April 17, 2011 - According to foreign media outlet Neowin, theMicrosoft 16 released the latest edition of the Cybersecurity Signals Report, detailing how to respond to today'sNew Threats, Scams and Frauds in Cybersecurityand elaborated AI How to make it "easier than ever" to develop malware.
Microsoft points out that threat actors are getting their money's worth throughDeep counterfeiting, voice cloning, fake employee profiles and fake e-commerce websites and product imagesand other tactics, are increasing their efforts to deceive potential victims.1AI attach this to the following effect:
- AI lowers the technological threshold for online fraud and cybercrime, enabling fraudsters to moreGenerate compelling content easily and cheaply, thereby accelerating the frequency of cyberattacks.
- AI tools can scan the network for company information, helping attackers build detailed profiles of employees or other targets to create more deceptive social engineering attacks.
- In some cases, fraudsters utilizeFake AI-enhanced product reviews and AI-generated storefrontsto lure victims into increasingly sophisticated fraud traps. They build fake websites and e-commerce brands, complete with fake company histories and customer reviews. Through deep fakes, voice cloning, phishing emails and fake websites that look real, malicious actors intend to create a sense of legitimacy on a large scale.
Microsoft has made some targeted recommendations:
- Enhanced employer identification:Fraudsters often hijack company accounts or fake recruiters to deceive job seekers. To prevent such incidents, recruitment platforms should introduce multi-factor authentication and the Verified ID feature of Microsoft Entra ID to improve account security.
- Monitor AI-based recruitment scams:Organizations should deploy deep forgery detection technology to identify AI-generated interviews that have unnatural facial expressions and speech patterns.
- Beware of job postings and websites that seem too perfect:Confirm the authenticity of a website by checking its secure connection (https) and using tools such as Microsoft Edge's spell protection.
- Avoid providing personal information or payment details to unverified sources:Be wary of "red flags" in job postings, such as requests for payment or communication via informal platforms (e.g., SMS, WhatsApp, non-commercial Gmail accounts) or requests for further contact via personal devices.
Microsoft also highlighted some of its own apps such as Quick Assist for enhanced protection against tech support scams through means such as digital fingerprinting. Microsoft also mentioned that Edge'sSpell Protection, Domain Name Counterfeiting ProtectionFunctions such as this can also effectively prevent users from entering malicious phishing websites by mistake.