AI chatbots have taken the world by storm in recent months. We’ve been having fun asking ChatGPT questions, trying to find out how much of our jobs it can do, and even getting it to tell us jokes.
But while lots of people have been having fun, cyber criminals have been powering ahead and finding ways to use AI for more sinister purposes.
They’ve worked out that AI can make their phishing scams harder to detect – and that makes them more successful.
Our advice has always been to be cautious with emails. Read them carefully. Look out for spelling mistakes and grammatical errors. Make sure it’s the real deal before clicking any links.
And that’s still excellent advice.
But ironically, the phishing emails generated by a chatbot feel more human than ever before – which puts you and your people at greater risk of falling for a scam. So we all need to be even more careful.
Crooks are using AI to generate unique variations of the same phishing lure. They’re using it to eradicate spelling and grammar mistakes, and even to create entire email threads to make the scam more plausible.
Security tools to detect messages written by AI are in development, but they’re still a way off.
That means you need to be extra cautious when opening emails – especially ones you’re not expecting. Always check the address the message is sent from, and double-check with the sender (not by replying to the email!) if you have even the smallest doubt.
If you need further advice or team training about phishing scams, just get in touch.
To protect your home from an intruder you make sure your doors and windows are all locked and secured. You might go further: build a fence around the perimeter, perhaps even get an angry-lookingdog to stand guard.
But there’s no point going to all that effort if someone’s already broken in and set up camp in the basement.
Yet that’s the security policy of thousands of big businesses trying to protect their data from cyber criminals.
They do many of the right things. They invest in security software. Theytake a strong,multi-layered approach to security – includingall the things we recommend, like multi-factor authentication, encryption, reliable backup systems and staff training.
But they don’t pay enough attention to detection and response.That involves constantly scanning systems for any sign that a crook may have gained entry somewhere, and having a process to stop an attack in its tracks. A new study shows that only a third of businesses place detection as their main priority, while two thirds say prevention is their primary focus.
That means, they could be building 10-foot walls around their systems with intruders already inside. In-house security teams might be super-confident in the security measures they’ve put in place. Butthe datasuggests that they’re being too complacent. The study reveals that more than eight in ten businesses experienced more than one data breach last year – even with good security in place.
Criminals are constantly finding ways to evade security. That tells us that we need to take a rounded approach, with strong prevention AND detection policies providing the best protection against today’s determined criminals.
If you need world-class security, get in touch today.
If you employ anyone aged between 16 and 19, you need to pay special attention to the cyber security training you’re giving your team.
A new study has revealed that a host of worrying online behavior has become almost normalized among many young people. And much of this activity is illegal. We’re not talking serious cyber crime such as ransomware attacks or stealing data. But one in three 16 to 19-year-olds have admitted to digital piracy;and a quarter have tracked or trolled someone online. Most of these behaviors may not directly affect your business. But some are so commonplacethat too many young people view them as apart of everyday life. That’s not something you want them bringing to work. Casual software piracy or illegal downloads on devices used for work could open the door to a massive security breach. The answer is simple: Hold cyber security training for all your employees on a regular basis. This trainingshould: • Highlight the impact of bad onlinebehavior and potential for security breaches • Help everyone understand how this kind of activity can harm people – and your business • Make everyone aware of the scams and attacks that your business is vulnerable to, as well as the part they play in keeping everyone protected • Make the consequences clear for anyone found to be engaging in this behavior If this is something you need some expert help with, it’s what we do. Get in touch. Published with permission from Your Tech Updates.
Another day, another scam. And this is a sneaky one. Cyber criminals are gettingsmarter. Thisrecentmalware threat is unusually smart. It impersonates a highly trusted brand name to get a foot in the door. Targetsreceivea convincing looking email that appears to come from a widely used e-signature platform. Attached to the email isa blank image that’s loaded with empty svg files, which are carefully encoded inside an HTML file attachment (stay with us here). In short, it’s veryclever and it’s tricking its way past a lot of security software. That puts businesses like yours at risk. Because code within the image sends people to a malicious URL. Open the attachment andyou couldunwittingly install malware onto your device – or even your network– which risks exposing your data and leaving you open to a ransomware attack. Recently, there’s been a wave of HTML attachment attacks on small and medium sized businesses, so it’s clear that companies need to take action to stay ahead of the criminals. If you use software to sign documents electronically, double-check that emails are genuine before opening any attachments. There’s a reason why the criminals have chosen to impersonate a trusted name. Taking things a step further, you could block all emails with this type of attachment, to prevent employees from being exposed to scam emails in the first place. If you’d like any further advice, or help implementing extra security measures, get in touch! Published with permission from Your Tech Updates.