AI and Cyber Security

AI can be a great tool for productivity (I use it all the time), but it's also a tool that cyber criminals can (and do) use to attack us.

The mayor of a Queensland council that lost nearly $2 million in an alleged international fraud attack says the perpetrators used artificial intelligence able to “imitate personalities”.
— ABC news

Image Credit: Google Gemini AI

Cyber criminals can use AI in a variety of ways to make attacks more effective. For example:

• Make phishing and scam messages seem more plausible by fixing the spelling and grammar before they are sent

• Doing better research on potential victims to create targeted attacks, and again make the messages more plausible (because they are personalised). Remember AI can be used to comb through all the many many millions of account records that have been leaked in data breaches

• Create realistic fake voice messages to pressure you that a family member is in difficulty (or some similar scam)

• Create realistic websites, social media content, videos, etc. to support scams and identity theft. For example creating fake celebrity endorsements for investment scams

What precautions can you take?

• Stop: Do not act immediately. Scammers use urgency (e.g., “pay now or be arrested,” “your loved one is in trouble”) to make you panic and bypass your critical thinking. Hang up, do not reply to the message, and take a moment

• Think: Does this request make sense? Is this how a bank, government agency, or family member normally contacts me for this kind of information or payment? Remember, an unexpected request for money or personal details is always a red flag

• Crucially, verify the story using a different method.

  • For a family member/friend: Call them back on their known, trusted phone number (the one you have saved in your contacts). Do not use the number that called or messaged you

  • For a company/bank/government: Search online for the organisation’s official website and call the customer service number listed there. Do not click links or call numbers provided in a suspicious email or text, and all messages and texts should be treated as suspicious in the 1st instance!

• Social Media: Check your privacy settings. Limit who can see your photos, videos, and especially any audio clips or voice messages you post online

• Unique Codeword: Consider agreeing on a “secret codeword” with close family members that you can use in an emergency to verify their identity over the phone, especially if they claim they can’t use their normal phone/email

Text within this block will maintain its original spacing when published

                                           Remember: Always be Skeptical and Verify First

Public Service Announcement:

This newsletter now has a chat feature so you can ask questions anytime. I also post new information outside the normal two week newsletter cycle. Just bookmark the button below.

Join Alec the Geek’s subscriber chat

Available in the Substack app and on web

Join chat

Comments

[Rainbow Roxy]

Excellent analysis! This truly makes me reflect on the broader ethical implikaitons of AI. Like your last article, it highlights AI's powerful, double-edged nature.