AI is being exploited to create more convincing scams

Artificial Intelligence is all over the news. It seems like every time you go online, there’s more information about how it will either enhance or detract from our lives.

However, as with everything, it’s not just being used for good. There’s no doubt it can and will change the way we work. AI chatbots and ChatGPT are being used by cyber criminals to make their lives easier too.

Cyber investigators have found these are the main routes the cyber criminals are taking:

• Phishing emails – Looking for misspelled words and bad grammar is often a way to spot a malicious email and have you or your staff click on a link that will download malware or steal vital information from your business. AI-written text is much harder to spot because it doesn’t make the same mistakes. We are also seeing a trend that means that each email is different, making it much harder to spot and alert your team.

• Lack of governance – AI is becoming increasingly good at creating computer code and cyber criminals are using this to their advantage. Until there’s a reliable way for AI creators to safeguard against this, it is a threat. The recent open letter signed by more than 1,000 experts including Elon Musk and Apple co-founder Steve Wozniak demonstrates that the technology is moving much faster than governments who need to legislate its use.

• Fake news – Anyone that is assessing Open AI’s Chap GPT will know that it produces written information quickly on virtually any topic. It is also being used to write articles and social posts spreading misinformation. Prompts like “Write me 10 social posts about Acme Academy losing a client. Mention the Daily Mail” are being used. This may not seem like something you need to be concerned about, but your employees may click on a link and of course, there’s the reputational damage if it is your company that is involved.

Simon Page, CCO of ILUX said: “Cyber attacks and the sophistication of the payloads released have increased dramatically over the recent years. A recent report suggest that 39% of UK businesses reported suffering a cyber attack in 2022.

“At ILUX we constantly review the products and services we provide to ensure they give the best protection to our clients and work with them to help them adhere to best practices to reduce the risk of being affected by an attack.

“The best form of defence is prevention. By blocking these scams before they infiltrate your systems, you dramatically reduce the chances of being hit by a virus or held for ransom. We work with clients to cover the seven layers of cyber security, six of which are technology related. The last layer is the human layer, and as such is a process that starts with educating your staff.”

Basic cyber training is available online and for free at the National Cyber Security Centre’s online academy.

Of course, nothing is 100% guaranteed to stop a cyber attack and should the inevitable happen, cyber insurance is becoming more and more necessary to protect the business from serious financial loss.

Get the peace of mind of knowing you are doing everything you can to protect your business.

Related resources

• ILUX Cyber security services

• Cyber Essentials certification

• The business owner’s guide to phishing