I was quoted in the article, 7 guidelines for identifying and mitigating AI-enabled phishing campaigns as published by CSO Online on 3/20/2023. Below were my contributed thoughts on the matter:
It seems not very long ago you could easily identify a malicious email from its poor grammar, but recently we are seeing more and more convincing emails that can trick you even if you are watching out for them. Especially when it happens to be timed with an event like an actual loan, doctor appointment, or recent purchase. While it could be those trying to trick you are just getting better at it, the power of AI tools is sure to make it much harder in the weeks and months to come. Very well worded messages can be convincing and matching the look and feel of official correspondence may also become very easy to mimic.
Even if you apply for a loan today and get an email from your bank within the hour, you must be suspicious. Organizations most susceptible to being spoofed in phishing attacks are the most sensitive to the risk and so your bank, the IRS, your doctor, etc. should never be sending emails asking you to “click”.
It should be every consumer’s first response to visit the organization directly and look for a message versus clicking on a link. With AI tools in the hands of those looking to trick you, convincing emails and fake websites designed to steal your information will get better, and likely more prevalent as a result.Bob Kelly, March 2023