With fraudsters abusing generative AI to launch exceedingly-convincing and elaborate scams this approaching festive-season, arm yourself with these cyber hygiene tips.

While cyber researchers consider that the playbooks of cyber scammers and fraudsters are often predictable, this festive season serves up a game changer: democratized generative AI (GenAI) empowering all levels of scammers and threat actors with numerous advantages.

One exposure management firm, Tenable, has reiterated public calls for people to stay vigilant against festive-themed malware scams. One of its senior research engineers, Satnam Narang, commented: “Scams used to be riddled with inaccuracy in spelling and grammar, but the availability of GenAI is closing the gap, giving them an edge they’ve never had before. Scammers will use these AI tools this year, and they will find more success than in years past.”

One by-product of the criminal gold rush in GenAI is the push across a variety of media, including video, to help drive improvements to things like deep fakes. Satnam noted how the biggest YouTube star in the world, commanding over 188m subscribers, was impersonated on TikTok using a deepfake video. “The impersonation was a big improvement over what we’ve seen in the past. In this Black Friday, it wouldn’t surprise us to see scammers continue this trend and leverage the likeness of MrBeast and other social media influencers to promote giveaways and scams.”

Staying AI-safe this festive season

This festive season, consumers should bear the following tips in mind:

    • Beware of typical scam tactics. Examples are celebrities supposedly giving away things; links that take you off platform; social profiles with no engagement/posts/followers may represent a red flag. If you have any doubt, it is always better to be safe than sorry.
    • Be extra cautious and skeptical about offers and giveaways on social media. The availability of generative AI and other large language models means scams that you normally recognize due to poor spelling and grammar will not be so easy to spot, and improvements in deepfake technology means fake video content is likely to appear on your social media feeds. An old tactic that remains prevalent each year is the promotion of free gift cards for US$500–US$1,000 on various social media platforms. These giveaway schemes require users to reveal personal information and purchase premium offers, such as free trials. Many contain legally binding conditions in fine print, which may end up costing victims more than bargained for.
    • Guard your personal details avariciously: If you see ads or promotions for “free” things like popular gadgets, clothing or gift cards, understand that there is no such thing as free. There is always a price to be paid, which could include the leakage of your personal information, or your credit card being compromised.
    • Always use trusted websites and services. No matter how attractive an advertisement from reputable brands may be, do not visit the links featured in it. Verify that the brand involved is really being represented in the promotion: visit their web resources and social media platforms separately to see if the promotion/offer is legitimate.
    • The more legitimate an incredible offer appears to be, the more caution is needed: Social media is the perfect place to catch distracted users off guard with GenAI. Today, cybercriminals can begin their scams on one social network and drive users to another one. Fake profiles are rampant, and scammers can create hundreds of accounts to legitimize their scams. These existing tactics, combined with the current boom of GenAI abuse, can create a dangerous situation for even normally-cautious users.

In long-drawn engagement sessions with potential scammers, the tell-tale signs that should set alarms ringing are: the need for victims to download some mobile app into their smart device to complete the ‘irresistible’ deal. If not, watch out for any attempts to divert potential buyers off the main social media platform, to ask for banking login details and/or even ask victims to provide multi-factor authentication codes at any point of a transaction.

Once the scammers gain access to your smart device, not just one bank account will be compromised: the wealth of personal information made available to the cyber crooks will allow them to impersonate victims to attack everyone in the contact list and social networks and multiply the blast radius with impunity.

Additionally, all-year-round, numerous cyber-safety and online hygiene tips are published in CybersecAsia.netto keep readers updated on the latest threats and trends to watch out for. Subscribe to our newsletter to really heighten 24/7 cybersecurity awareness.