Artificial intelligence is changing how we protect ourselves from scams, ID theft, and other crimes. One expert stated that artificial intelligence is the greatest threat to the survival of the human species, even greater than climate change.
Just within the last few weeks, I have experienced or witnessed several instances of AI skulduggery.
Former advice, “Don’t click on a link in an email unless it’s from someone you know.” No longer enough.
Formerly, “Look at the email address of the sender. If, after the @, you see extra letters or numbers, it’s phishing. No longer enough.
Personal Experience – Fake Email
In a recent email, the sender’s address was the exact correct email address of my CPA. It said the link was to a form that I should look at, If it didn’t pertain to me, I could ignore it. A clever way to indirectly give confidence to the recipient.
This was from someone I know, and the email address was correct. I clicked on the link. It went to a webpage that redirected me to another, where I was asked to log in with Microsoft.
I wish I could say I’d been smart enough to get suspicious at that point, but what really happened was that I got fed up. I don’t even know how to log into something with Microsoft. I thought, This is too much trouble. I’ll just phone. The CPAs answered and said they’d been on the phone with tech-support all morning. They were hacked, yet, there was nothing in that email to give us a clue that it was fraudulent.
I called my ID theft insurance carrier to report this. The representative said, “Wait a minute. Are you telling me there were no extra letters after her correct email address?” I said yes. It was news even to the ID theft people.
Personal Experience with Phones
This next incident is really spooky. A technician was coming to my home because my land line was out. AT&T asked my permission to text me about this. I agreed. I did receive a text from the technician telling me he was running ahead of schedule.
I later discovered that, meanwhile, I had received a voice message on my mobile phone that went something like, “This is for AT&T. Please please feel free to click this….” This was not from a person who speaks English as their first language. AT&T would not write, “This is for AT&T,” and they certainly would not write, “please please.”
After the technician finished, I checked voicemails on the landline. I found about six identical voicemails of a man with a heavy foreign accent jabbering something I couldn’t even understand, except for “AT&T.”
The creepiest thing was that these fake voice messages, that showed up on both my phones, only started when I was, in fact, dealing with AT&T, and they stopped when my landline was fixed. It seemed the scammers knew when I was in communication with AT&T.
I spoke to an AT&T agent in the fraud department. He took the time to check the phone number on the fake voicemail against all legitimate numbers for AT&T departments, etc. He found that the fake number differed from a legitimate AT&T number by only one digit. This shouts “artificial intelligence.”
And on It Goes
Even without AI, if you click to “accept all” cookies, lots of information, such your shopping habits, can be shared.
We can no longer rely on land lines or mobile phones to detect and warn us about all possible scams.
What really breaks my heart is that some people might not have the technical inclinations to follow these things. One might be too young or too old. Put a paintbrush in my hand, and I couldn’t make a straight line. Other people have the type of intelligence to create beautiful artworks, but they might struggle with scientific or technical matters. How many of them would suspect a message, “This is for AT&T. Please please feel free to click…”
My Plan
For what it’s worth, I’m trying the following:
- I no longer stay logged in to certain websites, even if I visit them frequently, especially not Google.
- I deleted all cookies from my computer. As I go back to sites, and get requests to set cookies, I will accept the minimum that still lets the site function OK. I will avoid accepting all if possible. (I find this faster than going to each individual site and looking for how to reset my cookie preferences.)
- If I receive an email, voicemail or text with a link, I will contact the sender by other means and make sure they sent it. There might be exceptions if the person is a close friend, relative or business contact, and the message pertains to a subject that we were already discussing.
- We used to think that electronic means of sending things were safer than US mail. For my own comfort level, I’m considering reversing that in some situations. To steal things out of US mail, a human must spend time and effort. On the other hand, a clever AI scheme can steal more kinds of information from millions of people.
- On my social media, I have set my privacy settings to minimize the use of my personal information, including what ads I see. Note: Facebook requires a date of birth for an account, but you can set your privacy so that the date of birth is not shared with others.
This is certainly not intended to be a complete “best practices” list for Internet safety. My focus has been about dangerous links and my own personal comfort level. My tech-support tells me that there are all sorts of safeguards one can use to enhance internet safety in general. You might want to talk to your own tech-support about these.
Pause for Thought
Are you thinking these safety measures take too much time or trouble? They pale in comparison to the time, trouble and financial thievery that can happen with AI.
I hope you all have found this article helpful. My next will be about a happier topic, a new project.