CYBERSECURITY: Understanding AI-Powered Social Engineering

Ted Shin | Information Security Officer/VP | Customer Education

A Threat to Bank Customers

As we navigate the digital age, the 2024 Cybersecurity Awareness Month brings a crucial theme to the forefront: "Stay Secure, Stay Smart." This year's focus is on the growing sophistication of social engineering attacks, particularly those leveraging artificial intelligence (AI). For bank customers, understanding these threats is paramount to safeguarding your financial and personal information.

What is AI-Powered Social Engineering?

Social engineering attacks exploit human psychology to trick individuals into divulging confidential information or performing actions compromising security. With the advent of AI, these attacks have become more advanced and harder to detect. AI-powered tools can analyze vast amounts of data, learn behavioral patterns, and craft highly convincing messages tailored to the target.

How AI Enhances Social Engineering Attacks

• Personalized Phishing Emails: AI can generate sophisticated phishing emails that mimic the writing style of trusted contacts or companies, making them exceedingly difficult to identify as fraudulent.
• Deepfake Technology: AI can create realistic audio and video deepfakes, impersonating voices and appearances with alarming accuracy. Cybercriminals use these to pose as bank representatives or loved ones in distress.
• Automated Attacks: AI can automate and scale attacks, targeting numerous individuals simultaneously while customizing each attack to increase the likelihood of success.

Real-World Examples

One notable case involved an AI-generated deep fake of a company's CEO instructing a senior executive to transfer a significant amount of money to a fraudulent account. The AI's ability to convincingly replicate the CEO's voice led to substantial financial loss.

Additionally, AI-generated images have been employed in fraudulent schemes. For instance, cybercriminals can create realistic but fake images of company executives in compromising or urgent situations, which are then used to manipulate employees into following unauthorized directives. These images can be so convincing that they bypass typical security measures and exploit employees' trust in visual evidence.

How to Protect Yourself

Awareness and vigilance are your best defenses against these sophisticated threats. Here are some steps you can take:

• Verify Requests: Always verify any requests for sensitive information or financial transactions through an independent method, such as calling the individual or company directly using a known number.
• Be Skeptical: Treat unsolicited communications cautiously, especially those that create a sense of urgency or fear. Look out for subtle cues that may indicate a phishing attempt.
• Use Multi-Factor Authentication (MFA): Enable MFA for all your financial accounts. This action adds an extra layer of security, making it more difficult for attackers to gain access even if they obtain your password.
• Regularly Update Software: Ensure your devices and applications are updated with the latest security patches to protect against known vulnerabilities.
• Educate Yourself: Stay informed about the latest cyber threats and best practices by participating in security awareness programs and following trusted sources of information.

As AI advances, cybercriminals' techniques will also develop. You can protect yourself against AI-powered social engineering attacks by staying informed and practicing good cybersecurity hygiene. Remember, in the words of the 2024 Cybersecurity Awareness Month theme, "Stay Secure, Stay Smart."