Don’t Get Phished

 

Don’t Get Phished

The scammers are using AI to fool you now

SECURITY

Fish on a line Adobe Firefly image by author
Fish on a line Adobe Firefly image by author

Aww, you are too smart to get phished, right? Of course you are. Just like a friend of mine who called me saying, “Tony, I think I’ve been hacked. I don’t know why I clicked that link, but I did and they stole my Apple ID password!”

I don’t know why he clicked that link either — he knows better than that. So do I, but truth be told, the other day I almost clicked on a link that supposedly was from USPS about a package that I was expecting and actually was delayed. I had my finger just above the fake link when I thought, “Hold on, I already know it’s delayed. Why would they tell me again?”

I clicked on the From address to see what it really was. Duh, that’s not the USPS. And that’s not the tracking number I looked at before!

Fake mail from USPS, photo by author
Fake mail from USPS, photo by author

On the more amusing side, I have been getting dozens of emails like this for weeks:

Fake iCloud message, photo by author
Fake iCloud message, photo by author

The funniest part is that many are sent to “*to”. Some are sent to one of my legitimate email addresses, but none are actually from Apple — and never would be, because Apple isn’t going to send anything like that.

“Don’t give out your phone number or email address!”

Well, sheesh, how you going to avoid that? People get hacked, sites get hacked; trust me, your info is out there and is often available publicly without any hacking. Mine sure is!

You can use temporary email addresses using iCloud’s Hide My Email in Settings. The spammers will send email to that too. Amusingly, you might get the same fake email sent to one or more of those addresses and your normal address on the same day. That by itself would be a good clue the mail is spam.

The spammers get smarter

Most of these spamming/phishing attempts are pretty weak. You’d need to be half asleep or extremely unaware to get trapped by most of these.

But the senders are now using AI to create their messages.

Think about how much information about you is “out there”. Criminey, even without someone hacking something, I have so many posts on websites and forums after over thirty years on the web that a concerted effort to gather all that by an AI bot would probably tell them more about me than I can remember myself. It could then forge a pretty convincing email either to me or to someone else purportedly from me. That someone else could be someone that knows me and the AI knows that too.

“Hey, Rob, I found this great Apple site that gets you an automatic twenty percent discount until Xmas, but you have to sign up before November 1st. I’m going to upgrade my iPad Pro and my Series 5 watch!”

When you click through, it sure looks like Apple. They even have an AI Chatbot that will help you sign up. Gosh, wasn’t it nice of me to tell you about this site?

Oops. There goes your Apple ID password and a bunch of other stuff with it.

These things can be even worse if you work for a company that has been hacked a little but doesn’t know it yet. You get an email from your boss with a cc to someone you know is working on the project mentioned in the Subject line. It says the boss wants you to assist with the project and needs you to login here to get the project details.

Except “here” isn’t that and you just gave up your work password. Bad oopsie.

Crafting things like this used to require too much effort to make it worthwhile to target someone who isn’t overburdened with too much wealth. Today, this is short work for an AI system perverted to be a master scammer.

One silver lining

Though in some ways, their ease can make it easier for us. Because I have had multiple email addresses over the years and have kept most of them, and because I do use Apple’s Hide My Email, I frequently get multiple instances of the same attempts to scam me. I don’t even have to think twice about those as they are obvious fakes. It’s also not unusual to get multiple scammer emails to one of my addresses because the scammers who build these things sell the addresses and the setup code to other scammers. That helps.

Final words

This stuff is only going to get worse and harder to detect. AI is also being used to break into websites: the image of a wild haired geeking peering at code as he hacks a site is far less likely now than a bank of rack mounted systems humming away day and night probing for weakness.

How ironic would it be if we all had to give up the internet because it becomes completely unsafe because of AI?

Comments

Popular posts from this blog

A Telegram From Mark Twain to My Great-Grandfather

My Great-Grandfather’s Toy Cannon

A Major League Ballplayer Who Quoted Shakespeare at the Umpire