Social engineering has long become an effective tactic of how it focuses on human vulnerabilities. There is no guessing the password “Senchra and Pray”. No squeezing systems for unprocessed software. Instead, it simply relies on manipulation of emotions such as trust, fear and respect for power, usually to access sensitive information or protected systems.
Traditionally, this meant the study and manually manually the individual goals that occupied time and resources. However, the appearance of AI now allowed Run social engineering attacks Out -of -scale, on scale and often without psychological examination. This article will consider five ways that AI forces a new wave of social engineering attacks.
Audio Deepfake, which may have influenced the election to Slovakia
In front of the Slovak parliamentary elections in 2023 a record appeared in which the candidate for the candidate Michal Simekki appeared in a conversation with the famous journalist Monik Todova. The two -minute part of the audio included a discussion on the purchase of votes and raising beer prices.
After distributing the Internet, the conversation was discovered by fake, with the words spoken by the speakers.
However, Deepfake came out a few days before the election. This made many wonder whether the II influenced the result, and contributed to the progressive party of Slovakia Michal Simeka, who came to second place.
A video call of $ 25 million that was not
In February 2024, reports of an attack on the social engineering on the financial worker in the transnational ARUP appeared. They were present on the Internet, with whom they considered them a financial director and other colleagues.
During the Videocall, the financial employee was asked to transfer $ 25 million. Considering that the request came from the actual financial director, the employee executed the instructions and completed the deal.
Initially, they reportedly received an invitation to an e -mail meeting, which made them suspicious of being the goal of phishing attack. However, seeing personal funding and colleagues, the trust was restored.
The only problem was that the worker was the only real person. Each second participant was created digitally using Deepfake technology, and money goes to the scammers’ account.
Demand for ransom for $ 1 million on daughter
Many of us got random SMS that start with the variation “Hi Mom/Dad, this is my new number. Can you transfer the money to my new account, please? When getting in text form easier to step back and think:” or think: “or think Really this message? “But what if you call and hear a person and get to know their voice? And what if it sounds as if they were abducted?
Here’s what happened to the mother who testified in the US Senate in 2023 about the risks of the crime. She called what it sounded as it was from her 15-year-old daughter. Answering that she heard the words: “Mom, these bad people,” after which a male voice that threatens to act on a number of terrible threats, unless paid a ransom of $ 1 million.
The mother is overflowing with panic, shock and urgency that she had heard until it turned out that the call was made with the help of a voted voice.
Fake chat -bot that harvests users and passwords
Facebook says: “If you receive a suspicious email or message that claims to be with Facebook, click no links and attachments.” However, the attackers of social engineering still get results using this tactic.
They can play people’s fear of losing access to their account by asking them to press a malicious connection and refer to a fake ban. Can they send the link with the question “Is you in this video?” and causes a natural sense of curiosity, care and desire to press.
Now the attackers add another layer to this type of social engineering attack in the form of Batbats working on AI. Users get an electronic message that pretends to be with Facebook, threatening to close your account. Clicking the “Return here” will open a chatbot, which asks for user and password. Support window is the Facebook brand, and the live interaction comes to “act now”, which adds the relevance of the attack.
“Put
As they say, the first sacrifice of the war is true. This is just that from the II, the truth can now be digitized. In 2022, The fake video seemed to show President Zelensky Calling on the Ukrainians to surrender and stop fighting in the war against Russia. The record came out in Ukraine24, a television station that was hacked and then shared on the Internet.
 |
| By -president Zelensky Deepfake video with differences in skin tone and neck |
Many media reports emphasized that the video contained too many mistakes to believe widely. This includes the president’s head that is too big for the body, and is located at an unnatural angle.
Although we are still in the early days for II in social engineering, these types of video are often enough to at least make people stop and think: “What if it was true?” Sometimes adding an element of doubt to the authenticity of the enemy is everything you need to win.
AI raises social engineering to the next level: how to respond
A big problem for organizations is that social engineering attacks emotions and causes the thoughts that make us all people. After all, we used to trust our eyes and ears, and we want to believe what we are being told. These are natural instincts that cannot simply deactivate, lower or place behind the firewall.
Add the lift II, and it is clear that these attacks will continue to appear, develop and expand in volume, variety and speed.
That is why we need to look at the staff training to control and manage their reaction after receiving an unusual or unexpected request. Encouraging people to stop and think before completing what they are asked to do. Showing them how social engineering attack looks like, and most importantly, feels in practice. So no matter how fast the II develops, we can turn labor into the first line of defense.
Here is a 3-point action plan that you can use to start:
- Talk about these cases your employees and colleagues and teach them specifically against threaten Geepfake – To enhance awareness and study how (and should) respond.
- Set up some social engineering modeling for your employees – Thus, they can experience common emotional manipulation methods and recognize their natural instincts, as in the real attack.
- View your organizational defense, bill permits and privileges – To understand the movements of the potential threat when they get initial access.
