Don’t Let AI Outsmart You
Since the launch of ChatGPT, the use of generative AI has exploded and cyber criminals have taken notice. Artificial intelligence (AI) is revolutionizing how scams are carried out, making them more convincing, harder to detect, and more dangerous than ever before.
Last week, we talked about how hackers are using generative AI to create deceptively realistic phishing emails. AI can be used to impersonate a voice or brand with uncanny accuracy and precision, raising concerns about the erosion of trust in digital communications, and presenting significant challenges in distinguishing between genuine and malicious interactions.
Let’s look at some other ways scammers leverage generative AI to commit fraud
Deepfakes
Deepfake technology uses AI to create realistic fake videos and images. Scammers can manipulate videos to impersonate public figures to get you to spend money or influence your opinions. They can also impersonate people you know. In one case, a finance worker paid out $25 million dollars to scammers after a deepfake video call with his “CFO”.
- Face swapping: One person's face is replaced by someone else's and inserted almost seamlessly into another context, so it can be used for a different purpose.
- Expression Transfer: A person's real face is manipulated to alter their facial expressions.
- Full body puppetry: This deepfake technique manipulates the entire body of the targeted person so that they appear to perform completely new actions.
Voice Cloning
AI can now replicate someone’s voice with just 30 seconds of audio. Imagine someone calls you to ask if you want to buy an extended warranty for your car, and when you decline, they ask you a few more short questions designed to capture more of your voice. You may not realize it, but your voice has been stolen forever, and a scammer can now make you say anything they want!
Scammers can use this technique to impersonate people you trust. Because the voice sounds exactly like your child, spouse, or boss, your instinct is to react immediately and not think before you act. In just a few moments, you’ve fallen victim to the scam by wiring money or sharing sensitive data.
How to Protect Yourself
While there may currently be ways to identify subtle abnormalities in AI-generated images and text, AI technology is rapidly advancing, and these techniques may soon become unreliable. Rather than focusing on whether content is real or AI-generated, the key concern should be whether it is being used to deceive you in some way.
- Remain Skeptical and Thorough: The power of AI means that everyone needs to take extra precautions as a part of their daily routines. For example, when handling emails, thoroughly inspect the entire message and never open random links or attachments.
- Follow the Signs: Even if AI helps attackers hide their intentions, there will still be warning signs. Stay alert for common indicators of scams, such as threatening language, urgent messages, and suspicious requests.
- Establish a code phrase to keep your circle safe: A code phrase is a pre-agreed word or phrase only you and your trusted group know. If you ever receive an urgent call or message, asking for the code phrase is a quick way to verify the person’s identity.
Deepfake scams are sophisticated, but you can keep your head calm and take precautions. A code phrase is a simple, powerful, and very human tool anyone can use to verify identity and prevent scams. Always remember, the most important question to ask yourself when encountering any communication is this:
Is this communication unexpected, and does it ask me to do something I have not done before for this requester?
If the answer is yes, STOP and THINK before acting. Always verify the request through a separate, trusted method before responding or making decisions.
