Clumsy scam emails are easy to spot. New AI aided scams are much more convincing.
The Wall Street Journal reports AI Is Helping Scammers Outsmart You—and Your Bank. This is a free link.
Artificial intelligence is making scammers tougher to spot.
Gone are the poorly worded messages that easily tipped off authorities as well as the grammar police. The bad guys are now better writers and more convincing conversationalists, who can hold a conversation without revealing they are a bot, say the bank and tech investigators who spend their days tracking the latest schemes.
ChatGPT and other AI tools can even enable scammers to create an imitation of your voice and identity. In recent years, criminals have used AI-based software to impersonate senior executives and demand wire transfers.
“Your spidey senses are no longer going to prevent you from being victimized,” said Matt O’Neill, a former Secret Service agent and co-founder of cybersecurity firm 5OH Consulting.
In these recent cases, the frauds are often similar to old scams. But AI has enabled scammers to target much larger groups and use more personal information to convince you the scam is real.
Fraud-prevention officials say these tactics are often harder to spot because they bypass traditional indicators of scams, such as malicious links and poor wording and grammar. Criminals today are faking driver’s licenses and other identification in an attempt to open new bank accounts and adding computer-generated faces and graphics to pass identity-verification processes. All of these methods are hard to stave off, say the officials.
JPMorgan Chase has begun using large-language models to fight identity fraud. Carisma Ramsey Fields, vice president of external communications at JPMorgan Chase, said the bank has also stepped up its efforts to educate customers about scams.
Password risks, amplified
Criminals used to have to guess or steal passwords through phishing attacks or data breaches, often targeting high-value accounts one by one. Now, scammers can quickly cross-reference and test reused passwords across platforms. They can use AI systems to write code that would automate various aspects of their ploys, O’Neill said.
If scammers obtain your email and a commonly used password from a tech company data breach, AI tools can swiftly check if the same credentials unlock your bank, social media or shopping accounts.
That’s the lead-in to the WSJ article. The link above is a free link.
Kudos to the Journal for offering free links. I try to be fair about what I use. Very few of my references to the Journal are free links.
The Financial Times threatened me if I ever used more than one sentence from an article, even a rebuttal.
I responded by cancelling my subscription and have never referred to a FT article again. I fail to see how the FT thinks it gains from this.
Consider this a public service announcement courtesy of the Wall Street Journal.
Thanks
No matter how you handle AI scam phone calls, get yourself an extra layer of protection by placing a freeze on the three major credit reports that lenders and credit card issuers use to decide whether you are credit worthy. They are Expedia, Trans Union and Expedia. The freezes cost nothing and they can be lifted temporarily if you are applying for a loan or a credit card. Check with your state attorney general’s web site for more information on credit freezes in your state. You don’t want to have scam artists applying for credit in your name and causing you a major financial headache as you work to untangle the fraud.
I never answer unless it’s a number I recognize and I wait to see if they leave a voice message. My problems are then minimized.
OT: there are stores.closing around me but to be sure there is stuff being constructed as well.to open coffee shops,.grocery stores and chick fill. Seems like a case of weak hands dying and strong hands expanding.
In Florida there are things going up everywhere you look. Same thing in Texas and many places in the South. If where you live you see a growing reluctance to invest and a refusal to maintain then you are in something that resembles the beginning of a Rust Belt. If that is the case you had better sell your house and move quickly because when it goes down, it stays down for a long time. Where do you live?
Look at it from the AI’s point of view. All those NVIDA cards and all that electricity costs a lot of money so it has to get revenue somehow. Better this than it hacking our nuclear codes and blackmailing us.
1) The Israeli high tech sector employ Hasidic women. They are very sharp. They feed their family while their husbands study in yeshivas. They are organized in separate groups. Most of them get pregnant every year. They WFH. Only 29% of young Hasidic Jews studies in Yeshivas. 40% work. The IDF need them. They serve in front lines, EMS and service high tech & AI. The religious party agreed to recruit over 4K Hasidic that work. Israeli Arabs might be next to protect their burning Galilee.
2) General Petraeus : the IDF repeats our mistake in Afghanistan and Iraq. He forgot that Begin blew up King David Hotel, assassinated Lord Samuel in Cairo and that Hezbollah blew up the marine barrack in Beirut and the IDF HQ in Tyre.
