Cybercriminals are using AI to carry out various cyber attacks including password cracking, phishing emails, impersonation and deepfakes. It’s important you understand how cybercriminals are using AI to their advantage so you can better protect yourself and family, as well as your accounts and data.
Continue reading to learn about AI-enabled cyber attacks and what you can do to keep yourself safe.
What Is Artificial Intelligence (AI)?
Artificial intelligence is a type of technology that mimics human intelligence. AI is essentially what helps computers do things without needing the assistance of a human, such as recognizing patterns, making decisions and solving problems. Some AI tools you may be aware of are large language models like ChatGPT.
How AI Is Being Used by Cybercriminals
Here are a few of the ways cybercriminals are leveraging AI to launch cyber attacks.
AI password cracking
Password cracking is a technique used by cybercriminals to crack passwords. Cybercriminals often do this with password-cracking programs that use variations of commonly-used passwords or dictionary words and attempt every possible combination until they successfully crack a password. This is also known as a brute force attack.
Recently, a report by Home Security Heroes revealed that AI can easily crack commonly-used passwords. This is a major security risk to those who don’t use strong passwords for their accounts. The report experimented with an AI-powered password-cracking tool called PassGAN on more than 15 million commonly-used passwords. The report found that 51% of commonly-used passwords can be cracked in under a minute, 65% can be cracked in an hour, 71% in a day and 81% in a month.
AI-generated phishing emails
Phishing is a type of social engineering attack that attempts to trick the targeted victim into revealing sensitive information. Phishing emails used to be easy to spot because they had frequent grammatical errors and spelling mistakes, but AI is now making it easy for cybercriminals to generate well-written, convincing content for phishing scams. Instead of writing their own phishing emails or text messages, cybercriminals are leveraging AI to write the scams for them. For example, phishing emails generated by AI can mimic the tone of legitimate emails, along with language and style. This makes the scam more believable. Cybercriminals are also able to use AI to personalize emails based on data it gathers from the internet or information they feed it.
AI impersonation has become increasingly common when cybercriminals are carrying out vishing scams. Vishing is a type of phishing scam that occurs through a phone call. To carry out a vishing attack, a cybercriminal calls their target and pretends to be someone the victim knows like a coworker, friend or family member.
Because AI algorithms can analyze large amounts of data, they can create a fake persona from it. Through a technique called synthesis, a cybercriminal can go as far as impersonating someone’s voice with the help of AI. It does this by analyzing the person’s voice from audio and video recordings, then generating speech that sounds exactly like the individual it’s impersonating.
These vishing scams have become increasingly common as AI continues to become more sophisticated.
Deepfakes are fake forms of media created with AI in which a person’s face or body has been altered to make them look like someone they’re not. Deepfakes are often used maliciously as a way to spread false information. Although deepfakes have been around for a while, as technology advances it has become almost impossible to spot them. Even law officials are struggling to detect deepfakes.
How To Stay Safe From AI-Enabled Cyber Attacks
Here are a few of the ways you can stay safe from AI-enabled cyber attacks.
Secure your accounts
To protect your data from becoming compromised, the one thing you should already have in place is strong security on your accounts. This means using strong, unique passwords and having Multi-Factor Authentication (MFA) enabled wherever it’s allowed.
Strong passwords should never be reused, be at least 16 characters long, have upper and lowercase letters and include numbers and symbols. Coming up with strong passwords can be a hassle to do on your own, but you can use a password manager to create and manage them for you.
Password managers are tools that aid users in generating, managing and securely storing passwords. The best password managers can store your passkeys as well. The only password you’ll need to remember is your master password, which acts as the key to enter your vault.
Multi-factor authentication is an extra layer of security you should add to your accounts. When MFA is enabled, a user cannot successfully log in to their account without verifying who they are through a chosen verification method such as an authenticator app.
Don’t respond to requests for personal information
The goal of phishing scams is to get you to reveal personal information that cybercriminals can then use to access your accounts or steal your money. Since phishing scams can occur through email, phone calls or text messages, it’s important that you’re always cautious about the information you share.
For example, if you receive an email that claims to be from your bank and it asks to confirm sensitive information like your card number, don’t be so quick to trust it. Most companies will not contact you requesting personal information out of the blue. Before fulfilling a request for personal information, contact the company or person directly to confirm it’s really them. When contacting a company, make sure you get their phone number from the actual company website.
Don’t click on unsolicited links or attachments
Common phishing scams will also try to get you to click on malicious links or attachments. If you receive links and attachments that are unsolicited, it’s best to not click on them. Clicking on them may trigger a malware infection that places all of your sensitive data at risk of being compromised.
Back up your data regularly
Any data that is stored on your devices should always be backed up. Not only is this a cybersecurity best practice, but it also protects your data in the event that your device is stolen, lost or damaged. If your device were to become infected with malware, it would also protect you from losing your data permanently.
We recommend storing your data using an encrypted service. An added benefit to some password managers is that they’ll store more than just passwords. For example, Keeper Password Manager offers a Secure File Storage add-on that saves all types of data including files and images. All the data that is stored here is encrypted and can only be accessed by the user. Regularly backing up your data with a service like Secure File Storage protects your data from getting into the wrong hands.
Keep your software and devices up to date
Another cybersecurity best practice you should be following is updating your software and devices as soon as a new update is available. Not only do updates contain new features, but software updates also patch security flaws and vulnerabilities that can be exploited if not updated immediately. Cybercriminals often look for these vulnerabilities and will use them to their advantage to successfully attack unsuspecting users.
Create a safe word with your family
Due to the increasing AI vishing scams, it’s recommended that you create a safe word with your family. Some of these scams have been targeting older generations to convince them that the person who is calling is their grandchild. They typically use scenarios like being in a car crash or in jail and needing money. If you create a safe word with your family, you’ll know immediately if the person calling is really your family member in need of help or actually a scammer.
Stay Protected From AI Cyber Attacks
While the rapid innovation of AI is helpful for certain tasks, it also poses a major risk to your cybersecurity. It’s important that you are keeping up to date with all the latest AI cyber attacks and following cybersecurity best practices. Doing this will prevent you from falling victim to these cyber attacks that can lead to account compromise, financial loss and a stolen identity.
Start a free 30-day trial of Keeper Password Manager to start securing your accounts from AI-enabled cyber attacks.