You must have seen the rise in AI-driven technology. It has taken over our feeds, with many organisations adopting AI-powered tools to make themselves more efficient or give a better experience for those using their services.
Cyber criminals are always looking to exploit new technology, and AI is also supercharging cybercrime. With advancements in technology, scammers are employing more sophisticated methods to exploit individuals using AI-powered tools. These scams utilise artificial intelligence to automate and customise fraudulent activities, resulting in greater credibility and enhanced difficulty in detection.
The Evolving Landscape of Scams
Throughout history, scammers have utilised a range of traditional techniques to exploit and defraud individuals. These methods include phishing emails, phone scams, identity theft, pyramid schemes, and advance-fee fraud. Nevertheless, with the emergence of AI, scammers are revolutionising their strategies profoundly, leading to a significant transformation in their approach to deception and fraud.
All of a sudden, we have access to technology that can create human-like responses using natural language processing, which for example, when integrated into a Chatbot, can mimic a natural human-human conversation. We also can create an image by simply inputting a prompt into a piece of software such as Midjourney; we all saw the Pope in a puffer jacket, right?
ACFE highlighted the fact that with every new technology, there is the opportunity to use it for legitimate and illegitimate reasons, and AI is no different. It is a fast-paced, growing sector with many changing regulations regarding governance and use, and this also allows cyber criminals to find and exploit loopholes as we adjust to implementing this new technology.
Not only are these AI tools easy to master due to their understandable UI and input systems they are readily available, with many of them being free or low-cost to utilise. AI-driven tools allow scammers to enhance and layer their approach to deception. It is causing continued issues when individuals like you and me have to look even deeper to reveal the fraudulent behaviour within a scam driven by AI.
AI-Powered Scams in Action
Let’s chat about ChatGPT, to begin with….. This AI tool has been the star of accessible AI tools and is praised for its ability to generate human-like text…. And there is a problem when we examine how it can empower scams online.
The generation of natural language text by ChatGPT presents a potential risk when it falls into the wrong hands. Cyber criminals can exploit this capability by utilising ChatGPT to craft convincing phishing emails or messages that mimic legitimate sources like banks, GP surgeries, or educational institutions. These fraudulent communications aim to deceive individuals into disclosing personal information or making unauthorised money transfers. ChatGPT can also be misused to generate phone scripts, enabling fraudsters to impersonate customer service representatives and manipulate unsuspecting individuals into revealing sensitive information.
It gives the criminals access to a foundation to start with; ChatGPT can generate full ideas or flesh out plans from a single prompt, making it easier and quicker for a scammer to create a story that feels legitimate to the victim.
Michigan.gov explains that alongside text begging used to enhance scams online, AI-powered tools can also help scammers to fake voices, imagery and video to make a scam seem more and more believable. It becomes challenging to dispute a story or an individual when they can provide multiple layers of evidence and appear more realistic.
Safeguarding Against AI-Enhanced Scams
Protecting against AI-driven scams requires a combination of vigilance, awareness, and security measures and at Core to Cloud, we want to ensure that you and your key assets are safe.
Here are some steps you can take to safeguard yourself
1. Be cautious with personal information
Avoid sharing sensitive information, such as passwords, financial details, or personal data, unless you are sure about the legitimacy of whom you share them with. Be wary of unsolicited requests for personal information, even if they appear to come from trusted sources.
2. Know who you are talking to
Independently verify the identity and legitimacy of individuals or organisations before providing any sensitive information. Use official contact information obtained through reliable sources rather than relying solely on communications received via email, social media, or phone calls. Remember that Banks, for example, don’t require you to share passwords or give access to your accounts.
- Trust your gut
Trust your instincts if something feels suspicious or too good to be true. Don't let urgency or excitement override your judgement. Before proceeding, take the time to verify information or seek advice from trusted sources. Listen to your doubts and make sure you get them checked before continuing.
- Install anti-malware and anti-phishing software
Utilise reputable security software such as Abnormal Security Solution, which includes features to detect and block malicious software, phishing attempts, and other online threats. Keep the software updated to benefit from the latest security patches.
Another area that you need to exercise caution within is emails and messages. Be vigilant while opening email attachments or clicking on links, especially if they are unexpected or come from unknown sources. Look for signs of phishing, such as misspellings, grammatical errors, suspicious email addresses, or requests for urgent action. Emails phishing is one of the most straightforward scams to fall for, and due to the enhancements within AI, you will need to look closer to ensure you are safe.
At Core to Cloud, we also suggest that you use all of the security measures that you have access to; this can include things like making sure you have a strong password that was created by a trusted generator, turning on 2-factor authentication when it is available and also staying informed on trending threats or issues.
We need to work together to combat these types of scams that are enhanced by AI and also be mindful that those within our networks who are less technical-minded may need additional support. As organisations and sector leaders, we also need to advocate strongly for increased training, transparency and understanding of these tools when integrated into our businesses and workflows.
At Core to Cloud, we are often found shouting about the importance of cyber security and online safety, and we are not afraid to report issues we see and patterns or emerging trends we encounter. If you encounter any suspicious AI-driven scams or fraudulent activities, report them to the relevant authorities, such as your local law enforcement agency, the FTC, or your country's equivalent consumer protection agency.
Feeling a little overwhelmed? If you need to discuss any of the above or are worried about integrating AI into your organisation and want to ensure your critical assets are safe, then let us know. One of our team is on standby, ready to discuss all things cyber security; you can contact us here (Contact)