Ai is one big curveball that’s changing the landscape of phishing and cyber security. It has never been easier for hackers to mount sophisticated attacks than it is now, and unfortunately many organisations aren’t preparing their staff for this changing landscape.
Take just phishing in isolation. What were the tell tale signs of a phishing email of the last few years. Well things like
Poor grammar
Spelling mistakes
Broken English
Pressed for urgency and look suspicious
But that landscape has changed now with Ai. Such errors are no longer commonplace, making them harder for even the most vigilant of staff member to spot. It’s never been easier for a hacker, they can click a couple buttons and build a phishing campaign that’s topical and believable. It literally takes seconds.
But let’s put it to the test, I asked one of the chat Ai platforms to write me an example phishing campaign and here’s what it shot out. You be the judge, would one of your staff fall for this:
Ai - Example Phishing Campaign
Subject: Urgent: Account Verification Required!
Dear valued customer,
We regret to inform you that our system has detected suspicious activity on your account. To ensure the security of your personal information and prevent unauthorised access, we kindly request you to verify your account immediately.
Click on the link below to proceed with the account verification process:
[Malicious link]
Please note that failure to complete the verification process within 24 hours may result in a temporary suspension of your account. We apologise for any inconvenience caused and appreciate your cooperation in resolving this matter promptly.
Should you have any questions or concerns, please do not hesitate to contact our support team at [fake support email or phone number].
Thank you for your attention to this matter.
Sincerely,
The Security Team
Mitigation Strategy
There’s no single strategy you can opt for to mitigate risk completely. That being said, if you invest heavily into systems the backstop is still the staff member who can click a button to bypass all of those systems.
There's one one way to diminish your risk as much as possible, which is through regular training. Emphasis on the term regular. If you regularly train your staff to be more paranoid about what appears in their inbox, or through the post, or who calls in then as an organisation you're less susceptible.
We at EquiTech Group offer a host of training and user testing provisions. If you'd like to know more about this or any of the other proactive measures then speak to a consultant at EquiTech Group:
Phone - 01604 346 444
Email - info@etg365.co.uk
Comments