Here’s how to see through an AI-generated scam, according to Norton’s Dean Williams
Bad-threat actors are increasingly using AI to improve the believability of their scams. But there are ways to see through them.
The days of being able to spot a scammer through their poor use of the English language or simple mistakes are long gone.
Artificial intelligence is increasingly being used not only to develop scams but to find out where potential victims work and to come up with better ways to extort money.
However, one expert believes the average Australian should still be able to spot a scam a mile away with a few simple tips up their sleeve.
Dean Williams, a senior systems engineer at cybersecurity and virus protection company Norton, said scammers were now using generative AI technologies to create video, imagery and texts to improve their attempts to trick users into giving away money.
But despite having a plethora of new tools up their sleeves, the main goal of scamming remained the same: to extort money.
“When trying to understand scams even at their most sophisticated level, first and foremost, it is important to recognise that the main goal of a scammer is to extract money from you or steal personal or financial information,” Mr Williams said.
While at a simplistic level the average scam will no longer be riddled with grammatical errors, scammers will use the technology to generate accompanying content.
“AI-generated content still may have flaws in language usage, grammar, or spelling. Look for inconsistencies or errors that are uncharacteristic of professional communications,” Mr Williams said.
“Pay attention to the tone and behaviour of the communication. AI-generated scams may lack the human touch and exhibit robotic or overly formal language. They may also fail to respond appropriately to questions or statements,” he said.
And when there aren’t errors or inconsistencies, Mr Williams said users should consider whether the scam was too good.
“It could seem counterintuitive, but AI-generated scams can sometimes appear remarkably high quality. Look for signs of excessively flawless content like images or videos that appear too good to be true,” he said.
HOW GENERATIVE AI HELPS SCAMMERS
While most AI engines can pick up when asked to respond to an unethical query, bad-threat actors are able to get around this by prompting these systems to replicate a message from a certain company, Mr Williams said.
“Malicious actors can feed AI, like Chat GPT, with real-life examples of non-malicious messages from the companies they want to impersonate and order the AI to create new ones based on the same style but with malicious intent,” he said.
“This act can make phishing emails or social media posts more difficult to detect and defend against. In fact, even OpenAI has a hard time deciphering whether text is AI-generated.”
Scammers were also using technologies to create deepfake videos and voice impersonations.
“Outside of phishing scams that are text, scammers that have access to AI can create content that are video, image and voice-generated type scams. These scams happen through phone or video calls and often impersonate being a friend or family member, or a government or financial institution, “Mr Williams said.
UNUSUAL REQUEST
It pays to be wary of unusual or sudden requests for financial details, personal information or actions requiring immediate action.
Scepticism was almost always to the benefit of the user, Mr Williams said, adding that “being sceptical is needed in situations where you don’t feel like something is right, including most of the unsolicited messages you receive”.
“Always be cautious when clicking on links or providing personal information in response to unsolicited phone calls, emails, or messages. When in doubt, reach out to the company directly through their official channels. If you are unsure, even if you think you are being overly sceptical, it is good practice to verify,” he said.
SEASONAL TARGETING
Bad-threat actors typically used certain events, festivals and financial periods to fool their targets. One major example in Australia included the end of the financial year, Mr Williams said.
“It is smart to also be wary of seasonal campaigns, as scammers will choose a moment in time to make scams more believable and relatable,” he said.
“This social engineering tactic is to heighten your emotion, especially if the request is urgent or too good to be true.”
Most legitimate organisations had protocol to follow when asking for personal information and methods for collecting sensitive data, and were unlikely to ask for it unsolicited.
Whenever a link is embedded in an email, the recipient should always hover over it to see the URL destination. Shortened URLs should always be avoided and domains should match the organisation the email comes from, Mr Williams said.
Unexpected communications were typically a dead giveaway that a message was from a scammer and, if in doubt, the recipient should always independently verify that the organisation had made the request.
“Don’t rely solely on the contact information provided in the suspicious message, it could be phishing,” Mr Williams said.
Scammers often moved quickly and adapted to new technologies as well as fads so it was important for people to always remain vigilant.
“Trust your instincts, they’re probably right. If something feels off, very rushed, or too good to be true, or if you suspect a message or communication is machine generated, err on the side of caution and don’t reply,” Mr Williams said.
More Coverage
Sex and out for tech billionaire as ex-lover dines out on his downfall
Just as embattled billionaire Richard White was announcing his exit from WiseTech amid a string of damaging claims, the woman he tried and failed to sue over $90,000 worth of furniture was strapping on her high-heels | VIDEO
Crims snatch passport, drivers’ licence data in Home Affairs hacking debacle
Cyber criminals have accessed sensitive visa and passport details, drivers’ licences and other personal information held by a Department of Home Affairs contractor.