Phishing attacks are about to get a whole lot more convincing. A new report warns that scammers are now using AI to scrape information about you from your online profiles in order to send hyper-personalized emails which target your login credentials.
By finding out everything from your employer to your interests, scammers can send emails which have a far greater chance of appearing to be genuine …
Phishing has been around forever. A scammer sends out mass emails claiming to be from banks, email providers, crypto currency providers, and popular companies like Amazon and Apple.
The fake content is usually intended to create a sense of urgency. For example, your bank warning you about a fraudulent transaction, Amazon sending you an invoice for an expensive product you haven’t ordered, or Apple telling you your iCloud account is about to be cancelled.
The hope is that victims will be panicked into clicking the link and using their login credentials before they’ve had time to think about whether or not it is real.
Most of these attacks are very generic, but a Financial Times report warns that this is now changing. Scammers are starting to use AI to scrape public profiles in order to generate emails which appear to know a lot about you, and are therefore likely to fool more people into thinking them genuine.
Leading companies such as British insurer Beazley and ecommerce group eBay have warned of the rise of fraudulent emails containing personal details probably obtained through AI analysis of online profiles.
“This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it,” said Beazley’s chief information security officer Kirsty Kelly. “We’re starting to see very targeted attacks that have scraped an immense amount of information about a person.”
Highly personalized phishing emails are also far more likely to make it through filters created by both corporations and email providers like Apple and Google.
Right now, the main targets appear to be corporate employees, with the AI bots even copying the writing style of particular companies from their websites and other public content to add weight to their scams. But it’s likely the same techniques will be used against consumers too, doing things like scraping your social media profiles.
The main safeguard against phishing attacks is to never click on links sent in emails. Always use your own bookmarks, or type in a known URL.
Photo by Tyler Franta on Unsplash
FTC: We use income earning auto affiliate links. More.
