How to Protect Yourself Against AI-inspired Phishing Attacks, by Shuaib Shuaib Agaka
Recently, the National Information Technology Development Agency (NITDA) warned that Artificial Intelligence (AI) is fuelling phishing attacks as fraudsters have become more adept at using the technologies in their phishing attempts.
“Lately, these bad actors have taken things up a notch by leveraging Al to improve the sophistication of their attack approaches. This involves using Al to conduct thorough research on potential victims and creating personalised messages to effectively deceive them into divulging sensitive information. This advanced approach shows how phishing attacks are getting more sophisticated and finding new ways to catch people off guard,” NITDA stated.
As technology advances, so do the methods employed by cybercriminals. In the present digital age, phishing attacks have become more sophisticated, requiring innovative solutions for detection and prevention.
Phishing attacks have evolved beyond simple emails requesting sensitive information. Today, cybercriminals employ advanced social engineering techniques, creating deceptive messages tailored to specific individuals or organisations.
Phishing attacks are fraudulent emails, text messages, phone calls, or websites designed to trick users into downloading malware, sharing sensitive information or personal data (e.g Social Security and credit card numbers, bank account numbers, login credentials), or taking other actions that expose themselves or their organisations to cybercrime.
Earlier before the intervention of AI, phishing attacks could be easily detected by poor spelling, abysmal grammar, and irrelevance of a message to the receiver. However, AI technology is enabling phishing to be more sophisticated. With AI, fraudsters can communicate more clearly, scale their attacks, and send messages that appear to be relevant to the receiver.
A lot of fraud detection software relies on keyword detection or filtering exact text strings/phrases, but this tactic no longer applies when the copy is free of traditional tells.
Read Also:
Fraudsters can also use generative AI to crawl social media platforms and the internet for user-generated content and other public information. The result is phishing emails, SMS, and direct messages on highly personalised social platforms that are hard to distinguish from genuine correspondence.
Here are 5 Ways to protect yourself from phishing attacks:
1. Verify Identities: Always verify the identity of the person or entity you are dealing with, especially when sharing sensitive information or making financial transactions. Use two-factor authentication whenever possible and never give a chatbot or person over the phone your two-factor code. No legitimate company will ask for it. Don’t call the number provided on a suspicious or out-of-the-ordinary email.
2. Use Strong Passwords: Create strong, unique passwords for your online accounts and consider using a password manager to keep track of them. If you are requested to use a minimum of a certain character, use more than the minimum i.e. if the request is to set a password with a minimum of 8 characters, use 9 or 10. The more characters can dramatically create more complexity for your password to be cracked. Avoid using your date of birth, surname, or other names as passwords.
3. Beware of Urgency: Scammers often create a sense of urgency to pressure you into making quick decisions. Be skeptical of requests for immediate action and take your time to validate any unusual requests. Beware and be brave enough to say no!
4. Think before you click: A prevalent phishing tactic involves disseminating deceptive messages on social media platforms, wherein individuals can be falsely informed that the federal government is distributing a specified sum of money. Subsequently, recipients are prompted to click on a provided link to purportedly claim the funds. Exercise caution and refrain from clicking on the provided link or divulging any personal information on the website to avoid potential risks or fraudulent activities. Our phones are also computers. All it takes is one click on a “bad” link to download malware to your computer or mobile device.”
5. Keep your software updated: AI can identify vulnerable devices by scanning for specific software versions, device models, or security vulnerabilities. To keep your devices safe, ensure your hardware, software, and apps are always updated to secure vulnerabilities malware may exploit.
Shuaib Shuaib Agaka writes from PRNigeria Centre Kano