There is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem.
The days of phishing attacks rife with spelling and language errors are coming to an end. This is more the reason why you need a great security awareness training (SAT) program to fight back.
No matter how good deepfake and AI phishing attacks are, there are still multiple signs that the incoming message is a phishing scam, and you still need to train your users on what these signs are. No matter how good the message appears to look, there are warning signs. Warning signs include:
- Unexpected and unusual request (you have never been asked to perform before)
- Arrival from a strange origination email address
- Arrival during a strange time (during the night or weekend)
- Message indicates a strong sense of urgency or else you will suffer irreparable harm
- Rogue URL that does not directly point to a legitimate brand website
- Uncomfortable gut feeling about request
- Unexpected, potentially dangerous file attachment
No matter how good the messaging is, the scammer has to communicate the scam. Most of the time, it will involve an unexpected, urgent request for you to do something you have never done before (or at least for the requestor). Any message with these criteria puts you at a higher risk for being involved in a scam, even if it is not a scam. You need to communicate the critical signs of a high-risk email and do it over and over until it becomes a default way of evaluating all messages and becomes a part of your organization’s culture.
They say a picture is worth a thousand words. If so, here are the three biggest signs of a high-risk email, presented graphically:
Yes, deepfakes and AI will make phishing scams more realistic. The old advice about looking out for misspellings, language issues, and strange messaging text still applies, but will be lessening in importance over time. It is more important than ever that users be warned about social engineering attacks and the core phishing signs they must look for.
Defenders, like KnowBe4, are utilizing AI to detect and prevent social engineering attacks. But no technical defense is perfect, and until then, users should be taught how to recognize social engineering attacks, especially in the world of deepfakes and AI. End-user education has never been more important.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.