Ever received an odd looking email from your boss that sounds extremely out of character? It’s likely to be the result of a phishing scam.
According to recent research, around 3.4billion phishing emails are sent every single day. For every 4,200 emails sent, at least one will be a phishing scam.
But, it is about to get a lot more difficult to tell whether an email is a scam or not, according to experts.
The continuous development of AI technologies, means cyber criminals are becoming more and more savvy when it comes to email phishing, which could make it nearly impossible to tell whether an email is real or not.
Paul Mardling, CTO at Redcentric, comments: “AI definitely has scope to increase the effectiveness of cyber-crime, mainly through ‘better’ phishing emails.
“Effectively, it brings a whole new meaning to ‘phishing’, by enabling cyber criminals to automate personalised attacks. By combining the Generative AI technologies with publicly available data sources and large language models criminals have available to them, cyber attackers are able to weaponise these, making scam emails even more indistinguishable from real emails and real people.”
The warnings come ahead of the International AI Safety Summit on 1st and 2nd November, when governments from around the world will be discussing how to mitigate the risks AI brings when it comes to cybersecurity.
So as it becomes increasingly difficult to detect whether an email is a scam or not, what indicators should you be looking out for?
Paul comments: “Whilst AI is making it a lot more difficult to tell whether an email is a scam or not, there are still a few key indicators you can look out for to determine whether it is genuine or not.”
Below, Paul shares his top 5 tips to help you identify whether an email is legitimate, or a scam:
1. It’s ‘too perfectly’ written
“Before AI was used by scammers, it would have been easy to spot a fake email due to the number of grammatical errors it included.
“However, the introduction of AI technologies now means quite the opposite, and the technology will be able to mimic a similar level of spelling mistakes the person who would usually write the email would (e.g your boss. Or, it may be written so perfectly that it seems suspicious.
“Because AI has the ability to mimic content and writing styles so well, it is better to focus on the content of the email and what is being asked of you, rather than how it is written.
“If you are ever unsure if it has been written by AI or not, you can try copying and pasting the content into an AI detector, which will tell you how likely it is to have been written by AI. This of course doesn’t necessarily mean it is a scam, but it will help to determine whether your suspicions are correct.”
2. The message is sent from a public email domain
“No legitimate organisation will send emails from an address that ends ‘@gmail.com’, not even Google.
“Most companies will have their own email domain, for example, genuine emails from Google will read ‘@google.com’.
“If the bit after the @ symbol matches the apparent sender of the email, it’s likely to be legitimate.
“If the email comes from an address that isn’t linked to the sender, it’s almost certainly a scam. If the sender uses a public email domain such as ‘@gmail.com’ then it will almost always be a scam.”
3. The domain name is spelt incorrectly
“If you can see the domain name in an email has clearly been misspelt, it’s likely to be a scam.
“However, the problem is that anyone can buy a domain name. Whilst every domain name must be unique, so unless you’re familiar with the correct domain name, it can be tricky to tell.
“You can try googling the email address of the company to see if the email format that shows up is the same as the one you have received. If it is any different, it’s likely to be a scam.”
4. It includes unexpected attachments or links
“A phishing email will always contain a payload, or include a ‘call to action’. These will usually come in the form of an attachment or link, which will be infected.
“The purpose of these attachments or links is to capture sensitive information, such as login credentials, credit card details, phone numbers and account numbers.
“As soon as you spot these, you know it’s likely to be a scam. It’s vital that you never open an attachment or click on any links within the body of the email, unless you are confident that the message is legitimate. Even then, you should look out for anything unexpected in the attachment or link.”
The message is asking you to act immediately
“Scammers know that most of us don’t act on emails straight away. We will usually receive it, and decide what to do with it later.
“But, the longer you think about something, the more likely you will notice that things don’t seem right.
“If you suspect anything, and you are at work, it’s important you flag it immediately with whoever the email sender is claiming to be (if you know them in person), or share it on Teams or in a text message.
“Even if you can’t work out whether it is a scam or not straight away, returning to the message with a fresh set of eyes might help you to establish whether it’s legitimate or not.”
The post AI is making it impossible to tell whether an email is a scam or not appeared first on HR News.