The rise of artificial intelligence (AI) has promised to revolutionize various industries, including cybersecurity. However, it has also given rise to a new wave of fraudulent activities perpetrated by individuals with ill intent. GenAI applications, in particular, have become a tool of choice for fraudsters, enabling them to carry out sophisticated phishing attacks.
According to a report by cybersecurity firm SlashNext, there has been an alarming 1,265% increase in malicious phishing emails since the fourth quarter of 2022. Additionally, credential phishing has experienced a 967% rise during the same period. This surge in phishing attacks is attributed to the capabilities of GenAI, which allows fraudsters to create convincing scam messages in the language and tone of the target financial institutions.
Previously, detecting phishing attempts was relatively easier due to the poor grammar and syntax often found in scam messages. However, with the advent of GenAI, scammers can now generate persuasive content that mimics professional communication. Moreover, GenAI is being used not only for phishing but also to create synthetic identities, mimic human voices in scam calls, write malicious code, and automate attacks. The implications for cybersecurity are significant.
To combat this new wave of fraud, companies need to leverage AI themselves to strengthen their defenses. Machine learning (ML), a component of AI, has the ability to continually learn from data and detect unusual behaviors associated with fraudsters. By analyzing usage patterns across billions of devices and phone numbers, AI can identify suspicious activities, such as a sudden change in location or discrepancies between the device and user behavior.
For instance, if a device that was recently used in San Jose, California suddenly shows activity in Prague, Czech Republic, it indicates a potential security breach. AI can analyze such indicators and apply appropriate authentication measures. By risk-scoring devices attempting to log in and adjusting the number of authentication steps accordingly, AI can provide an additional layer of protection.
SIM swaps have emerged as another pressing threat in the cybersecurity landscape. Criminals trick mobile phone service providers into transferring a victim's phone number to their own device, thereby gaining access to sensitive information. AI can detect anomalies in baseline patterns, such as sudden location changes, signaling a potential SIM swap. This prompts the system to increase security measures and heighten safeguards against intrusions.
International Revenue Sharing Fraud (IRSF), also known as 'toll fraud,' is yet another area where AI can contribute to cybersecurity efforts. Fraudsters inundate companies with requests to send SMS messages to phone numbers that charge fraudulent fees. By analyzing phone number behavior and identifying patterns indicative of IRSF attacks, AI can help safeguard businesses against such threats.
Leading cybersecurity vendors and startups are now incorporating AI and ML into their solutions. Companies like CISCO, IBM, and OKTA provide AI-powered tools to combat various types of attacks, including those originating from malicious IP addresses and malware. Startups like BioCatch analyze human behavior to detect anomalies that suggest account takeovers or other fraudulent activities.
When choosing a cybersecurity provider, it is essential to consider their use of AI in fighting AI-powered fraud. The ability of AI to understand the behavior and tactics of fraudsters compared to legitimate users enables risk-scoring of transactions, logins, and sessions. This information assists in differentiating between genuine and fraudulent intentions, informing decisions regarding additional security measures.
In conclusion, AI has introduced new and advanced methods of fraud, particularly through GenAI applications. However, companies can effectively combat these threats by leveraging AI themselves to bolster their cybersecurity defenses. By incorporating machine learning and AI-powered tools, organizations can detect and mitigate fraudulent activities, protecting their digital ecosystems and customers from evolving cyber risks.
