As a systems engineer with over ten years of experience, I've had a front row seat to the rapidly accelerating evolution of the cybersecurity landscape, encountering everything from simple phishing emails to sophisticated ransomware like BitLocker. Today, AI scams are becoming more prevalent, more sophisticated and more accessible for bad actors. Major developments in the sophistication of these scams are being made daily and in step with the advancement of the technology that drives it.
Everything from text messaging, voice cloning to highly convincing (but faked) zoom meetings are already here. While it's difficult to prescribe exactly how to detect all of these scams, there are some things everyone can do to help fight against this tech - and it happens to be centered around being more human. Here are the five things I want everyone to know:
- Trust your gut: If something feels off or unnatural, it probably is. Your intuition can be a powerful tool in detecting scams. For example, if a voice message sounds robotic or a video call participant's responses seem delayed or out of sync, it’s a good idea to verify who (or what) you’re interacting with.
- Ask odd questions: LLM based AI still has trouble with some of our easiest human tasks and you can use that to your advantage! Ask questions like “how many R's are in this word” or “can you give me 5 sentences that end in “s”? It sounds silly, but it will let you know they aren't a person very quickly.
- Have a codeword: One of the easiest ways to verify you’re interacting with a person you know, is to have a secret codeword only you two use. While it’s best to set this word while in person together, for remote settings, any codeword is better than none.
- Take a moment to smell the roses: Most scams rely on keeping you distracted while pushing you into making bad decisions which eventually lead to you losing out. Remember, you have the control to stop this at any moment! Hanging up, asking to reschedule an ongoing conversation, and stopping to confirm identities are simple ways to take the power away from the scammer, whether they are human or AI.
- Traditional cyber security is still your best first line of defense: When you need to work on secure data, do it securely at home – and in the rare cases where you can’t, do it over a VPN, tethered to your phone.
And while I have you, there are a handful of things that - AI or not - are critical to do to make sure you stay safe. First and foremost, protect your accounts with a security key and strong authentication making it difficult for unauthorized people to access accounts. Use a password manager for creating and storing strong passwords, avoid reusing passwords and update your existing passwords with some regularity.