Cyberattacks are becoming more prevalent these days. A study by Juniper Research estimates that they will cost global companies $2 trillion in 2019! One of the reasons the cost is rising is due to an increase in social engineering and AI by savvy hackers.
Social engineering is used in many online scams. A growing number of hackers are using it in lieu of old school, brute force hacking strategies. Social engineering scams are becoming even more terrifying, as hackers have discovered that artificial intelligence can make them more effective. They use a variety of machine learning and predictive analytics models to target new marks and reach them more effectively.
The New Jersey Cybersecurity and Communications Integration Cell has warned that AI-driven cyberattacks are more dependent on social engineering than ever.
The Evolution of Social Engineering Scams in the Age of AI
Fernando Niño, the Senior Director of Global Risk and Investigations Practice in Forensic and Litigation Consulting for FTI Consulting has talked about some of the ways that social engineering is used in scams and how artificial intelligence plays a role. One type of fraud to which companies and individuals are exposed to on a daily basis is known as “social engineering”. Social engineering can manifest in two ways: phishing and pharming. Both forms of social engineering are used by criminals that want to steal money through deception.
Social engineering, according to the Association of Certified Fraud Examiners, is a technique used by fraudsters to obtain personal information from their victims. Unlike brute force hacking attempts, it does not take advantage of technical vulnerabilities or rely solely on malware. Instead, hackers that use social engineering try to trick victims into providing their information. In the case of phishing, the victim gives up his data, believing that he is in front of a company with which he has business. For example, he receives an email from what appears to be a legitimate source, such as a bank, with a wording that leads him to “click” on a link that is the fraudster’s website. The consumer is then instructed to provide or update personal information, such as a bank account username and password, which gives the fraudster full access.
Since social engineering scams rely mostly on the art of deception, you might believe that artificial intelligence won’t be so widely used in them. However, AI technology can actually play a terrifying role in social engineering scams.
Alarice Rajagopal, an author with CSHub, wrote about one way that AI could influence social engineering scams. Rajagopal said that scammers could use more sophisticated artificial intelligence technology to impersonate the voices of senior executives. This is a terrifying example that illustrates the dark side of AI. A number of other hackers are tricking people with cross site reference forgeries.
Many types of artificial intelligence technology used in social engineering scams are similar to those used in legitimate businesses. Some companies use marketing automation technology, will relies extensively on artificial intelligence. Others use AI driven malware tools, such as keyloggers to intercept the passwords of users. Malware is often used to supplement a social engineering scam. The scammer may trick the person into downloading it.
One expert we spoke with is a former black hat hacker. Due to the nature of his business, he wanted to speak under the condition of anonymity.
“Pharming is an attack in which a person is tricked with confidential data (password or credit card number) on a malicious website that mimics a legitimate website. It is different from phishing, in that the attacker does not have to wait for the user to “click” on a link within the email to direct them to the fake website. There are many ways people can protect themselves against pharming. One is to verify the URL of websites that request personal information. Another is to protect devices using virus protection software, choose a trusted Internet service provider, and verify the certificate of websites. Consumers should always block suspicious websites,” he said.
Artificial intelligence is used in a number of ways by people conducting social engineering scams. These include:
- Using predictive analytics models to identify the people that will be most susceptible to their scams
- AI can reverse engineering machine learning algorithms used by spam filters to create new email messages that won’t be flagged
- Using machine learning to understand the logistics of malware protection software, so can trick people into downloading it more easily
Artificial intelligence is playing a terrifying role in the use of social engineering scams. Anybody that could be a victim of a social engineering scam should be on their guard and recognize the dangers that AI has contributed to.