Have you ever received an email that felt almost too personal? It somehow even understood your profession, the apps you used in day-to-day life, or even the most recent gala you attended? This type of correspondence is considered AI-assisted phishing. I once received one, entirely posing as a recruiter from a company I applied to years earlier.
Here's how:
• Whether you are on social media, your posts, likes, and friends indicate to AI what you enjoy doing,
• Public lists, attendance and participant lists, organization news, public filings provide AI a little more clarity,
• You online all engagement when you are online and what you click also provide indicators of your likely response online.
It uses this data point to replicate email messages to you, that look to be from someone you know, but a person they don't know. It's clever, huh!?
AI has even provided suggestions leveraging that you could use to initiate curiosity, urgency, or fear.
Protection
1. Examine who sent it – the name could be fake.
2. Before clicking any link, simply hover over it to see the actual address, or copy and paste into your browser.
3. Where available, you should use two-factor authentication.
4. Beware of an unexpected email, asking you to provide information or require an immediate action.
Think of it this way, it's just like locking your front door. You wouldn't leave your door open because the street happens to be quiet.
How does AI gain this information?
You might think to yourself, "How did these hackers know so much without actually hacking my account?" Think about it; they are using publicly available data. Everything you post and share freely and publicly online—social media, LinkedIn, forums, public reports, etc.—all serve as clues for AI.Here's how:
• Whether you are on social media, your posts, likes, and friends indicate to AI what you enjoy doing,
• Public lists, attendance and participant lists, organization news, public filings provide AI a little more clarity,
• You online all engagement when you are online and what you click also provide indicators of your likely response online.
It uses this data point to replicate email messages to you, that look to be from someone you know, but a person they don't know. It's clever, huh!?
Why Personalized Phishing Works
You might say "Not me, I would never fall for that," but truthfully, monetary emails are just leveraging how your brain works. You could likely disregard a vague "Click here" but when you see "Hey Jane, I have an update regarding your application...” you stop.AI has even provided suggestions leveraging that you could use to initiate curiosity, urgency, or fear.
Protection
1. Examine who sent it – the name could be fake.
2. Before clicking any link, simply hover over it to see the actual address, or copy and paste into your browser.
3. Where available, you should use two-factor authentication.
4. Beware of an unexpected email, asking you to provide information or require an immediate action.
Think of it this way, it's just like locking your front door. You wouldn't leave your door open because the street happens to be quiet.