Artificial Intelligence (AI) tools are helping people in every field and walk of life to improve their writing. In addition to making suggestions on content and tone, AI also helps us to avoid spelling or grammatical errors and inappropriate language. Unfortunately, the cyber attackers who design phishing scams also benefit from this technology.
Phishing scams are one of the most common and effective ways for hackers to get data and money from victims. Scammers can now use AI to improve their phishing techniques, making them even more difficult to detect. Red flags of the past like grammatical mistakes or an odd style are no longer enough to help identify scam emails. In this article, we’ll explore how AI is making social engineering attempts more dangerous, and we’ll share how you can avoid falling prey to these attacks.
What is phishing?
Phishing is a type of online scam where fraudulent emails trick people into sharing their secure information like passwords, bank account details, or credit card numbers. Phishing scams can be tough to spot when scammers use sophisticated graphics and other technical features to make false email messages look and feel authentic. This is how they convince people to respond and share their information willingly.
How AI can help scammers
With the advancements of AI, programs (also called “bots”) are able to do more and more tasks that normally require human intelligence, such as using language in a natural way, recognizing or creating images, and making complex decisions. There are many beneficial applications of AI, such as businesses improving their social media content or finding ways to improve productivity.
At the same time, cybercriminals can use AI to launch smarter and more targeted attacks in these ways:
- By matching the style and tone of personalized messages to mimic a legitimate sender. For example, AI can analyze the writing patterns of a trusted person, such as a colleague, friend, or family member, then use that information to craft true-to-life messages that appear to come from them.
- By helping hackers make their messages more fluid, fluent, and free from grammatical and spelling errors. This used to be a telltale sign of many phishing attempts, but AI is making it easier for scammers to work around these weaknesses.
- By analyzing the preferences and hobbies of the recipient and creating phishing messages that spark their interest.
- By collecting information about the target to create phishing messages that seem timely or relevant to that person, such as offering a fake discount, a fake invoice for a purchased product, or a fake security alert from a web platform the recipient uses.
Questions to help identify “phishy” emails
As AI becomes more advanced, phishing scams could become more challenging to spot. But there are some ways you can help protect yourself and your data from these attacks. Start by asking these simple but critical questions when reading through your inbox:
- Who sent it? Even if the message appears to come from a legitimate source, such as your bank, your employer, or your friend, double-check the authenticity of the sender, especially if they are asking you for something. If you have any doubt, contact the sender through another channel (not by replying to the email) and ask about the validity of the message. You can also check the sender’s email address to see if it seems to match who they say they are.
- What do they want? Be wary of anyone contacting you out of the blue and asking for personal or financial information. These days, banks or legitimate business will not ask you to give account numbers or payment details by email.
- Does it feel urgent? Watch out for messages that urge you to act right away. Emotional language is meant to short-circuit your common sense and force you to do something you shouldn’t. This could sound either positive, like an offer of a reward or discount that you have to act on right away; or negative, like a threat that you’ll lose property or have to pay some kind of penalty if you don’t reply immediately. Don’t let pressure cloud your judgment. When in doubt, take a break and come back to it after a few hours to take a closer look.
- Are there links or attachments? Be very cautious of clicking on anything in an email. Web links and attachments can trigger a virus or malware attack on your device. Hover your mouse over any link to check the domain of the web address (URL). Does it match the sender?
- Does this seem like a normal kind of communication? Is this a message you would expect to receive from this sender? If not, take the time to investigate. If it seems weird, then it likely is. Be vigilant of messages with spelling, grammar, or formatting errors (these can still occur). Also look out for generic greetings like “Dear Customer” or “Dear Friend.”
What to do if you get a possible scam email
If the email has any of the above red flags or you’re unsure whether it’s legitimate, get more information before doing anything. If you determine that it’s probably a scam, you can do the following:
- Use the “Report” button (or similar, depending on your email program) in your email platform to report it as phishing to your provider.
- Do not forward the message to any other sender, or your own email account could be compromised.
- Block the sender and delete the message.
Conclusion
Phishing scams can be a serious threat to your information and privacy. With the help of AI, scammers are creating more realistic and targeted cyberattacks that might fool even the most savvy users. By asking yourself the questions above, you can learn to identify “phishy” emails so that you—and your data—can stay safer online.