Phishing created with generative AI: how to protect yourself?

2023-11-22 14:24:09

During the end-of-year season, more and more users opt for digital channels to make their purchases. While technologies like generative AI are being leveraged by businesses to improve the online experience, they are also being used by cybercriminals to impersonate trusted brands, causing victims to click on malicious links or open malware-laden attachments.

One of the main channels used in cyberattacks is sending false emails (phishing). Now, with generative AI, they are not only increasing the number of messages, but also their effectiveness, making them more convincing, according to the latest IBM X-Force analysis. To combat phishing attacks with generative AI, here are five recommendations from IBM to protect yourself during the holiday season:

If something raises questions, go straight to the source. If you are wondering regarding the legitimacy of an email, check the veracity of the information directly with the organization or the appropriate person over the phone. Consider choosing a “keyword” that you can use with close friends and family to validate the legitimacy of a call in the case of vishing or AI-generated phone scams (Deep Fake).

Keep your eyes open, always be suspicious. One of most used tactics in the last year is the hijacking of email conversations or thread hijacking, in which an attacker compromises a person’s account and responds to email conversations as if they were the victim. Therefore, if you receive an unexpected email, even if it comes from someone you trust, do not click on the files or links it contains.

Carefully review the information in each email. Review the sender’s full email. A real address must not contain typos or letters from other alphabets. If the message contains links, check where they lead by hovering the mouse without clicking. Assess whether the tone or language of the email matches the sender. If it appears fraudulent, report it to the person who ‘supposedly’ sent it by contacting them directly.

Use an email exclusively for purchases. Making purchases with your corporate email can put the company you work for at risk, especially if you use the same password to log into the company’s systems. It is recommended that you create an email address that can only be used for online purchases and protect it with a long alphanumeric password and multi-factor authentication.
Only use apps or websites you trust. Sign up to shop or receive email offers only at places you know, and be especially careful regarding discounts you receive from ‘retailers’ you’ve never heard of. If you accidentally land on a suspicious page, do not record any information and close it immediately.

As shopping channels continue to be digitized, good security cleaning is mandatory. It should be a commitment not only during the shopping season, but also on a daily basis. Constantly learning regarding cyberthreats and training yourself to form security habits throughout the year are the best protection mechanism you can have.

IBM press office
Weber Shandwick
E-mail: [email protected]

Source:

1700663113
#Phishing #created #generative #protect

Leave a Replay