Comments by: Sammy Migues, Principal Scientist, Synopsys Software Integrity Group
We’ve gone from random phishing to spear phishing to personal knowledge-based attacks (perhaps even driven by AI). Attackers don’t just know your name and where you work anymore. They’re gathering information around what you like, where you’ve been, what you do, etc. And with AI, malicious actors can create a believable experience that you’ll want to be a part of. For instance, if they detected your desire to be an influencer, perhaps they’ll send you an offer to join up with a new social media outlet to do some topical blogging. Thereby, greatly increasing the malicious actor’s chances of having you undo your own security for them.
The real story isn’t about cryptocurrency scams, that’s just one of the many ways to monetise the access the attacker has gained. The real story is how many people with internet access are willing to believe that this once-in-a-lifetime opportunity really did happen to them. I cast no aspersions here—we all want to be special in some way. Even the savviest individuals could believe the most preposterous story, sometimes because they believe it just can’t happen to them because they’d spot it.