Angela B. Tech 01.24.2024 23:Jan PM EST

UK Cybersecurity Agency Says Scams Will Be Harder to Detect Due to AI

Cybercriminals are getting more crafty with their tactics when it comes to phishing scams. They are finding more ways to circumvent security measures and with AI, they might even have a higher success rate, according to cybersecurity experts.

Scammers Using AI

Through AI tools like ChatGPT, we can easily create a five-page essay about certain topics or draft a proper email for work. Anyone can do it as long as they know the right prompts to say. Sadly, its accessibility has been exploited by bad actors as well.

The National Cyber Security Centre (NCSC) warned that by using generative AI, bad actors can write more convincing emails and other phishing messages that would convince people to reset their passwords or hand over personal details.

Usually, social engineering or phishing scams can be detected through grammatical errors or other inconsistencies. By drafting these messages using AI tools, these signs will no longer be apparent. With that, the agency says that cyberattacks will "almost certainly" increase in the next two years.

"To 2025, generative AI and large language models will make it difficult for everyone, regardless of their level of cybersecurity understanding," says the agency when it comes to assessing or identifying such malicious attempts from bad actors, as per The Guardian.

By having a tool that can generate a professional-looking email, "lowers the barrier" for cybercriminals and hackers, making it easier even for amateurs. Furthermore, AI tools are not limited to creating messages that can lure victims.

Hackers can also use malware code to train specially created AI models to create new and more effective codes that can avoid security measures, which would be possible by adding factors like potential victims' personal data.

How to Avoid Such Attacks

Even though scam emails may appear more genuine, there are other ways you can determine whether it's a real message from a person or a company. For instance, unprompted emails should earn your suspicion, especially if it's asking you to reset your password.

If it was sent from a familiar company, check your previous messages to see if the email addresses and the format used match. Even with the right grammar and content, there are still emails that can be seen as suspicious.

If someone claims that you won something too good to be true for instance, it's best to just avoid it, especially if there's a link attached to it that's meant to take you to a site to claim your prize. It's most likely malware that will harvest your data.

When you're not careful about these potential attacks, the threat actors might be able to steal your private data to be used for various scams like identity theft or ransomware. Certain links lead to the download of malware that allows hackers to take control of your devices as well.

Aside from avoiding suspicious emails and callers, it's also best to install antivirus software and a firewall for an extra layer of security. It's also advisable to keep your apps, software, and operating systems updated.