Miss the Phish

I received an email last night, that I was pretty sure was phishing, but I wasn't "completely" sure, and it got me thinking how easy it can be to fall for them. Firstly, I was on my phone which makes it harder to verify as formatting is always a little different. But more than that, it was about a delivery, and I have two separate ones I know of on the way.

This is also where they went wrong in some way also, because the post office here informs of deliveries via the app, even if they are going to be delivered through another company. So, I opened the mail so that I could see it in its entirety, and it had my business logo on it. Well, that is now obviously a scam, but for the exercise, I had a look at the links to the company (it is a legit company), however the "change delivery" went to a separate site that looked similar, but all links went back to the same change delivery page. I then visited the actual website.

image.png

image.png

Ultimately, there was a whole lot of wrong, but overall, if in a rush, if excited, if invested in getting the package quickly (or if inexperienced), there was enough right to at least fool some people I am sure. I reckon if my in-laws had received it, even if they weren't expecting a delivery, they would be answering straight away, unquestioningly.

Like everyone, I get phishing email from time to time, but I do think that it is going to get increasingly hard to identify the scam, in a large part to generative AI being able to gather and then structure the emails. In the past, the scammers would use poor quality communication as a filter, because they would send so much and to save time, they only really wanted to trick the idiots, the ones who wouldn't have the alarm bells ringing. This is because if they hooked the others, they would have to spend time with them and they weren't likely to be able to convince the smarter ones much further, so it would be time wasted.

With AI however, there is the benefit of not only being able to produce more believable content, but also sort and service that content, using AI tools to generate replies within guidelines, or even off chatbot ability. This means that the normal points to check for scam will have to change, and the time it takes to uncover the scam will be more laborsome also.

But, while there is money on the table up for grabs, there will be people looking to take it, any way they can. The attacks are going to get increasingly sophisticated and for the most part, they will be a couple steps ahead of the average person all of the time. This means that even as the tools improve, the vectors of approach will shift.

As far as I know, I haven't been heavily compromised or had any actual money taken from me, but I know people who have. After talking with them, most of the time they say there was something telling them it was not above board, but they went ahead anyway. The reason was that like I mentioned above, circumstances aligned, or they were in a rush.

The biggest risk is us.

Because, even when we do have experience, we are not infallible and our attention is often split across multiple targets. We are often not focused, not fully invested in what we are doing, not putting all of our mental power into it, and therefore more prone to making mistakes. This isn't just in terms of falling for phishing scams, but in other aspects of life as well. If we aren't paying attention to the loss of our hard-earned money,

What other opportunities are we missing?

Taraz
[ Gen1: Hive ]

Posted Using InLeo Alpha



0
0
0.000
29 comments
avatar
(Edited)

It's so sad to see these fraudsters becoming more sophisticated alongside technology. Wouldn't it be possible to use AI to detect these scams since that's what scammers have turned to? Even if possible, it's certain that the gullible and the carefree ones will continue to fall prey. It's good you were able to detect the scam email. The only way to stay safe from these is constant enlightenment and carefulness.

0
0
0.000
avatar

Wouldn't it be possible to use AI to detect these scams since that's what scammers have turned to?

It is a weapons race.

0
0
0.000
avatar

And the hackers got more skin in the game to become better than us.

0
0
0.000
avatar

Indeed, deep thinking man

0
0
0.000
avatar

It is good to always have a second and be careful these days, because scammers are on the rise on a daily basis. I'm glad you double checked the mail.

0
0
0.000
avatar

I've seen a massive surge in spam emails and contact form messages to my business website.

AI seems to be winning the war against heuristic spam detectors. It seems to be easier than ever to spoof IP addresses, so blacklisting by IP no longer works well, and AI can solve captchas faster than humans. Once they're through those layers of defence, the AI-generated messages vary enough that heuristic anti-spam software doesn't always (or even often) pick it up.

It's an arms race where AI seems to be playing for both sides.....

0
0
0.000
avatar

It seems to be easier than ever to spoof IP addresses, so blacklisting by IP no longer works well, and AI can solve captchas faster than humans.

What is crazy with the spoofing, is when they are able to use the "same number" as legit company numbers so it appears in the same chain of SMS. Like, what the hell?

0
0
0.000
avatar

My inbox has seen a influx of spam in the last 6 months. Some of it is getting pretty legit.

0
0
0.000
avatar

For the last couple years, my workplace has had a phishing tester that sends emails that look real every few days. It has been a pretty good training.

0
0
0.000
avatar

I was reading you and remembering my terrible episode in March of this year in which they managed to take control of my Hive account for a little over 12 hours I presume it was with a ransomware, the truth is that as you point out sometimes we have to attend to several things at the same time m, misinformation and now with the AI that besides serving to do useful things is also a tool for cheaters.

