A BATTLE OF MINDS – AI VERSUS HI

If you’re already tired of hearing about AI crime and fraud, then you’ve just created another massive vulnerability. Because the greatest self-imposed risk is complacency and indifference. If AI has raised the bar, it’s probably a bad time to drop your guard.

No matter how advanced or convincing AI crime becomes, the best defence is still HI. Human intelligence. Your vigilance and awareness, your caution and common sense, your decisions and choices are your best bet for spotting these attacks before they can do any harm.

And even though it’s very low tech, frequent and short awareness training, even just a minute a day, could be enough to keep you vigilant and alert for just that day. To make things a little easier, we’ve created a collection of dozens of short videos that we call Secure In 60 Seconds. That’s because all it takes is a minute or two to learn what a threat is and the handful of good habits you need to avoid it.

 

1.  REMEMBER THAT ALMOST  ANYTHING CAN BE FAKED

AI crime is not all about deepfake videos. AI can be used to make almost anything look unbelievably real and that includes:

• Zoom calls
• Phone calls and conversations
• Interviews and testimonials
• Emails and text messages
• Entire identities
• Financial information
• Work history
• LinkedIn pages
• Social media profiles
• Documents and identities
• Entire businesses

 

2.  THINK OF YOURSELF FIRST

I’m not suggesting you be selfish, although when it comes to security perhaps it’s a good thing. But look at yourself as either a criminal or a criminal vulnerability would look at you.

Is there anything in your life or work that would make you more or specifically vulnerable?

• Do you have a lot of clients who send you sensitive information by e-mail?
• Are you wealthy or have a lot of wealthy friends or clients?
• Do you have a high public profile, lots of press coverage, involved in nonprofits or political activities?
• Do you engage in a lot of high value transactions?

A key part of building a good security strategy is to know who’s targeting you and how they’re going to get in. All your important security decisions should be based on answers to those questions.

 

3.  FOCUS ON THE CONTEXT

One of the simplest defenses is to think about everything in terms of context. No matter who’s contacted you, who you think you’re speaking to, what you’re being asked, what you’re being presented with, or what’s being shared with you, you always have to ask yourself about the context.

Does this feel right? Is this the way things are normally done around here? Has this person ever made this type of request before? Ever sent this kind of document? Ever asked for this kind of document, this kind of transaction, this kind of urgency.

Focus on the context of the message instead of trying to look for other clues that it’s fake. You might not spot them until it’s too late.

 

4.  USE 2FA AND MFA

It might sound complicated but it’s not really. Two-factor authentication (2FA) or multi-factor authentication (MFA) is simply an option to add an extra layer of security to something like a bank account or social media account.

You typically have to do very little, often nothing more than adding a phone number so you can receive a text message whenever you’re trying to log in, change a password, make a bank transfer etc. It’s just another way to verify it’s really you and not an imposter.

And if you really want to up your MFA game, think about using a physical pass key like a Yubikey as an extra layer of defense.

 

5.  GET SERIOUS ABOUT YOUR PASSWORDS

Whether your passwords are one line of defense or one amongst many, you still need to be smart about them. Passwords that will offer the best defense against the latest AI-driven attacks need to be at least 18 characters long, and as complex and random as you can make them.

Your best bet is to use one of the many cheap or free password managers that will make it so much easier to create, store, and use all those passwords. Secure In 60 Seconds videos will explain more.

Did you know? An analysis of the billions of stolen passwords circulating on the black market showed that of the 50 most commonly used passwords, 49 can be cracked in less than one second.

 

6.  DON’T REUSE YOUR PASSWORDS. EVER!

While still on the subject of passwords, don’t be tempted to reuse a password (1 in 3 people still do), no matter how complex and original you think that password is or how proud you are of it.

AI tools are very good at taking the millions of passwords already exposed in data breaches and finding out all the other sites you might be using the same password on. It’s called credential stuffing and you don’t want your security stuffed.

 

7.  FREEZE YOUR CREDIT

With all the stolen personal information out there, stolen mainly through the thousands of data breaches in the last few years, identity theft has been the top crime for more than a decade.

AI is making it so much easier, so if you haven’t already frozen your credit, do so now, because it’s the best way to stop the most common type of identity theft. It’s very easy to do, it’s completely free, it doesn’t hurt your credit, and you can undo it anytime you want. Again, we have a video that explains more.

Did you know? We championed for the introduction of national credit freeze laws as far back as 2006, and were instrumental in introducing the nation’s first child credit freeze law in 2016. Yet more than 90% of consumers still don’t freeze their credit.

