Published: May 14, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
While many schools are concerned with students using AI (artificial intelligence) for assignments, the international world of business should be on high alert too. There are a growing crop of business email compromise (BEC) attacks using AI as a translation tool for their own benefit.
The content of a BEC can easily reach any organization in the world by using the language they speak. Since BEC campaigns have a long history of success, cybercrime groups using AI means these easy and lucrative attacks now have a much larger victim pool to target more effectively.
Prior to using AI for BECs, some of the sure giveaways of a hacker’s email were poor language, bad grammar, and spelling errors. Now, those signs are all fixed with AI, making it more difficult to spot an attack email. Hackers were once limited by their own language skills, but not anymore thanks to AI.
Easy Peasy BECs
The FBI points out that in the past few years, BECs have cost businesses more than $43 billion in damages. These email attacks are so successful because the ease of doing them is undeniable. The BECs don’t carry malware or malicious links, making it much easier to get past most anti-virus solutions and go directly into inboxes.
Doing a bit of social engineering ahead of time makes it possible for a BEC campaign to directly target employees who make wire transfers. Knowing the name of the CEO lets the attackers spoof their identity and legitimacy. Getting the name of the C-Level execs is easy peasy when looking at websites like LinkedIn. Limiting what is posted on this and other social sites limits the information available to would-be attackers. In the case of the BECs, the email appears to be from the CEO, directing a large wire transfer to a particular account, ASAP. In reality, the account belongs to the hacker and the wired funds now belong to them.
Considering the ease of these attacks, it’s also easy to see why adding AI to BECs should concern businesses of all kinds on a global scale. Using AI to expand targets worldwide is getting the attention of additional cybercrime groups with the ease and now sheer volume possible with international BEC campaigns. Organizations everywhere need to boost their security tools to help protect against BECs using AI.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com