In the last year, nearly half of businesses observed a steep increase in generative-AI or deepfake related scams. Even before AI, scammers have attempted and successfully committed cyberattacks by impersonating real people. Usually, a scammer will obtain the personal information of a trusted employee and send fraudulent messages to their victims. These scams are particularly convincing when a scammer hacks into an employee’s email address, so the fraudulent messages they send come from their legitimate email address. For example, a scammer might hack into your boss’ email and send you a message asking you to update your banking information. Since the message is coming from their real email address, you believe it and send them the updated info. Or, oftentimes, it isn’t a successful hack, but the imposter creates a ‘look-alike’ email address that at first glance, appears to be your boss, but they have complete control over. Since it’s not unusual to get email from your boss, you likely won’t scrutinize it closely enough to notice a minor difference or variation in the address. Now, unbeknownst to you, you’ve just provided a scammer with your banking information.
In the past couple of years, scammers have started to expand on this concept using AI to make their impersonations even more convincing and believable. And, not only have AI-based scams seen a rapid increase recently, but all online scams have as well. It is more important now than ever to stay educated and exercise caution while using your computer. Employee impersonation and account takeover attacks are not new, but they are being improved with the help of AI. Even the most seasoned employees are at risk of falling victim to an AI-based scam.
If you are unfamiliar, generative-AI is a type of artificial intelligence that uses machine learning to generate new content. These programs are fed large amounts of data, which they then learn from and use to answer questions, generate text, generate images, etc. Deepfake technology is a type of AI with which identities can be digitally altered in images or videos, making it look like a certain person is doing something that they did not do. Both of these concepts have received criticism and questions regarding their ethicality.
Along with impersonating current employees, scammers have also expanded to pretend to be prospective employees and former employees. Scammers might pretend to be a prospective employee and use AI to create resumes and apply for open positions at your company, especially work-from-home opportunities, or they might impersonate a former employee inquiring about old data or checking on retirement funds.
Scammers can use AI in several different ways in order to impersonate employees. One tactic is called voice-cloning, in which a scammer can use AI trained on a specific persons voice to make any voice sound like their voice. They can use any audio clip of a person’s voice, including ones posted online, to train these AI models. They can also train AI to mimic an individual’s usual vocabulary and tone in calls, messages, emails, etc. Any image, video, or audio clip of someone that can be found publicly online is fair game. For example, in a recent case, an individual who believed he was speaking to his workplace leaders via a video call ended up sending a payment to a scammer. This scammer was able to copy the likeness of the employee’s leaders in order to fake a video call asking for a payment.
Nowadays, it is important to never assume that phone and video calls, as well as emails and messages, are legitimate. If any message seems out of the blue or out of the ordinary, don’t interact with it until you can verify that it is real and valid. Once a bad actor has access to your company’s systems, they can commit significant fraud. There are ways to validate people’s identities, like hanging up a suspicious call and calling a validated phone number or emailing a validated email address. You can also consult your IT partner if you have any suspicions.
Read our previous post here: Experts Warn of New AI Chatbot DeepSeek
