Spoiler Alert! Part of this blog was written by a chatbot… can you spot the real from the fake?).

But while lots of people have been having fun, cyber criminals have been powering ahead and finding ways to use AI for more sinister purposes.

They’ve worked out that AI can make their phishing scams harder to detect – and that makes them more successful.

Our advice has always been to be cautious with emails. Read them carefully. Look out for spelling mistakes and grammatical errors. Make sure it’s the real deal before clicking any links.

And that’s still excellent advice.

But ironically, the phishing emails generated by a chatbot feel more human than ever before – which puts you and your people at greater risk of falling for a scam. So we all need to be even more careful.

Crooks are using AI to generate unique variations of the same phishing lure. They’re using it to eradicate spelling and grammar mistakes, and even to create entire email threads to make the scam more plausible.

Security tools to detect messages written by AI are in development, but they’re still a way off.

That means you need to be extra cautious when opening emails – especially ones you’re not expecting. Always check the address the message is sent from, and double-check with the sender (not by replying to the email!) if you have even the smallest doubt.

Here are some ways in which AI can be used to make phishing scams more convincing:

1. Personalization: Attackers can use AI to create emails that are personalized to the individual receiving them. The email might address the person by name, reference recent purchases or other activities, and use other details that suggest the email is legitimate. This can increase the chances that the person will click on a link or provide information.
2. Contextual information: AI can also be used to gather information about the person being targeted, such as their location, interests, and online activity. Attackers can use this information to create a more convincing scam that appears to come from a legitimate source.
3. Natural language processing: AI can be used to analyze and mimic the writing style of a company or individual, making it more difficult to spot a phishing email. Attackers can use natural language processing to create emails that sound like they were written by someone from a trusted organization.
4. Deepfakes: AI can be used to create convincing deepfakes that look and sound like real people. Attackers can use deepfakes to impersonate someone the victim trusts, such as a CEO or family member, and then ask for sensitive information.
5. Automated phishing attacks: AI can be used to automate the process of sending phishing emails, making it easier for attackers to reach a large number of targets. Automated phishing attacks can also be more sophisticated than traditional phishing attacks, making them harder to detect.

These are just a few examples of how AI can be used to make phishing scams more convincing. As AI technology continues to evolve, it’s likely that attackers will find even more creative ways to use it. To protect yourself from phishing scams, be cautious when opening emails from unfamiliar senders, double-check the URL before entering any sensitive information, and keep your software and security systems up to date. Remember, if an email or message seems too good to be true, it probably is.

If you need further advice or team training about phishing scams, just get in touch.

Published with permission from Your Tech Updates.