Don’t Get Phished

 

Don’t Get Phished

The scammers are using AI to fool you now

Anthony Lawrence (Pcunix)

SECURITY

Fish on a line Adobe Firefly image by author
Fish on a line Adobe Firefly image by author

Aww, you are too smart to get phished, right? Of course you are. Just like a friend of mine who called me saying, “Tony, I think I’ve been hacked. I don’t know why I clicked that link, but I did and they stole my Apple ID password!”

I don’t know why he clicked that link either — he knows better than that. So do I, but truth be told, the other day I almost clicked on a link that supposedly was from USPS about a package that I was expecting and actually was delayed. I had my finger just above the fake link when I thought, “Hold on, I already know it’s delayed. Why would they tell me again?”

I clicked on the From address to see what it really was. Duh, that’s not the USPS. And that’s not the tracking number I looked at before!

Fake mail from USPS, photo by author
Fake mail from USPS, photo by author

On the more amusing side, I have been getting dozens of emails like this for weeks:

Fake iCloud message, photo by author
Fake iCloud message, photo by author

The funniest part is that many are sent to “*to”. Some are sent to one of my legitimate email addresses, but none are actually from Apple — and never would be, because Apple isn’t going to send anything like that.

“Don’t give out your phone number or email address!”

Well, sheesh, how you going to avoid that? People get hacked, sites get hacked; trust me, your info is out there and is often available publicly without any hacking. Mine sure is!

You can use temporary email addresses using iCloud’s Hide My Email in Settings. The spammers will send email to that too. Amusingly, you might get the same fake email sent to one or more of those addresses and your normal address on the same day. That by itself would be a good clue the mail is spam.

The spammers get smarter

Most of these spamming/phishing attempts are pretty weak. You’d need to be half asleep or extremely unaware to get trapped by most of these.

But the senders are now using AI to create their messages.

Think about how much information about you is “out there”. Criminey, even without someone hacking something, I have so many posts on websites and forums after over thirty years on the web that a concerted effort to gather all that by an AI bot would probably tell them more about me than I can remember myself. It could then forge a pretty convincing email either to me or to someone else purportedly from me. That someone else could be someone that knows me and the AI knows that too.

“Hey, Rob, I found this great Apple site that gets you an automatic twenty percent discount until Xmas, but you have to sign up before November 1st. I’m going to upgrade my iPad Pro and my Series 5 watch!”

When you click through, it sure looks like Apple. They even have an AI Chatbot that will help you sign up. Gosh, wasn’t it nice of me to tell you about this site?

Oops. There goes your Apple ID password and a bunch of other stuff with it.

These things can be even worse if you work for a company that has been hacked a little but doesn’t know it yet. You get an email from your boss with a cc to someone you know is working on the project mentioned in the Subject line. It says the boss wants you to assist with the project and needs you to login here to get the project details.

Except “here” isn’t that and you just gave up your work password. Bad oopsie.

Crafting things like this used to require too much effort to make it worthwhile to target someone who isn’t overburdened with too much wealth. Today, this is short work for an AI system perverted to be a master scammer.

One silver lining

Though in some ways, their ease can make it easier for us. Because I have had multiple email addresses over the years and have kept most of them, and because I do use Apple’s Hide My Email, I frequently get multiple instances of the same attempts to scam me. I don’t even have to think twice about those as they are obvious fakes. It’s also not unusual to get multiple scammer emails to one of my addresses because the scammers who build these things sell the addresses and the setup code to other scammers. That helps.

Final words

This stuff is only going to get worse and harder to detect. AI is also being used to break into websites: the image of a wild haired geeking peering at code as he hacks a site is far less likely now than a bank of rack mounted systems humming away day and night probing for weakness.

How ironic would it be if we all had to give up the internet because it becomes completely unsafe because of AI?

Comments

Post a Comment

Popular posts from this blog

Apple Has Fixed More of My Gripes and One of Them is Really Funny

Image
Apple Has Fixed More of My Gripes and One of Them is Really Funny They do pay attention to feedback Photo by  OSPAN ALI  on  Unsplash As much as I am an Apple Fan boy, sheeple, sycophant, fool, or whatever else the Android guys would like to call me, I do have my gripes. Some of my gripes could be fixed by third party apps, some by third party hardware, but I prefer to stay foolishly trapped in the Apple ecosystem as much as I can. Anyway, a little bitching and moaning can be therapeutic, right? A couple of years back I put some of my complaints out into the world. I’m an Apple Fan, Except When I’m Not There goes my Special Sycophant Status In addition to that, I pleaded with Apple at their feedback page. I do that with anything Apple does that annoys me, whether I tell the world or not. You should too. Product Feedback We would love to hear your comments about any of our hardware and software products. Send us your thoughts. And, unbelievably, Apple has fixed, or will soon fix, quite
Read more

I Owe an Apology to Anyone Using Voice Over

Image
  I Owe an Apology to Anyone Using Voice Over Maybe you do as well? Accessibility is important Anthony Lawrence (Pcunix) TECHNOLOGY Safari can show text in photos, Voice Over should read it, but it doesn’t Yesterday I posted an article about Google Bard and made a bad accessibility mistake. I posted screenshots of Bard and ChatGPT rather than pasting in the content. That was sloppy. I want to thank for calling me on my error at “ Your ChatGPT Screenshots Suck ”. I won’t make that mistake again, but it also reminded me to be more aware of Alt Text. Alt Text is important If the text had been short, I could have used the Alt Text option to add what a sighted person can see. Unfortunately, Safari and probably the Web Accessibility Standards only allow a limited amount of explanation in Alt Text. I didn’t think of it anyway, so that wouldn’t have helped. Voice Over should recognize text in photos As shown in the screenshot above, Safari does have a “Show Text” ability. Coincidentally, I onl
Read more

My Great-Grandfather’s Toy Cannon

Image
  My Great-Grandfather’s Toy Cannon I’m not sure that “toy” is the right word, however, that is the word my father and his mother used. Anthony Lawrence (Pcunix) History The “toy” cannon The picture above is a Lawrence family heirloom. I’m not sure that “toy” is the right word, however, that is the word my father and his mother used. I know that it was a gift to Herbert Myron Lawrence, my father’s grandfather. My father gave it to me and I, in turn, have given it to my oldest daughter. HML engraving I do not know how old Herbert was when he received this. He was born in 1851 and died in 1937, which does not identify the time frame of the gift. However, my father did say it was a gift, not something he bought for himself. That could be a misunderstanding. The cannon is engraved with HML initials. One  reference I found  asserts: In fact, toy cannons date back to the American Civil War and before, and not only were they popular toys for children, they were remarkably dangerous. Many of t
Read more