3) Beirut airport warehouses are packed with Iranian missiles, Kornets, RPG, Burkan,
ammunition, gunpowder and CyklonB. If targeted it will be worse than the Beirut port explosion 2020.
4) Hezbollah can do the same to Haifa ammonia plant.
This weekend the IDF might have gotten Hamas #4. Hard to verify. A large collateral damage. No warnings. No knock-knock. No mercy.
What are a few children and women when you think that they stand in the way of what you want.
Like the Jihadists aren’t Jonesin for civilian casualties.
Our house must be ground-zero for incoming robo-calls on our landline. I can spot a fake call a mile away. The must have an automated prompter looking for a response when you pick up the phone, such as ‘Hi’ or Hello’. The robocall typically doesn’t respond if I don’t talk into the handset, or if I just make a noise. There is typically a delay and an audible click when receiving a robocall. We also have caller-ID that appears on our TV. You can see by the area codes and the listed entity that these are fake calls, either for solicitation or scamming. The most prevalent ones are for additional Medicare services, solar power, and final death benefit insurance.
Since I am retired, if looking to kill time, I will answer with a few choice Indian/Hindi phrases! The callers from Mumbai or Karachi go from being agreeable persons to raving, cursing lunatics with their responses. Much fun wasting their time.
If there is a delay on an incoming call after I say hello, I usually hang up without waiting for anyone to come on line. It has been a long time that I have been concerned about being rude on the phone. It’s a new world out there.
If there is a delay I set the handset on my table radio speaker for a while, and use the computer in another room.
Ha! I don’t reuse passwords and I have something like 250 email addresses through spamex.com and about 10 through GMail. My Gmail addresses have never been compromised, AFAIK. If they have, no one has cracked their passwords. I manage everything through Keepass.
Even for someone with many years of tech background like myself, it is a PITA to set this up and manage it all. I can imagine how lost the average people must feel and how easy pickings they must look to the black hats and scammers..
It.isnt just emails. I was watching a YouTube video and happen to click on an associated video that looked interesting. It turned out to be a completely AI generated video with audio with no human voice. It was terrible.
If you don’t have software that watches over the uRL’s you click on or if you’re not blocking scripts, then just clicking on a bad URL can get your system infected.
Lots of videos on YouTube are AI generated now. I hate them. They are just a voice and a slideshow of images and they really do suck.
It’s the Youtube version of all the early Web “websites” which were just scanned hardcopy product catalogs. It’s the lowest cost and complexity way to get a “video” for those who already have some printed material laying around that they want some, nearly free, additional mileage out of.
Google is, at best, halfhearted about limiting it now in their post “Don’t be Evil” era; since all the added “videos”; and their titles; makes for a richer environment of clickpoints for figuring out what each user in interested enough to click on. Most who land on such a video, will quickly click on to another. Few will throw their arms up and leave Youtube “forever.”
Google doesn’t police this because AI created or not, they are just looking for a vehicle to present advertising in.
It was a common understanding (maybe not correct, of course) that the Nigerian-style email scams had abysmal grammar/punctuation/spelling on purpose as a way to automatically filter for the most gullible people.
Financial Times…good riddance
One Bot could replace the entire National Public Radio cast.
Bottom line, more than ever … I try to doubt any call, eMail, or whatever. I even have “keywords” with family members. What’s out there is good. If you ever give money or info to a cold-caller … you are setting yourself up (I’ve had legit charities ask me for my credit card when they had cold-called me). I tell folks to send me an invoice and I will reply (or not if I check out the charity and find it is not highly rated).
Similarly, my aunt’s advice 40 years ago was, “I tell them I don’t buy anything over the phone.”
Sending them a money order is the safest.
On the positive note, will AI be able to cut through the thicket of company IVR 5 level menu system?
The ultimate test: will AI be able to generate an authentic Bangalore accent for a genuine call center experience?
The ultimate test of AI will be when we can all have an AI assistant screen our phone calls for us so that robo-calls are never put through to our cells and only actual calls are.
In SF stories they have people and companies outfitted with a full suite of AI protections but as always, there are zero days and viruses get propagated.
Wow. NVDA going to 200 by the fall. Crime pays.
NVDA doesn’t make the applications or content. Like anything else, AI hardware can be weaponized.
AI’S grammar is improving, but the request for you to do something stupid is still always there.
AI-are these the same left-wing bots I see posting the same anti-conservative garbage in tandem on Twitter [I assume the DNC makes extensive use of this parasitical drool]