Generative AI is making a lot of common tasks easier, but it’s also making common scams easier by giving criminals the tools to create convincing fake messages, images, and even videos. Fortunately, there are some simple steps you can take to protect yourself and others from these versions of old scams, which I’ll describe below:
Scam: Fake Family Emergencies
A common online scam that many quickly dismiss is a fake message, often from a hacked account, saying a family member needs help — and money. But what about when it’s the realistic-sounding voice of a pleading family member? As we’ve covered in a past article, AI voice cloning has progressed to the point that any person’s voice can be replicated accurately enough to be difficult to identify over the phone, and bad actors have begun using this technology to target everyday people with calls from a fake version of their family member. These calls can be presented as the family member being held hostage, or as them needing money due to a sudden emergency. Either way, these scams prey on the target’s compassion and/or trust from those closest to them to circumvent any skepticism or critical thought and move the target to immediate – and costly – action.
Defense: Create a Code Phrase
The voice sounds like your loved one, but is there any way to check? McAfee recommends the creation of a secret phrase that your friends and loved ones agree upon ahead of time as simple and effective way to protect you and your loved ones from this type of scam. Whenever a friend or family member needs help, they include the special word or phrase in their call. Since only your friends and family know the phrase, this serves as a way of ensuring the request for help is authentic.
Scam: Fraudulent Institutional Calls
Scammers frequently call and pretend to represent a business, financial institution, or government entity. This serves two purposes: first, those are all types of entities that consumers expect would request payments. Second, consumers often defer to the authority of large organizations, as a deferential target is more likely to send money or information without considering whether the call is legitimate. This type of scam has been done for years, but with the advent of voice cloning AI, the cost of performing these calls has decreased dramatically while the scam calls themselves have become more believable.
Defense: Hang up and Call Back
The NYC Department of Consumer and Worker Protection recommends hanging up and calling the institution back using a trusted, publicly published number. This ensures that you’ll be speaking with the institution itself, not someone pretending to represent it. You can follow up with the request you received and, if it was legitimate, get it taken care of while having confidence that your money is going to the right place.
Scam: E-Mail & Text Phishing
E-Mail and text phishing (smishing) have been threats to information security for decades, but the advent of powerful AI chatbots has made drafting and editing fraudulent messages much cheaper, faster, and more scalable than it has been in the past. Message generation and spam filters are both AI-driven and are locked in an endless back-and-forth, which leaves normal people vulnerable whenever filters fall behind.
Defense: Check Link URLs and Don’t Download Attachments
Thankfully, the evolution in volume and sophistication of the fraudulent messages only affects the message itself, and the most important things to do whenever your receive a message or email haven’t changed: always check link URLs before navigating to any link in an email, and never download attachments unless you were either expecting that attachment, or you trust the person who sent it and they can affirm that they intended to send it to you. People you trust can have their email accounts compromised, so you should always consider a link or attachment to be dangerous until you’ve verified that they aren’t.
Broader defenses against most scams
There are also some steps that you can take to protect yourself, which apply to any scam and to other forms of fraud:
- Multifactor authentication: Every online account – particularly any linked to payment methods for your financial institutions – should be set up with multi-factor authentication. The gold standard of protection is a hardware device (such as a YubiKey), but hardware tokens can be expensive and inconvenient. The two most common techniques are time-based codes using an authentication app such as Google Authenticator, and codes sent via text message. If you have a choice between an app or text message, the app is the more secure option.
- Annual credit reports: Checking your credit report on a regular basis will help ensure that you’re aware if your identity is stolen and used to open new lines of credit, or if an old, unused credit card has been stolen and used to make purchases without your knowledge. Each of the big three credit agencies provides at least one report a year for free as required by law, which allows a person to check their credit in detail once every four months for free.
- Education: The best way to protect yourself and your business is to stay informed, to know what scams are out there, and to keep up to date on the latest recommendations by the security industry on how to protect yourself. Securing your personal information and business data is an ongoing and ever-evolving process.
How Tangible Security can help your organization protect employees from online scams:
Tangible Security can help you create a culture of security and compliance in your organization with an array of options for targeted training. We are a certified reseller of industry-leading compliance and security awareness training, and provide managed or unmanaged offerings, as well as in-person, webinar, or live awareness training. Mitigate risks and make your employees your first line of defense against cyber threats.
Recent Comments