Sep 04, 2024
AI Social Engineering Scams Are a Growing RiskYour systems are secure, your software programs are up to date, and you’ve run training and testing to make sure your entire team knows how to spot and avoid phishing attempts. You’re feeling pretty confident in your cybersecurity – so confident, in fact, that you’re thinking about going without cyber coverage.
That could be an expensive mistake.
No matter how good your cybersecurity measures are, there are still risks. Cybercriminals are constantly adjusting their strategies and adopting new technologies to make their cyberattacks more successful, so cyber coverage remains a crucial part of any cybersecurity strategy.
When Seeing Isn’t Believing
Emails and text messages can be faked easily enough, but you might think you can trust information that you hear over the phone or see in a video. With modern deepfake technology, that’s no longer the case.
Scammers have used deepfake audio recordings for a few years now. In 2019, Gizmodo reported that fraudsters were able to impersonate a company’s CEO using deepfake audio. The scammers convinced a worker at the company to transfer $243,000.
Now scammers can even impersonate people in video calls. Reuters says a fraudster used a sophisticated deepfake and face-swapping technology to impersonate a target’s friend during a video call. The scammer convinced the target to transfer $622,000 to him.
As deepfake technology improves and becomes more readily available, these types of attacks will likely increase.
ChatGPT Supercharges Phishing Campaigns
Scammers often create phishing emails, text messages and websites to try to trick people into disclosing their personal information. Bad grammar and other mistakes can make the ruse obvious, but tools like ChatGPT may change this.
A CNET writer found that she was able to create phishing emails easily using ChatGPT, while Wired warns that cybercriminals can use ChatGPT and other large language models to run thousands of scams at the same time and in any language. Scammers will no longer be held back by language barriers or time constraints, and the number and sophistication of phishing attempts could skyrocket as a result.
AI and Machine Learning Give Scammers an Edge
Hackers and their targets are in an arms race. As businesses implement better security protocols, such as multifactor authentication and biometric identification, hackers adopt better ways of getting around these measures.
According to Techopedia, hackers are now using AI and machine learning to gain access to accounts. They have many tools at their disposal, including AI-supported password-guessing and CAPTCHA-cracking and penetration testing tools that use machine learning.
Some Attacks Don’t Even Require a Click
Many scams work by tricking the target into making a mistake, whether it’s clicking on a malicious link or giving the scammer requested information. However, some new cyberattacks do not require any action from the victim.
PC Magazine says zero-click attacks are hard to avoid because they exploit existing vulnerabilities in operating systems to circumvent the need for the victim to do anything. The cybercriminal simply needs to send the malware to your device, and even if you don’t click on anything, the malware exploits the vulnerability to gain access to your system. You may not know that anything has happened.
No One Knows What’s Next
Technology is advancing quickly. Right now, ChatGPT, deepfake technologies, AI and machine learning are giving hackers new ways to access systems. Next year, they might be using a new technology that hasn’t even been developed yet.
Cybersecurity is a journey, not a destination. As soon as you create a secure system, new vulnerabilities will emerge. Sometimes, you may be ahead of cybercriminals. Other times, they may be ahead of you. It’s an ongoing struggle, and it requires constant vigilance.
A Three-Pronged Approach
Although the cyber situation can seem bleak, businesses do not have to admit defeat. A three-pronged approach can help businesses control their cyber risks.
- Awareness. Many cyberattacks leverage social engineering to exploit human weaknesses. Businesses need to train all of their workers to be cyber savvy so they can avoid business email compromise schemes, phishing ploys, malicious links and other traps.
- Security. Computer systems need to be set up in accordance with current cyber best practices. This includes encryption and configurations that reduce access to systems, as well as secure networks and up-to-date programs.
- Insurance. Nothing is foolproof, so insurance is still valuable. If a cyberattack occurs, cyber insurance can help you recover from the attack.
Do you need help securing cyber coverage? Tangram’s cyber program covers data recovery expenses, system disruption business interruption, fraud response, computer system extortion coverage, crisis management and more. Whether you’re a broker seeking coverage for clients, or a business seeking to secure coverage directly, we can help. Learn more.