Phishing, deep fake audio and video attacks are becoming much more sophisticated. Cyber criminals posing as a trustworthy entity to trick people into revealing their private, sensitive or confidential information. They use the stolen information to steal identities to empty bank accounts, commit illicit or illegal actions or blackmail people. Ransomware attacks commence by compromising humans with a phishing email.
@BrianHay discusses with @johndimitropoulos the role of AI in exacerbating the risks but also about the significance of building resilience around such threats, validating information and having secondary controls for authentication.
#cybersecurity #phishing #ransomware #libertyitconsultinggroup
Phishing happens daily and to the best of us. Here’s what to do https://youtu.be/8PTZMZ0T0sc
John:
My next question is going to be about phishing attacks. We hear this term phishing. So, in essence, what phishing is all about is about tricking an individual in revealing sensitive information to someone who’s posing as a trustworthy entity. I was recently browsing through my emails, I was on a train actually going through my emails, I was in my inbox and I saw an email pop up in my inbox and that email was, to my surprise, from myself. Now you can imagine how I felt when I saw that and of course the immediate reaction was panic. And I jumped online and changed all my passwords, which I thought it was the right thing to do. But it was really, really concerning. Yeah. Are the attacks getting more and more sophisticated and, uh, what’s, what’s an example of something really clever that you’ve seen?
Brian Hay:
Yeah, I was predicting this for a few years and we’re starting to see it now, deep fake audio and video attacks. So it started to become more common. We haven’t seen a lot in this country yet, but it’s going to happen. It’s going to happen fast. So, you receive a message, or a video recorded message of a person that you know, that you trust, maybe in a position of authority, directing you to perform a task. The problem is, is that video and that voice, it’s their face, it’s their voice, but it’s artificially generated. It’s not them actually saying it. So, I think deep fake audio and video is going to be something we’re going to be confronted with. And the tsunami is coming and it’s going to be rapidly acquired and adopted by a lot of the criminals. So watch out for that space. So from a personal perspective, for example, what we’re seeing in the United States at the moment are parents and grandparents receiving messages from their children saying they’re in a spot of bother. Can you urgently transfer some money into this Bitcoin wallet? Okay. How do we build resilience around that? We need to always think about validation. Okay. We got to question all of our technology. Don’t take it for granted. It used to be what you see, you believe. Well, what you see, you must question. So for families, have a safe word. Okay. Mom, dad, I’m traveling overseas. If I need some money, I will give you the safe word. It could be abracadabra, whatever it is. They work it out for themselves. So such communication is the validation process. If you’re in a corporate situation, get on the phone and clarify with someone. Question, seek a secondary authentication process before you transfer, as one company did, $35 million on the basis of a deepfake audio. Wow. $35 million out the door, lost that organization forever. So deepfake audio and video technology, it’s here, it’s coming, and it is going to be a headache we’re going to have to deal with.
John:
It really is frightening. Um, I mean, I’ve fallen victim to, uh, to attacks. Um, thankfully it wasn’t a lot of money, but, um, I am IT literate, but there is, uh, there are a lot of people out there who are not, perhaps they don’t have a technology background like we do. And it’s so easy for them to be fooled into either releasing personal information about themselves or money. Yeah, it is. Thankfully the banks in Australia have done the right thing and they compensate you to a level and they work with consumers to recover some of the money that are lost, particularly if you’re using a credit card but I think there’s a lot more that can be done.
Brian Hay:
Yeah, it is. I think we rely upon others to do things for us sometimes. I think as a nation, we have to accept responsibility for our own actions, and we have to take on the responsibility to learn and understand the skills required to defend ourselves and our loved ones. Phishing is our number one threat. Even with ransomware, 90%, it’s been cited recently, 91% of all ransomware attacks commence actually by compromising human with a phishing email. If we look at some of the biggest breaches recently, it all comes back to people being compromised or a poor culture. We go into organizations and people, if you ask them, how do you rate yourself and your ability to detect every phishing email? The average score is seven out of 10. They know they’re not perfect, but there’s a high desire to acquire those skills. Guess what? Every one of us can. We can get that skill base up to 10 out of 10, but I have a golden rule, and the golden rule is very simple. If you’re not sure about your own skill level, follow the golden rule. That golden rule is you’ll never click on a hyperlink or a button in an unsolicited email. If you could be disciplined to follow that simple golden rule, you’ll never fall for a phishing attack. Yeah. Very simple. But we think we’ve sold this puppy that is the internet to the Australian public on the basis of, yeah, get involved, become a digital citizen. It’s great. It’s safe. It’s great. You can have a ball. No one ever wanted to talk about. And the crooks, of course, were sitting in the background, so rubbing their hands together, let’s take advantage of this. But we got to catch up.
