News Phishing Security awareness

Artificial intelligence with real consequences

Artificial Intelligence (AI) has revolutionized many industries, but it has also created new avenues for cybercriminals to carry out phishing and email scams. AI-powered scams are becoming increasingly sophisticated and harder to detect, posing a threat to individuals and businesses alike.

Artificial fishing
Phishing is a type of cyber attack that involves tricking victims into revealing sensitive information such as passwords, credit card details, or social security numbers. AI can be used to automate the phishing process, making it more efficient and scalable for criminals. For example, AI algorithms can be used to generate personalized phishing emails that are designed to appear legitimate and target specific individuals or organizations. One of the most common forms of AI-powered phishing is called “spear phishing.” This type of phishing involves using AI algorithms to analyze public data and personal information to craft highly targeted phishing emails. The AI algorithms can generate realistic-looking emails that are addressed specifically to the intended target and contain information that is tailored to their interests or job role.

Who is who?
Another way AI is being used for phishing is through the creation of deepfake videos. Deepfake videos are synthetic videos that use AI algorithms to superimpose one person’s face on another person’s body in a realistic manner. Criminals can use deepfake videos to impersonate trusted individuals or organizations in phishing scams. For example, a criminal might create a deepfake video of a CEO asking employees to transfer money to a new bank account, or a video of a government official asking for sensitive information.

A larger phishing net
AI is also being used to automate email scams, making it easier for criminals to reach a large number of targets in a short amount of time. For example, AI algorithms can be used to generate fake job offers, investment opportunities, or lottery winnings in the form of emails. The AI algorithms can analyze public data and personal information to craft realistic-looking emails that are designed to trick the victim into sending money or revealing sensitive information.

In conclusion…
AI has opened up new avenues for cybercriminals to carry out phishing and email scams. As AI technology continues to advance, it is becoming increasingly difficult for individuals and organizations to detect and defend against these types of attacks. To protect themselves from AI-powered scams, individuals should be cautious of unsolicited emails and never reveal sensitive information or send money to unfamiliar individuals or organizations. Businesses should invest in advanced security solutions that can detect and prevent AI-powered phishing and email scams.

Better “the devil” you know
Thought-provoking reading, isn’t it? But wait, there’s more… We tried, as an experiment, to AI-generate a body of text on the theme of “AI-generated fraud” and the result of the experiment is the text you have in front of you, minus this concluding paragraph. So the future is already here and may seem both unreliable and threatening. However, it is important not to be paralyzed by what may appear to be a fundamental paradigm shift, a so-called game changer. From another perspective, what we are seeing now is just a continuation of the arms race between cybercrime and cybersecurity that has been going on for decades. We at Nimblr are monitoring developments in this area, and are convinced that educational and awareness-raising cybersecurity training – together with technological solutions – is the best way to address both current and future security risks. AI, like ordinary intelligence, is a tool that can be used for both good and evil, and the same technology that is used for fraudulent purposes can also be used to protect us from fraud.

Phishing Security awareness Tech

Easier to simulate phishing in Office 365

Soon it will be both easier and more secure to allow Phishing tests from Nimblr in Office 365 environment. Microsoft has been listening to its customers and will in June implement a new and better method to allow phishing simulations from Nimblr and other third-party vendors.

This new way of handling phishing simulations from third-party providers and for Security operations mailboxes are cleaner and offer greater predictability for security teams. It makes it easier for security and email admins to rest assured that their ETR rules cannot impact the protection of their users, and prevents them from having to manually inspect all of their ETR rules.

The new feature is refered to with Roadmap ID 72207 and is described in the Microsofts documentation.

Nimblr will offer a guide to the new configuration as soon as Microsoft rolls out the feature. The roll-out is planned for June 2021.

Find out more about Nimblr Phishing Simulations.