Cyber Talk: Don’t take the AI deep fake bait
Beware of potential threats and follow these tips to fight cybercrime
Hyderabad: Artificial Intelligence (AI) focuses on creating intelligent machines, which can perform tasks that typically require human intelligence, such as understanding natural language, recognising images, making decisions, and solving complex problems.
Possible malicious and criminal use of Al-powered deep fakes:
(a) Harassing individuals and destroying their credibility
(b) Luring people into sending money/ revealing privileged information
(c) Duping online systems that validate customer by fooling KYC
(d) Manipulating electronic evidence for criminal justice investigations
(e) Supporting disinformation campaigns, stoking social unrest for political polarisation
(f) Using AI tools to guess passwords
Sample modus operandi of AI-based deep fake scam:
AI-based fraud video calls could be persuasive and manipulative, so consumers must be wary and watchful online. Here are some methods to avoid being a victim of such scams.
* Victims are chosen randomly, social profiling is done, and then the scammers start communicating with the victims.
* Scammer impersonates a known person and requests financial assistance by repeating false stories to convince victims to transfer large sums of money.
* Excuses that scammers might use to deceive include (a) I have been robbed (b) I need money for medical emergencies (c) I have met with an accident
How AI can be misused for cybercriminals:
* Deepfake Attacks – AI can help create deep fakes that appear all too realistic which can be used to impersonate individuals, leading to misinformation and reputation damage or spreading misinformation.
* Voice Vishing – Cybercriminals can clone human speech to carry out advanced types of voice phishing attacks.
* Social Engineering Attacks – Using AI tools, cybercriminals can draft extremely personalised and sophisticated emails that appear as though a human wrote them.
* Credential Stuffing – It’s a method in which attackers use lists of compromised user credentials breach into a system by automating the process using AI.
* Malware Development – AI can be used to create hi-tech malware that can evade traditional security measures and adapt its behaviour based on the target the environment operates in.
* AI-powered Botnets – AI-powered botnets can mimic human behaviour, effectively blending into the digital landscape.
* Social Engineering Attacks – Using AI tools, cybercriminals can draft extremely sophisticated emails that appear as though a human wrote them.
Combating AI-based cybercrime by security professionals:
* Behavioural Biometrics – AI helps to identify untrustworthy activities by analysing parameters like keystrokes when typing, navigational patterns, screen pressure, typing speed, mouse or mobile movements, lip sync and gyroscope position, etc
* Malware Detection – AI and ML can analyse large amounts of data to identify patterns and abnormalities that are challenging for humans to detect malware threats.
* Threat Detection – AI algorithms can help us process and analyse vast datasets i.e., network traffic logs, system logs, user behaviours, and threat intelligence feeds.
* Predictive Analysis – The process uses data analysis, machine learning, artificial intelligence, and statistical models to find patterns that might predict future behaviour.
* Natural Language Processing (NLP) – It can be used to identify phishing emails by analysing the text of the email.
* Email Authentication Protocols – Implement email authentication protocols like SPF, DKIM, and DMARC to prevent email spoofing.
Few tips while dealing with AI-based crimes:
* Code Word – Set a verbal or numerical codeword with kids, family members, or trusted close friends, and make sure it’s one only you and your important family members know.
* Question the Source – Cybercriminals have access to tools that can spoof phone numbers and make them look real; therefore, it’s recommended that you stop, pause, and think even if it’s a voicemail or text from a known number.
* 2FA – Implement two-factor authentication (2FA) on your social media and email accounts.
* Passwords – Use complex and strong passwords which are hard to crack is recommended.
* Unsolicited Emails & SMS – Be cautious while clicking on short links received.
* The imposter can be asked to turn his/her face.
* Make the imposter on the other end to wave hands during conversation.
