They can research and create an impressive amount of content in mere seconds.
But unfortunately, this leap in technology has enormous consequences for our safety.
Research from Europol on the criminal use of ChatGPT has raised concerns about
how AI tools are used to create, research, and impersonate legitimate websites and
steal personal data, otherwise known as phishing.
How do criminals use these AI tools, and, more importantly, how do you protect
yourself from them? In this article, we’ll share simple ways to deal with this new
wave of cybercriminals.
3 ways criminals use AI tools
1. Instant research
AI tools like ChatGPT can collect and organise vast volumes of information instantly.
Once complex topics can be condensed and explained simply with the press of a
button.
As revolutionary as this might seem, criminals exploit AI technology to impersonate
and defraud people by compiling detailed information about companies, services,
and individuals.
While AI tools have stated they have safeguards against information being used for
criminal activity, hackers use specific prompts to avoid detection to amass huge
banks of information to use in nefarious phishing activities.
2. Impersonation
One of the most common uses of AI tools is to create articles and blogs with little
effort. Criminals can then use this content to populate newly created websites,
hoping to trick people into clicking on them.
Known as ‘content farms,’ these sites use sensational, click-bait titles to appeal to a
wide audience. A report by NewsGuard found that many AI-generated news sites fail
to disclose ownership and use fake author profiles to convince readers of their
authenticity. People might subsequently create accounts on these sites to access
additional material, unknowingly sharing their details with a hacker.
3. Phishing emails & chatbots
In the past, fraudulent emails were relatively easy to detect, with their poor grammar
and spelling or using unbelievable scenarios like winning the lotto and inheriting a
secret fortune.
Today, AI tools have refined phishing emails, making them seem more sophisticated
and persuasive. ChatGPT, for example, can be instructed to use specific language
models and vocabulary to appear more serious, professional, chatty, or friendly,
depending on the task.
The same principles apply to chatbots. AI tools can power these bots to convince
you that you’re talking to a knowledgeable, helpful staff member.
But these “staff members” have fake profiles and avatars to trick you into trusting
them with sensitive information. Responses can be planned ahead of time, creating
the illusion of a conversation happening in real-time.
5 ways to stay safe from AI-powered phishing
As scary as modern-day cybercrime seems, there are many simple ways of
protecting yourself. Below are five ways to keep yourself (and your information)
secure.
1. Learn about cybersecurity
One of the best lines of defence against cybercrime is informing yourself of the latest
cyber threats. But technology moves rapidly, and knowing where to go for up-to-date
information can be challenging.
Cybersecurity websites are here to help. You can find the news about the latest data
breaches, scams, and guides on protecting yourself from various cyber threats.
When you start reading these blogs, you may encounter many unknown terms. You
can look at the cybersecurity glossary to discover what they mean. A cybersecurity
glossary is an innovative tool that contains all the industry definitions, acronyms, and
explainers you need to know. It can be your handbook for navigating the internet
safely from now on.
2. Check website addresses carefully
Hackers use AI tools to create websites quickly, often trying to imitate official
websites to steal people’s login details.
Hackers might make slight changes to the site URL to help deceive users. The
changes include placing an extra letter, number, or hyphen and misspelling the
name. Phishing sites can be so convincing that they rank in search engines, further
exposing users to cyberattacks.
Always check the URL thoroughly before logging in to protect yourself. Be careful
when clicking links from emails or social media, and change your passwords
immediately if you think you have engaged with a fraudulent site.
3. Check for SSL/TLS certification
SSL and TLS are two certificates that encrypt a user’s data, preventing outside
people from seeing your activity. Website addresses will start with HTTPS instead of
HTTP and will have a padlock symbol beside the address bar on your browser.
While certificates ensure your data is encrypted, they don’t necessarily mean the site
is legitimate. For that reason, SSL and TLS are reassuring sights to see – but by no
means fool-proof protection against phishing sites.
4. Protect your private information
Cybercriminals often scour social media sites for any personal data they can use. It
includes personal information like your hometown, hobbies, interests, your friend list,
where you went to school, and your current occupation.
Using AI chat, they may draft personalised messages to initiate a conversation,
pretending to be someone you know, hoping to gain your trust. Protect your
information and update your privacy settings to keep email addresses and private
data hidden from the public.
5. Update software and systems
Finally, continually update your operating system, browser, and antivirus software.
For one, it can prevent hackers from exploiting vulnerabilities in your software. And
when it comes to phishing, your browser can conduct a preliminary safety check and
warn you ahead of time if it thinks a link is suspicious.
No comments yet