AI Utilized By Cybercriminals For Phishing And Other Fraudulent Activities, PLDT warns.

Philippine telco company PLDT Inc. warns that with the development and growing use of Artificial Intelligence (AI), threat actors can leverage the technology to carry out successful cyber attacks like crafting deceptive and convincing phishing emails. PLDT Chief Information Security Officer Angel Redoble notes that the use of AI allows the crafting of messages that mimic the different writing styles of humans, making them seem authentic. “AI-crafted emails contain more polished, personalized messages that imitate the writing style of humans. They contain authentic-looking visual cues that trick victims into believing that they are reading official messages from their banks or organizations.”

Success Rate of AI-generated Attacks: One In Five People Click on Phishing Emails – SoSafe

According to research done by a German-based cybersecurity group SoSafe, cyberattacks that employ AIs are highly successful, with 78 percent of people opening phishing emails, and 21 percent clicking on the malicious content found in the email such as links or attachments. Furthermore, 65 percent of people reveal personal information through phishing websites. Human-generated phishing messages on the other hand saw the same percentage of open rates (78 percent), and a higher rate of interacting with malicious content (27 percent). Around 60 percent revealed their personal information through the phishing website, which is slightly lower than AI-generated messages. 

CEO and Co-founder of SoSafe, Dr. Niklas Hellemann notes from the report that people do not easily recognize phishing attempts. “…even with these basic AI-generated phishing templates, our data shows that people have difficulties recognizing AI-generated phishing attacks. As the technology advanced with more sophisticated models like Chat GPT-4 as well as scaled personalization, we expect attacks to become even more dangerous.” He adds that “AI can already write better phishing emails than humans, and our data highlights the consequences, with one in five people are already falling for AI-created phishing attacks.”

The research notes that several AI tools can help speed up the process of composing high-quality phishing emails by 40 percent, making large-scale phishing attempts more efficient. “With the emergence of AI-powered ‘large language models’ and the resulting massive increase in scaling potential, the cyber threat landscape continues to intensify,” said Hellemann. 

The PH Has The 2nd Highest Number Of Compromised Accounts In SEA in Q2 – SurfShark

Cybersecurity company Surfshark reports a total of 207,688 compromised accounts for the second quarter of 2023, totaling 124 million accounts since 2004 and making it the country with the second-highest number of breached accounts in Southeast Asia and ranking 20th globally. Surfshark lead researcher notes that “in Asia, 52 accounts are breached per 100 people on average. However, in the Philippines, this number goes up to 106 per 100 people.” she adds that “…an average Filipino has been affected by data breaches around once.”

Hotline and Resources for Reporting Online Scams or Fraudulent Activities:

Advocacy group Scam Watch Pilipinas urges the public to reach out to the 24/7 Inter-Agency Response Center (I-ARC) hotline to report online scams:

• Main Hotline: 1326
• SMART: 0947-714-7105
• GLOBE: 0966-976-5971
• DITO: 0991-481-4225

PSA suggests considering the following recommendations to minimize your exposure to potential bank or other online-related financial cyber scams:

• Understand how potentially serious it is to have your phone stolen or hacked if you use it to access financial accounts. Make sure you can remotely delete your phone or at least reset your financial account passwords if your phone is stolen.
• Do not click on any links allegedly from your bank. Instead, go directly to your bank’s website through a search engine or the bank’s app. Make sure to click the legitimate and official website since in some instances, victims also fall for phishing links and fake sites that were designed to look like the bank’s official website.
• If you receive a call from your bank regarding an allegedly compromised account, consider hanging up and calling the bank directly to verify that it is a legitimate security alert.
• Never share your one-time pin with anyone. Your bank won’t ask for your one-time PIN.
• If you start receiving One Time Pin SMS messages from your bank that you did not request, contact your bank and notify them that your account may have been compromised.
• Make sure to download your online banking applications from a legitimate app store.
• Make purchases online from reputable sellers.
• Monitor your bank accounts for any unauthorized transactions.
• Use long, complex passwords for your accounts and avoid reusing the same passwords for multiple accounts.
• Use a well-respected password manager to store strong and unique passwords. Good password managers make it easy to create and store unique passwords securely.
• Be aware of fake websites that may appear real. These often use the same logo, colors, and layout to appear genuine. Oftentimes, these websites have spelling mistakes as well as unusual URLs.