April Cybersecurity Awareness Tip: AI, social engineering, and you

Social engineering uses tactics like fear to manipulate people into sharing confidential information.

Remember the Nigerian Prince scam emails from years ago? Back then, it was easy to identify fake emails based on poor grammar.

These days it’s not so simple.

Artificial Intelligence (AI) elevates social engineering risks. It makes it harder to detect malicious emails. What we took for granted, we no longer can.

Hybrid work arrangements, remote teams and increased information sharing are all culprits. We’re spending more time online, and cybercriminals are taking advantage.

They leverage AI to trick us into sharing confidential data, both at Yale and at home including:

• Persuasive Content – Non-native speakers skirt grammar and spelling errors thanks to AI bots like ChatGPT. Given prompts, bots can write realistic-sounding content. Error-free content can get by spam filters, often making it to your inbox where it’s hard to detect.
• Personalized phishing attack –AI bots assist criminals by creating fake accounts. They can mine social media accounts for data to be used against you in emails. They identify communication styles and emotional triggers that resonate with you.
• Deepfake creation: – AI Bots can create realistic audios and videos that look and sound like a real person. For example, deepfakes can convince people to reveal personal information in a Zoom meeting. The same is true with deepfake phone calls.
• Detection Evasion – Bots can learn how to avoid red flags in security tools and work around them.

The Information Security Office (ISO) has proactively responded to these growing threats.  ISO recently deployed Abnormal Security on our Microsoft and Google Workspace email accounts. This next generation email security tool minimizes phishing attacks by separating dangerous messages from legitimate ones.

How You Can Help

There are three simple actions you can take to stay steps ahead of cybercriminals:

• Build your skepticism muscle – A healthy dose of skepticism goes a long way. Even with robust email protection at Yale, always look for fake emails. They can slip through even the best email filters. And don’t forget your non-work email addresses. They usually don’t have the same level of security.
• Trust your gut – When something seems amiss with an email or phone call, trust that feeling. Hang up on threatening calls and don’t respond to emails that seem unexpected or too good to be true.
• Seek verification – Did you receive an unexpected email from someone you know? Scammers will impersonate friends, family, and bosses to get you to reveal information. When in doubt, speak to the person directly and find out if they sent it.