Stan's World - Security in the world of AI
Many years ago, a former neighbor forwarded me an email she had received. She wondered about the legitimacy of the email, and what actions she should take.
The email she forwarded was allegedly from Nigeria, explaining that she had won a lottery. To collect her winnings, she had to contact the individual who sent her the email.
I asked her if she remembered entering a lottery in Nigeria, and she replied “No.” I then suggested that any reply would trigger a subsequent email requesting a tax that she would have to pay prior to her receiving her winnings and that she would ultimately lose a lot of money and gain nothing in return. To this day, I can only hope she took my advice. Sadly, the quest to separate us from our money has only gotten worse.
To that point, I suspect you may have heard of AI, or artificial intelligence. It’s the next ‘thing,’ destined, or so we’re told, to change the world around us. We’ve all heard the upside is unlimited, with yet unknown advances in medicine and science. While the upside may be unlimited, we’ve already seen AI used to target victims who might fall prey to its more devious side.
Imagine how you’ll react when you receive a phone call from a grandchild, child, sibling, or parent, who explains - in their own voice - that they’re in desperate trouble. They answer your very detailed questions, effectively validating they are who they say they are. This isn’t someone simply trying to imitate your grandson in jail, but your very real relative who needs you. And at least some of your money. Now.
Sadly, it’s not your relative, but a computer-generated voice. A voice that was able to take some words spoken by your relative and convert those words into dialogue. To be clear, we’re dealing with technology that has the capability to research a person’s life and then speak, in his/her own voice, about friends, work, and relatives. This is a technology with the potential ability to deceive you each and every time.
How do they capture someone’s voice? One common way is by getting them to answer a robocall. Have you ever answered a call, said “Hello?” and received no answer? And then said “Hello? Are you there? Who is this?”, waiting for someone to respond? That interaction alone can give a fraudster a good foundation (called a “voiceprint”) to start recreating someone’s voice.
On multiple occasions, we’ve written about steps you can take to minimize the likelihood that you’ll be the victim of a hacker. (We’re happy to share those steps again and again; just ask.) To add to those lists, here are 7 Smart Security Steps as proposed by Consumer Reports1. Please consider adding all to your daily routine.
1. Slow down: The goal of a scammer is to cause panic and to get you to do something in haste that will benefit them and cause you loss. Don’t respond to pop-ups, emails, or texts. Rather, call a person back on your phone, using a number in your contact list. If the message is from a bank or credit card company, go to the company’s website (or a monthly statement) to get their contact number. When it comes to relatives who might ‘call’ as a result of an AI scam, give your family members a code word to use to verify it’s them. If they’re really in trouble, tell them to use that code word so you can confirm the call is legitimate. (And then call them back anyway just to make sure.)
2. Share less of your personal info: If you have a Facebook account, don’t share all your personal information. Scammers can, and will, use it against you (or against one of your relatives).
3. Delete old accounts: The bigger your digital footprint, the greater the odds you’ll be hacked. Delete accounts you rarely use, including bank accounts, investment accounts, and social media – essentially anything that has your contact information and requires login credentials.
4. Allow automatic software updates: Your virus program, for example, can’t help you if you don’t allow upgrades to fight the latest viruses.
5. Double up: When available, use multi-factor authentication. Log into your credit card account online, for example, but include a one-time code that you must enter that is texted to your phone. Using multi-factor authentication can save you from becoming a victim.
6. Stick with safe payment methods: If you pay a hacker with cryptocurrency, money orders, gift cards, or wire transfers, you’ll never get your money back. Credit card charges can be disputed, which is the reason you should use them.
7. Use anti-virus protection: If you’re reading this on a computer without anti-virus protection, stop reading and buy an anti-virus program. McAfee (mcafee.com) and Norton (norton.com) are good places to start.
1 “Scam Protection Guide - 7 Smart Security Steps.” Consumer Reports, Aug. 2023.