 

8. DON’T TRUST, ALWAYS VERIFY

Before you react or respond to anything, do everything you can to first verify the authenticity of what you’re encountering. Trust me, you’ll be glad that you did.

If you get a call from your bank or credit union about a suspicious activity, a request to pay an urgent bill through Zelle, a threat that you’re going to be arrested for not paying a speeding ticket and so on, a client wanting to speed up a wire transfer etc., go to the claimed source first and ask them if they really did send that message.

 

9.  TALK TO YOUR KIDS, PARENTS, AND GRANDPARENTS

Kids and seniors are amongst the most vulnerable to the growing variety of AI crimes.

Whether it’s sextortion crimes targeting kids and teens, or financial or romance scams targeting the elderly, the damage can often go far beyond simply financial.

Your best bet, and their best defense, is to talk to them often. Explain what the scams are, how serious they are, how to spot and avoid them, and then remind them often. It might feel like nagging, but they’ll appreciate it.

 

10.  TRAIN YOUR TEAM

Security people talk incessantly about the weakest link. And it’s true. It only needs one busy, careless, or indifferent user to make a mistake that lets the criminals in.

So whether it’s employees, business advisors, partners, or vendors, remind everyone around you of the importance of their vigilance too. You’re not only improving your security, but you’re doing them a great favor too.

 

11.  WATCH OUT FOR ROMANCE AND SEXTORTION SCAMS

AI is ideally suited to creating very convincing romance scams. These scams are costing victims, mainly seniors and the elderly, more than $1 billion every year.

For seniors and the elderly, the focus is often on tricking them into parting with large amounts of money. The best defense is to constantly remind seniors of the existence of these types of scams and to contact you or someone else they trust if any stranger starts to show a serious interest in them.

For kids and teens, AI scams increasingly revolve around sextortion. Using AI to create very realistic-looking and believable social media profiles and using those profiles to develop a more intimate relationship.

That often leads to a request for revealing or explicit photos or videos and that’s when the extortion begins. Those same tools can also take an image or video that the victim posts and turn them into a very realistic looking pornographic video.

But there’s a simple solution. Remind your kids to set all their social media accounts to private, be very careful and selective with any friend or connection requests, and to never ever share any suggestive or explicit photos, videos, or even comments with anyone, ever, for any reason, and that includes their besties.

 

12.  REIGN IN DANGER FINGER

Danger finger is your index finger, and the one that’s most likely to click on something that you shouldn’t.

Phishing is still one of the first steps in most cyber attacks, and thanks to AI, phishing has surged to levels never seen before. And they’re also becoming far more sophisticated and believable.

Whether it’s a malicious link in an e-mail, a malicious attachment to an e-mail, or a website, the better you are at reigning in danger finger and simply not clicking on stuff that you don’t have to, the safer we’ll all be.

 

13.  BE SMARTER WITH SOCIAL MEDIA

Social media presents one of the biggest security risks, not only because we share so much information about ourselves, but often we have no idea who we’re sharing that information with.

And social media is where the scammers are getting most of that information to create deepfakes. Photos of your face, photos of the faces of your family and friends, videos of you, and samples of your voice.

So make sure you set every social media account to friends only, and be very careful and discerning in what you post.

 

14.  LEARN HOW TO SPOT A DEEPFAKE

We created an article on everything you need to know about deepfake videos including the telltale giveaways. So make sure you get familiar with them.

Although generative AI is getting much better much faster, and pretty soon we won’t be able to tell a fake video from the real thing, in the meantime most deepfake videos have lots of giveaways.

The most common include lip movements that are out of sync with the speech, body movements and gestures that don’t match what’s being said, robotic facial and especially eye movements, and weird lighting glitches.

 

15.  MOVE AWAY FROM EMAIL

In spite of all the advances in all kinds of technologies, e-mail remains the most common and popular form of communications.

Which is why it’s the number one target for criminals and the most common delivery channel for phishing attacks, wire fraud, business e-mail compromise attacks, deepfakes, and all other kinds of scams and frauds.

The best way to protect yourself is to move your most sensitive conversations, communications, and negotiations away from e-mail and into safer  and more secure places.

 

ABOUT THE AUTHOR

Neal O’Farrell is one of the longest serving security experts on the planet, 40 years and counting. He has advised half a dozen governments, developed advanced encryption systems for the military and financial sectors, and won awards for his work to protect consumers from cybercrime and fraud. Meet him.