The truth at that time they had already two or three days trying to access my networks, in fact, I changed several keys and activated two-step verification, but I never thought they would get to my HIVE account, I lost some HBD and also all my tokens, not to mention that my stress level reached the top, my blood pressure went up and I almost did not sleep.

0
0
0.000
avatar

As said, when there is a chance for some money, people will do all kinds of things. The thing with crypto is there is also a lot of anonymity. It has pros and cons.

not to mention that my stress level reached the top, my blood pressure went up and I almost did not sleep.

Hope you recovered.

0
0
0.000
avatar

The truth is that for years I began to suffer from blood pressure, I inherited it and, since the death of my mother, it has been very uncontrolled by stress, among others, it reached episodes in which it is so high that I vomit, it is something that only those who suffer from this understand.

As for the issue of cryptos and cybersecurity, we must be alert and very informed because every day they invent something new to catch victims.

0
0
0.000
avatar

I think the only time I can remember getting taken was there was an ad on Facebook for some camping chairs we wanted. It seemed legit, but ultimately they took our money and ran. I should have known better!

0
0
0.000
avatar

I have been done once like that also - for a kitchen light. A different kind of scam, because it is coming through a site with "verified" accounts.

0
0
0.000
avatar

Yeah, for sure. Everything on mine looked legit. I even got tracking information, but the items just sat in Shanghai for ever.

0
0
0.000
avatar

One guy just lost $39 million in ETH this week due to a wrong click. Crazy. It was a thing called AngelX that can mirror DApps, used to create hundred fake ups in just few days.

0
0
0.000
avatar

Fuck.

0
0
0.000
avatar

Well, the WalletConnect app on PlayStore on Google was a fake one for 4 months, 1000+ users downloaded it.

0
0
0.000
avatar

Being in IT, I was already vigilant against spam and phishing. When I started my crypto journey and heard of all the hacks and dangers that come with it, I pretty much avoided clicking any links. I have been better at finding faults like the incorrect name, URL, etc. With AI, I do think these bad actors and their methods will only get harder from here.

0
0
0.000
avatar

It is going to get messy. People seem to only imagine all the "good" AI can do for them by making their lives easier, without considering what a bad actor will do with it.

0
0
0.000
avatar

I think with new technology, that will always be the case. If we can't imagine the good it can do, then why bother developing it. As with any tool, there is the possibility of it being used for bad things.

0
0
0.000
avatar

I would not even open suspicious emails or the ones I don’t expect.

0
0
0.000
avatar

Yeah, it can also be dangerous. I sometimes send them to my IT department to have a look at them in a secure sandbox.

0
0
0.000
avatar

A few days ago I got a lot of calls from unknown numbers. 6 or 7 calls kept coming one after other. All with different numbers. Good thing that I don't answer unknown numbers. And yesterday I found a setting that should hopefully block all spam calls.

0
0
0.000
avatar

Probably from "investment" companies :D

0
0
0.000
avatar

I honestly like your closing remark, it's a lot to take from. Reading through your article is a reminder to me to get tech savvy because AI being in the scope it's hard to differentiate real from fake.

Just try to recall deep face technology at it's finest, which it is fast approaching, that's a huge factor that can convince anyone, the internet is scary as it is, but nevertheless there would always be loopholes we just have to be trained to see it. The most important thing is focus as you have stated.

0
0
0.000
avatar

Always be skeptical of links, emails and anything that you weren't expecting to arrive.

0
0
0.000
avatar

Phishing emails and scam phone calls are starting to be quite often here. I have decided several months ago, not to answer a call from a phone I don't know and not to open any email with links or attached content unless I know the source.

On the phone, at least you are slightly protected as they need to "get you" with their "story" to try to get info from you, it is clear if you do not answer or keep the conversation with them, there is not much they can so, although last summer I was amazed what I heard from an expert; In Spain, many people answers the phone with a "yes", it is quite common, the same way other countries use "hello". The problem is some scammers are starting to record that "yes" and then they use it to impersonate you on other systems.

When you realize how "professionals" they are becoming, It is sad to think about the old people, and how easily they can be cheated. And as you mention, this is only the beginning. I am starting to feel the only truth you will be able to trust is the one you hear from someone talking in front of you.

0
0
0.000
avatar

not to mention that my stress level reached the top, my blood pressure went up and I almost did not sleep.

I don't answer any international calls, unless they come through my work number, but that is rare.

On the phone, at least you are slightly protected as they need to "get you" with their "story" to try to get info from you,

And a lot of people don't like answering the phone now, because they are "digital natives" who don't need to talk to anyone. I am sure that gullibility has increased.

I am starting to feel the only truth you will be able to trust is the one you hear from someone talking in front of you.

Unless those Tesla robots get really good :)

0
0
0.000