Cybercriminals are taking advantage of the rapid advancements in artificial intelligence technology to craft ever-more convincing scams, according to Richard Ma, a co-founder of the cybersecurity firm Quantstamp. He sounded this alarm during his recent talk at Korea Blockchain Week. The rate at which AI is progressing has made social engineering attacks increasingly credible and effective, Ma pointed out.
In the old days, scammers might have been straightforward, asking for Bitcoin or gift cards under the guise of some emergency. Today, the situation has dramatically changed. Ma shared a real-life incident involving one of Quantstamp’s clients to demonstrate how AI-enhanced attacks work. In this case, a scammer posed as the client's CTO, engaged in prolonged interactions with another engineer in the company, and built a believable narrative before even asking for anything valuable. The added conversational steps establish a false sense of legitimacy that makes the target more likely to share sensitive information.
The most alarming part, according to Ma, is that AI's scalability allows scammers to roll out sophisticated attacks on a much larger scale than before, requiring minimal human effort. In the world of cryptocurrency, where databases of key people’s contact information are widely available, automated AI systems can message countless individuals, each with a tailored approach. The daunting task of training an entire company to avoid falling for such ploys has become even more challenging.
For those looking to shield themselves or their organizations from AI-powered scams, Ma has some basic advice. Limit the sharing of sensitive information to internal communication platforms like Slack and avoid email or text for such exchanges. Companies should also consider investing in anti-phishing software that screens automated emails. Quantstamp, for instance, uses software from IronScales, a provider of email-based security solutions.
The growth of AI not only opens doors for innovation but also introduces formidable challenges in cybersecurity.
Comment 0