After its CEO urged stronger company-wide cybersecurity ethos, one firm is sharing cyber tips for users to combat AI-driven scams effectively.

With AI lowering the barrier to entry, even low-skilled attackers can generate sophisticated scams, ranging from deepfake-driven phishing to AI-generated sham websites mimicking legitimate businesses.

What used to take scammers days or weeks to create will now take minutes. The larger a digital marketplace in any region, the more likely a proportional degree of attempted fraud will take place, it seems.

Therefore, it its Cyber Signals Issue 9, Microsoft has released a series of recommendations for the public to protect themselves against scams in general.

Recommendations

• Strengthen employer authentication: Fraudsters often hijack legitimate company profiles or create fake recruiters to deceive job seekers. To prevent this, job platforms should introduce multifactor authentication for employer accounts, making it harder for unauthorized users to gain control.
• Monitor for AI-based recruitment scams: Companies should deploy deepfake detection algorithms to identify AI-generated interviews where facial expressions and speech patterns may not align naturally.
• Be cautious of job listings that seem too good to be true: Verify the legitimacy of websites by checking for secure connections (https) and using tools that detect URL spoofing or mistyped URL addresses during web searches. Employment offers that include requests for payment, and a lack of formal communication platforms, can all be indicators of fraud. Legitimate employers use official company platforms for HR communications. Always handle personal and sensitive information over secure platforms.
• Avoid providing personal information or payment details to unverified sources: Look for red flags in job listings, such as requests for payment or communication through informal platforms such as text messages, social media apps, non-business email accounts, or requests to contact someone on a personal device for more information. Unsolicited SMS and email messages offering high-paying jobs requiring minimal qualifications are typically fraudulent. Avoid sharing personal or financial information, especially banking details and login credentials.
• Avoid providing personal information or payment details to unverified sources: Look for red flags in job listings, such as requests for payment or communication through informal platforms such as text messages, social media apps, non-business email accounts, or requests to contact someone on a personal device for more information. Unsolicited SMS and email messages offering high-paying jobs requiring minimal qualifications are typically fraudulent. Avoid sharing personal or financial information, especially banking details and login credentials.

For increasing safety during online shopping, the public can heed the following reminders:

• Do not let pressure tactics trick you: Be wary of “limited-time” deals and countdown timers in high pressure ads on any platform.
• Click on verified ads only: Many scam sites spread through AI-optimized social media ads. Cross-check domain names and reviews before attempting to even read or interact with their ads.
• Be skeptical of social proof: Nowadays, scammers can use AI-generated reviews, influencer endorsements, and testimonials to gain your trust and exploit it. Never trust any claims without cross-checking them against reliable information sources.

General cybersecurity tips

As a major producer of major operating systems, browsers, cloud resources and software used at many levels of business, Microsoft is under a renewed heavy commitment to improving cybersecurity for products and practices specific to its own user base:

Users of Microsoft Edge should take advantage of their machine learning “Scareware Blocker” that detects alarming popup ads pretending to be system messages warning people that their system has been compromised. These attacks try to frighten users into calling fraudulent support numbers or downloading harmful software. Enabling the Scareware Blocker allows the Edge browser to automatically detect and stop these attacks or remind the user not to fall for the scam alert.

At any time, if a user still receive an unsolicited offer from some website or person purporting to offer tech support to you after claiming your system is at risk, it is likely a scam. Always reach out to trusted sources for tech support. If scammers claim to be from Microsoft, report the incident at https://www.microsoft.com/reportascam

In January 2025, a new fraud prevention policy was introduced throughout the firm: all product teams must now perform fraud prevention assessments and implement fraud controls as part of their design process. This “Secure Future Initiative” involves various efforts that Microsoft users should take advantage of:

• Domain impersonation protection: This system uses deep-learning technology at the domain creation stage, to help protect against fraudulent e-commerce websites and fake job listings. Even the firm’s career management website now has AI-powered functions to detect the planting of fake jobs by malicious users.
• Public-private cybersecurity initiatives: Organizations and institutions wishing to tipoff the firm’s Digital Crimes Unit about new scam trends or campaigns can now leverage the firm’s ties with global law enforcement agencies.
• Quick Assist protection initiatives: The dangers of Window’s Quick Assist feature have been addressed through additional safeguards such as digital fingerprinting, a “Remote Help” resource, and other functions that obviate the risks of enabling strangers to access a computer remotely. In what is called “blocking of full control requests”, Quick Assist now includes warnings and requires users to check a box acknowledging the security implications of sharing their screen. This adds a layer of helpful “security friction,” by prompting users that may be multi-tasking or preoccupied to take notice when attempting to complete an authorization step.