Cyber Experts Share Tips to Avoid AI Phishing Scams

Kurt ‘The CyberGuy’ Knutsson offers practical advice on steering clear of AI-generated phishing scams. He also discusses unsettling reports about North Korean operatives disguising themselves as IT workers to fund the country’s nuclear endeavors.

Artificial intelligence has a lot of potential. Whether you’re drafting an email, job hunting, or focusing on your health, AI tools can assist. But there’s a darker side, too. Cybercriminals are leveraging AI to create more sophisticated phishing scams designed to trick people into giving away personal details or even money. For instance, a woman recently lost $850,000 after being convinced to send money to someone posing as Brad Pitt with the help of AI. It’s alarming, to say the least.

The good news is, spotting red flags can help you protect yourself. But first, let’s clarify what an AI phishing scam is.

Understanding AI Phishing Scams

AI phishing refers to hackers using artificial intelligence to create more believable scams. By crafting emails, messages, and even audio or video clips that look genuine, they make it increasingly challenging for individuals to differentiate between what’s real and what’s fake. Unlike traditional phishing emails, which often contained obvious typos, AI-generated scams can appear polished and professional.

Besides emails, hackers are also employing AI for more deceptive tactics, such as:

• Voice Clone Scams: They mimic the voices of people you trust, like family or friends.
• Deepfake Video Scams: They create lifelike videos of recognized individuals to manipulate targets.

Recognizing these scams before you fall prey to them is crucial.

1) Look for Phishing Email Red Flags

Even with the use of advanced AI, phishing emails still display telltale signs. Here are some classic red flags:

• Suspicious Sender Address: This often doesn’t align with your organization’s domain.
• General Greetings: Meet “Dear Customer” instead of your name.
• Urgency: Pushing for quick action.
• Unrequested Attachments: Links demanding immediate action.

The sender’s email address is often a significant indicator. Hackers may use addresses that look similar at a glance, like xyz@PayPall.com, to trick recipients.

2) Analyze the Language Patterns

Previously, spotting phishing emails was easier due to glaring typos. With AI, these emails might appear flawless. However, if you inspect the language, you might notice a certain formality or awkwardness, which can raise suspicion. The tone can feel a bit robotic.

3) Watch Out for AI Voice Clone Scams

Given advancements in AI, voice cloning is on the rise. Recently, a fraudster managed to steal a significant sum by mimicking a trusted voice. While these clones have improved, flaws still exist. By asking specific questions that only the real person would know, you can verify their identity. Also, voice cloning sometimes has an artificial sound, so asking a variety of questions can help confirm it’s really them.

4) Identify Glitches in Video Calls

Even though deepfake videos are remarkably convincing, there are still inconsistencies that can reveal them as scams. Watch for unnatural movements, poor lip-sync, or strange lighting. These discrepancies can serve as warning signs.

5) Set Up a Shared Secret

This is a simple yet effective measure: have a secret that only you and your loved ones share. If someone contacts you claiming to be a friend or family member but can’t answer, it’s likely a fraud.

How to Protect Yourself from AI Phishing Scams

AI phishing scams work by deceiving individuals into believing something that seems authentic. To minimize your risk, stay alert and practice safe online habits. Here’s how:

1) Be Cautious About Unsolicited Messages

Don’t trust unexpected emails, texts, or calls requesting money or personal information. Scammers often create a sense of urgency, making you act impulsively. Take your time, and if something feels off, it might just be.

2) Use a Data Deletion Service

Consider utilizing a reputable data deletion service. While no service can ensure complete removal of your information from the internet, it can help limit what’s available. The less personal data exposed, the harder it becomes for scammers to exploit you.

3) Check Links and Use Reliable Antivirus Software

Malicious links can be cleverly concealed. Hovering over a link gives you a peek at the actual URL before clicking. Trust your instincts; if it looks strange, skip it. Installing robust antivirus software across your devices can also help shield you from phishing attacks.

4) Enable Two-Factor Authentication

Even if your password gets compromised, two-factor authentication can provide extra security. Activate it for your email, banking, and social media accounts.

5) Limit Information You Share Online

The more you share, the easier it is for hackers to craft a convincing fraud attempt. Avoid posting sensitive information that could assist scammers.

6) Verify Requests Through Separate Channels

If you receive a suspicious message asking for urgent action, use another method to verify its authenticity. This might involve directly calling the person using a known number or contacting their official channels.

Key Takeaways

While AI is making scams increasingly believable, being aware of the warning signs can help you protect yourself. Stay alert for suspicious emails, unusual patterns in language, and discrepancies in voice and video calls. Establish shared secrets with loved ones to safeguard against voice and video fraud.

Have you encountered an AI-driven phishing scam? What do you think is the best strategy to identify these threats?