Cybersecurity: Going the Extra Mile
You may have heard terms like phishing and spam calls for years now. You might even feel confident in your ability to spot a scam text or telemarketing call. But are you familiar with deepfakes, port-out scams, and no-click attacks? And, more importantly, would you know how to identify them if scammers try to target you? Let’s dive into how to identify these newer types of scams and what steps you can take to avoid falling victim to them.
Deepfakes
Deepfakes are fabricated videos or photos typically created with AI or machine learning models that depict a false or modified version of events.
At the outset of AI, you might remember thinking something like, “I’d know if a video is fake,” but the reality is that deepfake technology is getting better every day. Scammers can gather publicly available images or videos found online and feed them into video creation software to imitate your loved ones (or other recognizable figures) and their voices. The content is meant to elicit emotional responses or immediate action, such as sending money or information that leads to compromising your personal accounts.
How, if the tech is evolving, can you tell if something isn’t real?
- To start, there are numerous resources available online to help you get comfortable running your own credibility checks or learn the hallmarks of an AI created video.
- Consider creating a confidential “password” with your family or loved ones that can be used to verify the validity of claims or calls.
- Look for hallmarks of AI:
- Check the length and creation dates: Videos with clips that are less than 10 seconds long or ones that were created after 2023 have a higher likelihood of being AI-generated.
- Pay attention to details: AI isn’t great at details where it has to fill in information, so teeth may appear wobbly or someone may have 13 fingers. If there are “too many” or “not enough” of something that should (or shouldn’t) logically be there, that’s a telltale sign of AI.
- Question everything: Ask yourself about urgency and the end result. Is there a reason the person speaking would really need you to act immediately? Is it consistent with the behavior you’ve seen them exhibit in the past?
- Test your skills: There are tests available online, like this one that Microsoft created, to help you evaluate how familiar you are with identifying and recognizing deepfake content.
While it may be getting more and more difficult to know when something is real, remember that your best defense against AI is critical thinking. Double-verify when possible, and when it’s not, ask a trusted source for a second opinion.
Port-Out Scams
Your phone number is connected to so much of your online identity. Whether it’s your name popping up on loved ones’ caller IDs or setting up two-factor authentication (2FA), it’s an integral part of your digital footprint. What happens though, if all of a sudden, it’s not you on the other end of the line?
A Port-Out Scam — also known as SIM Swapping or SIM Hijacking — is when bad actors illegally transfer your number from one phone carrier to another.
Porting-out is not technically illegal so long as you’re the one doing it. If you wanted to switch your phone number from one carrier to another, for example, most carriers offer the service. But, sometimes, bad actors are able to use information found online to contact your carrier and authorize the switch, giving them access to your number and, as a result, any two-factor authentication you have attached to it. They then try to gain access and change passwords to bank accounts, social media accounts, or email addresses — really any account your phone number may be attached to.
Each cell phone carrier has their own type of protection against this kind of scam. Many offer a “Number Lock” option, where you can call to set up a PIN that’s required for any account changes. If you decide to set up Number Lock, just be sure to use a PIN that you’ll remember but that’s not easily identifiable. (You might’ve loved that happy birthday Facebook post from your Aunt, but now more people than you may realize can find your birthday on social media.)
One of the first telltale signs of this kind of attack is if, all of a sudden, your phone goes dark or is only able to contact emergency services. If you suspect you’ve been the victim of a port-out scam or would like to protect against it, contact your cell phone carrier about setting up a port-out lock or reporting a potential port-out:
Zero-Click Exploits
Zero-click exploits, or no-click attacks, require no interaction from the person using the targeted device. Instead, they exploit holes in a device’s software (typically, zero-day vulnerabilities) to gain access to personal information, messages, or device user controls.
You might find yourself asking how it’s even possible to acquire malware without interacting with it, but this type of attack is based on either your device’s or an app’s processing settings. Often, these kinds of attacks specifically target software that process data automatically like email hosts or messaging software.
This may feel scarier because it’s not something easily detectable, nor is it something that you can easily protect against. However, there are steps you can take to limit or negate the effectiveness of no-click attacks:
- The first thing you want to do is make sure all of your operating systems (on phones and computers) are up-to-date. You can typically do this by going into your settings and checking for software updates.
- Second, only download apps from trusted sources, like your carrier’s app store, and limit app permissions when possible.
- And, when applicable, use mobile security tools like malware monitoring or VPNs to make it harder to “break in” to your device.
Staying aware and keeping your devices updated can help protect you against bad actors who may try to target you online. And, if you ever need a second opinion or are unsure of if something may be a scam, we’re great people to think with®.