In a worrying display of social engineering sophistication, a multinational company was defrauded of $25 million through an intricately planned deepfake scam. This scam brilliantly utilised deepfake technology to impersonate the company's Chief Financial Officer (CFO) during a video conference call, as reported by the Hong Kong police. Read the full story here

‍

Attackers already use AI chatbots to write personalised emails used to steal information or convince people to click on malicious links. This is why everyone must understand the power of AI and what it means to the future of productivity and security.

‍

How AI is revolutionising cyber attacks

The rise of AI offers several benefits to society at large. It also ushers in security concerns. Social engineers are already using Generative AI to create sophisticated phishing campaigns. As a quick refresher, social engineering is the art of misleading people via psychological manipulation. It’s not hard to imagine how social engineers could use AI to power their attacks.

‍

Here are a few examples: 

• ‍Impersonation :Given that AI can create realistic video or audio recordings, attackers can use it to generate content that appears to come from a trusted individual saying or doing something they aren’t. This is known as a deepfake — a dangerous tool used to deceive the public. 

• ‍Voice Phishing: Another form of impersonation is voice phishing, also known as vishing, is where attackers attempt to scam people over the phone. With AI, this becomes even easier. A small sample of someone’s voice can be used to generate speech that sounds like a real person, which can trick people into believing they are talking with someone they know. 

• ‍Automation: Time is money. Through AI automation, social engineers can cast a wide net and increase the volume of their attacks. This process requires less effort on the attacker’s part and means they can target more people, increasing the chances of successfully scamming someone.

• ‍Reconnaissance: AI is especially effective at mining social media and other online platforms to gather detailed information on potential targets. In the past, it could take weeks or months for a social engineer to perform that task. AI can do it in seconds. 

‍

Those examples of AI-powered attacks barely cover the scope of how social engineers use modern technology to leverage classic scams. Avoiding those scams requires everyone to maintain a heightened sense of awareness, especially when prompted to provide money or confidential information. 

‍

When you encounter anything suspicious, trust your instincts and remain skeptical. When at work, report it immediately.

‍

There is reasonable concern that it will be more difficult than ever to identify AI-powered attacks. Here’s what you can do to stay safe both at work and home:

‍

Remain skeptical and thorough

‍The power of AI means that everyone needs to take extra precautions as a part of their daily routines. For example, when handling emails, thoroughly inspect the entire message and never open random links or attachments. 

‍

Follow the signs

‍Even if AI helps attackers hide their intentions, there will still be warning signs. Stay alert for common indicators of scams, such as threatening language, urgent messages, and suspicious requests. 

‍

Don't blindly trust people; the zero trust model

The zero trust model assumes everything is untrustworthy until proven otherwise — a great approach to security. Generally, never assume someone is who they claim to be, regardless of how they engage with you. 

‍

Follow policies

‍Always following policy is a simple and effective way to maintain security. If you’re allowed to use AI tools for work, be sure you understand your organisation’s guidelines regarding the use of AI at the workplace. 

‍

So stay alert and informed, and remember that human intelligence remains the best defence against modern attack methods. 

‍

__________

‍

For businesses working in Africa, Kora provides All The Support You Need ™️ to start and scale with delightful payment products in pay-ins, payouts and settlements.

‍