Amrit Sinha

AI Email Cybercrime in the Digital Age

By Amrit Sinha:

4/20/2002

A blog featuring student posts about current topics in Cyber Security Policy and Law

AI has become an increasingly valuable tool for businesses, researchers, and individuals. Although AI comes with many benefits, like any improvements to technology, AI is being misused and being used for cybercrime, particularly through email or other such uses. One of the most prevalent forms of cybercrime leveraging AI is through email scams. In this blog post, we’ll explore AI email scams, finding out how they work, common tactics used in cyberattacks, and tips to protect yourself.

Understanding AI Email Scams

AI email scams, also known as AI phishing or AI spear fishing, involves the use of AI algorithms to make convincing and personalized phishing emails. These emails are designed to trick specific receivers into providing sensitive information, such as login info, financial details, or personal data, or to click malicious links or attachments.

This image has an empty alt attribute; its file name is image.png

How AI is Exploited

  1. AI algorithms can make convincing text that looks like human language, allowing cybercriminals to create persuasive emails at a large scale.
  2. By using personalization they will use publicly available data from social media, online profiles, or previous data breaches, AI can customize phishing emails with specific details about the recipient, such as their name, or recent activities, making the emails appear more legitimate and trustworthy. Basically using their own informational against them.
  3. AI tools can also mimic the email addresses of trusted organizations or individuals, making it difficult for recipients to discern between genuine and fake emails.

Cybercriminals Can leverage AI in various ways to enhance the effectiveness of their email scams:

Common Tactics

AI Email Scam Examples

  1. Scammers often make a sense of urgency or fear in the emails, making recipients to take immediate action, such as resetting passwords due to a security breach or verifying account details.
  2. Phishing emails may promise rewards, discounts, or offers to lure the recipients into clicking on the links or providing information.
  3. Cybercriminals can impersonate trusted entities, such as banks, government agencies, or well known companies, to gain the trust of recipients and deceive them into requests.

Recently, a large corporation fell victim to an AI email scam that targeted its employees. The cybercriminals used AI algorithms to impersonate the company’s CEO, making a convincing email that appeared genuine and urgent. The emails instructed employees to transfer funds to a account for an time sensitive investment opportunity.

This image has an empty alt attribute; its file name is image-1.png

Despite the company’s cybersecurity measures, several employees still somehow fell victim to this convincing scam, resulting in large financial losses. Forensic analysis later revealed AI technology in making the fraudulent emails, giving proof of how email scams are evolving du to AI.

Protecting Yourself

  1. Verify Sender Identities
  2. Exercise Caution
  3. Stay Informed
  4. Use Security Software
  5. Report Suspicious Activity

Conclusion

AI email scams are now a significant threat to individuals and organizations worldwide, advanced technology is being produced to deceive unsuspecting individuals. By figuring out how these scams work, finding common tactics used by cybercriminals, and finding cybersecurity measures we can help protect ourselves against these attacks.

Works Cited

  1. Internet Crime Complaint Center (IC3). Federal Bureau of Investigation, https://www.ic3.gov/.
  2. Cybersecurity and Infrastructure Security Agency (CISA). Department of Homeland Security, https://www.cisa.gov/.
  3. Symantec Security Response. Symantec Corporation, https://www.symantec.com/security-center.
  4. Krebs, Brian. “Krebs on Security.” Krebs on Security, https://krebsonsecurity.com/.
  5. Proofpoint Threat Research. Proofpoint, Inc., https://www.proofpoint.com/us/threat-research.
  6. Anti-Phishing Working Group (APWG). APWG, https://apwg.org/.
  7. CNN. “Deepfake CEO Scam Hits UK Energy Firm, costing $14 Million.” CNN, 4 Feb. 2024, https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html.