83% of businesses experienced a phishing attack in 2018. Phishing is a technique used by hackers to trick you into handing over personal information such as passwords or banking details. This is not a new phenomenon, hackers have been using this technique since 1995.
While the basic concept has stayed the same, the tactics employed by cyber criminals have evolved with time. With advancements in technology, these attacks are quickly becoming more realistic. Here is our list of the most dangerous types of phishing scams.
Deepfakes
The first case of AI-based voice fraud was reported this year, which ended up costing the company $243,000. This demonstrates the catastrophic effects that audio deepfakes can have on a business. With deepfake technology rapidly becoming more realistic, it is only a matter of time before cyber criminals begin to use AI-based voice fraud on a larger scale.
In order to create a deepfake, the hacker must have access to video or voice recordings of the individual they are trying to impersonate. By processing these recordings through an AI algorithm, it allows them to create a convincing vocal imitation.
The best practice to avoid falling into the trap of AI-based voice fraud is to follow up phone conversations with an email and get the confirmation in writing.
Sextortion
Due to the embarrassing nature of sextortion emails, they have become a profitable way for cyber criminals to extract money from innocent victims. Hackers use a technique called spoofing to make it appear as if the email has been sent from the victim’s email address. An email address can be manipulated to be sent from an external source while displaying a legitimate address. These types of sextortion emails threaten to reveal nude images of the victim to their friends, family and social network. The attacker claims that the only way to stop the information from being leaked is if the victim pays the ransom within a specific time period.
You should never give in to the ransom and it is advised that you do not make contact or reply to the email. It is also recommended to change your passwords as an added safety precaution.
AI Phishing
Many phishing scams target large email lists and aren’t constructed well enough to fool most people. Artificial Intelligence is quickly changing this landscape and has made it easier for cyber criminals to target phishing scams more efficiently and effectively.
In order to create an individual spear-phishing message, the attacker needs to manually research each victim in order to create a convincing message specifically tailored to them. Using AI to build automated systems to execute phishing attacks has made it easier to create relevant information that can be used to target the victim for extortion purposes.
In such a rapidly changing environment it is crucial to develop and maintain a strong cyber security posture. Our recommendation would be to use a password manager to change your passwords regularly and use email filtering software to help keep your inbox clean.
If you believe you have been targeted by a phishing scam you can speak with one of our security specialists or report it to your local authorities.
If you liked this article, you may also like:
Attack of the drones: how to hack a drone
Saying no to Ransomware
6 security apps to protect your mobile device