FBI releases PSA warning about all the ways that cybercriminials are using AI to commit fraud on a larger scale and to increase the success of their scams.
-
FBI releases PSA warning about all the ways that cybercriminals are using AI to commit fraud on a larger scale and to increase the success of their scams. The advisory warns about deepfaked videos and voice calls, as well as AI generated profile images to impersonate people.
Among their recommendations:
-Create a secret word or phrase with your family to verify their identity.
-Look for subtle imperfections in images and videos, such as distorted hands or feet, unrealistic teeth or eyes, indistinct or irregular faces, unrealistic accessories such as glasses or jewelry, inaccurate shadows, watermarks, lag time, voice matching, and unrealistic movements.
-Listen closely to the tone and word choice to distinguish between a legitimate phone call from a loved one and an AI-generated vocal cloning.
-If possible, limit online content of your image or voice, make social media accounts private, and limit followers to people you know to minimize fraudsters' capabilities to use generative AI software to create fraudulent identities for social engineering.
-Verify the identity of the person calling you by hanging up the phone, researching the contact of the bank or organization purporting to call you, and call the phone number directly.
-Never share sensitive information with people you have met only online or over the phone.
-Do not send money, gift cards, cryptocurrency, or other assets to people you do not know or have met only online or over the phone.
-
I would add to this list is something I have tried to do with those in my immediate orbit who need a little more help against scams and spams: Set their phone so that incoming calls are limited to people on their contacts list; all the rest go to voicemail. At this point, we are way beyond expecting everyone to be experts at spotting fake this or that.
-
@briankrebs I wish I could make the recommendations at the bottom part of a quiz for all incoming and returning students who are attending courses after they graduate high school. Thanks for sharing!
-
having my 87 yr old mother only answer calls from her contacts and letting others leave messages has been a boon. further, i have access to her voicemail and email, so if she's even somewhat unsure of a message or email, she texts me and i vet it.
totally worth the hassle in piece of mind to me.
-
@briankrebs This is a good idea, except for those of us with cell services that often delay getting voicemail for many days (hello, visible.com!).
-
Do not give social media correct information. Give it BS.
Case in point: when Facebook began hammering everyone to tell them where they were from and who they worked for, it pissed me off. I gave it garbage input.
Years later it paid off in telling me when a coworker would research me. Oh, I never knew you were originally from Alaska and worked at Disney, they might say. And bingo! They'd reveal themselves as the workplace gossip.
Guessing it will help with identifying scams.
-
@MyWoolyMastadon @briankrebs I totally agree but as someone who started resistance lying 25 years ago let me say that it gets progressively harder to keep track of qualifying 'security' answers as the technological vice grip tightens. Take notes for future you. At this point a birthday and mothers maiden name I gave offhandedly in 1997 has become my internet standard. Same thing with software licenses to a made-up random acronym. I don't think I could tell the truth now if I wanted to.
-
Hahaha. I did the same thing some ten years ago with a birthday. Nearly lost access to my Playstation account because of it. Finally did lose access when I switched internet providers and the email address that went with it.
But I'm most concerned with social media. That's what truly gets scraped to get the names of kids, your hometown, your past schools, etc. People put out too much real information and that's what gets them to be an open target to scams.
-
@MyWoolyMastadon @Tarnport This happened to my Fakebook account, which sadly had all of my Oculus games tied to it. One day, FB just decided my account was fake (which it was), and summarily deleted it. They did this around the time they stopped accepting Oculus logins and required users to login with their FB accounts. Lost several hundred dollars worth of games, and basically made their headset a heavy paperweight.
-
@DavidGoldfield @briankrebs I'm curious. Can people still get those voicemails so they can respond to extra numbers from doctor offices etc that way?
-
@sapphireangel @DavidGoldfield I mean, if they have voicemail, sure. Also, you can just add the dr's office or whatever to their contacts
