You have been warned \u2014 this nightmare is now real.<\/p>\n
NurPhoto via Getty Images<\/p>\n
Republished on May 18 with additional commentary, advice and resources on defending against these dangerous messages, where normal detection is impossible.<\/p>\n
We were warned<\/a>. Forget looking for telltale signs, the latest set of AI-fueled attacks are so sophisticated you need to check everything to ensure you\u2019re not being attacked. In the last 24-hours, we have seen Gmail and Outlook users warned that malicious emails are now so \u201cperfect<\/a>” that they\u2019re impossible to detect, and that calls which seem to come from people we know, could be a dangerous deception.<\/p>\n That\u2019s the latest warning to come from the FBI<\/a>, after the discovery of \u201can ongoing malicious text and voice messaging campaign.\u201d This has used texts and voice messages purporting to come from \u201csenior U.S. officials,” tricking victims, many of who are also \u201ccurrent or former senior U.S. federal or state government officials and their contacts.\u201d<\/p>\n The bureau\u2019s warning is serious enough that you are now being told: \u201cIf you receive a message claiming to be from a senior U.S. official, do not assume it is authentic.\u201d The goal of the attacks is to steal credentials through links that seem to be message related.<\/p>\n According to Cofense\u2019s Max Gannon, \u201cit is important to note that threat actors can also spoof known phone numbers of trusted organizations or people, adding an extra layer of deception to the attack. Threat actors are increasingly turning to AI to execute phishing attacks, making these scams more convincing and nearly indistinguishable.”<\/p>\n ForbesGoogle Is Deleting All Your Location Data\u2014Do Not Miss DeadlineBy Zak Doffman<\/a><\/p>\n The FBI\u2019s advice is wider ranging than just this latest attack, and links back to its recent warnings<\/a> on the proliferation of AI attacks.<\/p>\n All that said, the FBI acknowledges that \u201cAI-generated content has advanced to the point that it is often difficult to identify.\u201d Sometimes it will just come down to common sense. Is this a call I could reasonably expect, and am I being asked to do something that would advantage a cybercriminal or scammer. Can I deduce what their take might be. How can I hang up and call back using normal channels. How do I verify the caller.<\/p>\n ForbesApple\u2019s iPhone Update\u2014Why You Need To Change Your Messaging AppBy Zak Doffman<\/a><\/p>\n Ryan Sherstobitoff from SecurityScorecard told me \u201cto mitigate these risks, individuals must adopt a heightened sense of skepticism towards unsolicited communications, especially those requesting sensitive information or urging immediate action.\u201d<\/p>\n Often these texts, calls and voice messages lead to a link. This is the attack, which will phish for credentials or trick you into installing malware. \u201cDo not click on any links in an email or text message until you independently confirm the sender\u2019s identity,” the bureau warns. And “never open an email attachment, click on links in messages, or download applications at the request of or from someone you have not verified.\u201d<\/p>\n In the wake of the FBI\u2019s latest warning, ESET\u2019s Jake Moore told me \u201cit\u2019s vital people think with a clear head before responding to messages from unknown sources claiming to be someone they know. But with newer, impressive and evolving technology, it is understandable why people are quicker to let down their guard and assume that seeing is believing. Deepfake technology is now at an incredible level which can even produce flawless videos and audio clips cleverly designed to manipulate victims.\u201d<\/p>\n BeyondTrust\u2019s CTO, Marc Maiffret, told me the latest FBI warning flags the risk that \u201cAI-driven impersonation attacks are rising, targeting both individuals and organizations.\u201d To combat these escalating threats, Maiffret says, \u201crequires human vigilance and strong identity security. Businesses should continue enforcing the principle of least privilege, identity infrastructure monitoring, and securing access to sensitive accounts, you limit what attackers can do\u2014even with stolen credentials.\u201d<\/p>\n ForbesHacking Disaster Warning\u2014Delete All These Emails On Your PCBy Zak Doffman<\/a><\/p>\n Darktrace SVP Nicole Carignan told me \u201cthe fact that attackers are using generative AI to produce deepfake audio, imagery, text messages, and video is a growing concern, as attackers are increasingly using deepfakes to start sophisticated social engineering attacks.\u201d While the FBI has generated headlines given the nature of the deepfakes and the targets, the greater risk \u2014 as also flagged by the bureau \u2014 is financial crime.<\/p>\n A new and perfectly timed report from Help Net Security<\/a> warns \u201cdon\u2019t assume anything is real just because it looks or sounds convincing\u2026 Remember the saying, seeing is believing? We can\u2019t even say that anymore. As long as people rely on what they see and hear as evidence, these attacks will be both effective and difficult to detect.”<\/p>\n\n