At Freedom Energy we prioritize cyber security and educate our team on staying vigilant against cyber threats. One of the challenges we face is the emergence of Generative AI, which can make these attacks more sophisticated by mimicking the style and tone of the target.
Generative AI learns from large amounts of data to generate new content, such as images and texts. It can also be used maliciously to create fake articles, deepfakes, or phishing emails. It can analyze online posts or emails of a public figure or a high-level executive and learn their communication style. Then it can create phishing emails that sound like they are written by that person or mimic a company’s branding and wording.
Phishing is one of the most common cyber-attacks and involves sending fraudulent emails to trick recipients into revealing sensitive information like login credentials, credit card numbers, or other sensitive details. These malicious emails try to look like they come from a trusted source and are disguised as being sent by a colleague, friend, or organization. Though when users look closely there are clues to help give away that an email or message is not genuine; and, usually include spelling errors, grammatical mistakes, or unusual requests.
Generative AI can make phishing emails harder to detect by creating texts that match the style and tone of the target person or company. A Generative AI model can analyze online posts, articles, or emails of a public figure or a high-level executive and learn how they write and communicate. It can create phishing emails that sound like they are written by that person. It can also mimic the branding and wording of a company and create phishing emails which look like they are sent by that company.
These phishing emails can be more persuasive and tailored to the recipient by using the context and tone of the communication. If an attacker has access to the previous emails that the target has sent, then the model can be fed the content and use them to craft a personalized message that appeals to the target’s interests or emotions. The goal is to make the recipient feel more comfortable and confident to click on a link or follow through on a task.
Phishing attacks can be carried out in different ways by cyber criminals. Some of them may write their own code or buy scripts that are already created. Others may pay for software that is designed for specific websites or platforms. There is also a concept called Phishing As A Service (PaaS), where cyber criminals offer their skills and tools to implement attacks for others who pay them.
To prevent phishing attacks using Generative AI, we need to be aware of the potential risks and take some precautions.
Here are some tips that we follow at Freedom:
- We always check the sender’s email address and domain name carefully before opening any email or clicking on any link.
- We never provide our personal or financial information in response to an email request without verifying the source.
- We always use strong passwords and recommend using passphrases.
- We use multi-factor authentication whenever possible.
- We report any suspicious email to our IT department.
By following these steps, we can protect ourselves and our company from phishing attacks using Generative AI. Cyber security is a community effort, and we must always be alert.
Freedom Energy is committed to keeping our company secure and educating our employees on cyber security best practices.