Tips to protect yourself from AI-driven cyber scams
A SAIT expert shares how to avoid the latest threats developed by AI
Artificial intelligence (AI) — from predictive text and autocorrect to ChatGPT and AI-powered health and fitness apps — has seamlessly infiltrated nearly every facet of our lives. Enhanced AI can have a positive impact on our lives, but it also is instrumental in increasingly intelligent cyber threats.
"AI has expedited the information collection process," says Andrew Campbell, Information Systems Security Instructor in SAIT’s School for Advanced Digital Technology. "It’s quickly learning how to write code, damaging code. For example, code that used to take five-six hours to write can now be done in 15 minutes with ChatGPT."
AI not only expedites the creation of malicious activity but also widens the opportunity to develop harmful software.
"You no longer need specialized knowledge to construct malware — 'regular' people can create it by asking a chat generator to do so. This means someone with very little coding knowledge can produce malicious code that can carry out data theft, impersonation, ransomware and even identity theft."
Campbell adds, “AI is being used to develop custom malware for targets. Through some basic research, the attacker can gather a good idea of the target’s internal environment. Then, the attacker could use AI to tailor the malware.”
Navigating the new cyber landscape
The rapid evolution of sophisticated cybercrimes can make it daunting to stay safe online — we have four practical tips from cybersecurity professional Andrew Campbell to help.
1. Think before you click.
You likely already know to be mindful when opening email links. Now, the threat has extended to text messages. Simply put, if you don’t recognize the sender, don’t click the link.
"We need to remember our phones are also computers. All it takes is one click on a "bad" link to download malware to your computer or mobile device."
2. Trust your gut and always verify the sender.
AI can craft emails and text messages that appear to come from someone the target knows by analyzing publicly available data from social media, websites or previous breaches. This increases the likelihood of victims falling for the scam.
"Always approach unsolicited emails, messages and requests for personal information with skepticism — even if they appear to be from trusted sources. Trust your gut if you get an email from someone and it seems weird — spelling mistakes and odd formatting are usually strong indicators. Pick up the phone (don't send an email) and verify if the company or individual did send that email. You should also verify the email address. Attackers will sometimes change their email so it is almost exactly the same as the person or organization they are trying to be."
He adds, “When it comes to your phone, if you receive a text or call from an unknown number, do your due diligence and remain cautious.”
3. Keep your software updated.
AI can identify vulnerable devices by scanning for specific software versions, device models or security vulnerabilities.
"To keep your devices safe, ensure your hardware, software and apps are always updated to secure vulnerabilities malware may exploit."
4. Stay informed about the latest cyber security risks.
While hardware and software solutions are created to detect and prevent attacks, unknowingly clicking on a harmful link will bypass these defences. That's why user education is critical.
"Follow cyber professionals on LinkedIn, where they post things to look out for. Furthermore, ATT&CK is an excellent resource even professionals use to monitor attacker campaigns."
Skills for the Future
We prepare students for successful careers and lives.