Phishing emails are becoming more and more credible thanks to AI, how can you protect yourself?
Phishing is a phishing method, which consists of deceiving victims to obtain their sensitive data, access their online accounts, extract money from them, etc. In short, scam them using different tools such as emails or fakes. sites. These phishing attacks have been on the rise in recent months, according to a report from ReliaQuest, a company specializing in cybersecurity, which announces an increase of 16% compared to the previous survey, and 46% of all reported incidents.
Until now, emails looked more like crude imitations with poorly worded texts, spelling mistakes, poorly reproduced logos… For websites, numerous display errors, menus that only led to to 404 pages and still spelling mistakes, rough translations, etc.
But today, with rapid advances in artificial intelligence, cybercriminals have powerful tools to perfect their phishing attacks. Modern phishing emails, perfectly imitating those from official organizations, have become more convincing than ever. This not only requires us to be more vigilant, but also to seek more effective cybersecurity solutions.
Phishing and AI: the new credo of scammers
Hackers exploit artificial intelligence to formulate emails and create sites that must convince and appear credible to their victims. Once the bait serves its purpose, the trap closes and the consequences of these scams can be disastrous.
Writing and correcting content
One of the strengths of AI is its ability to generate high-quality textual content. Scammers use advanced language models, like those powering conversational AIs, to write emails without grammatical errors or inconsistencies, which was often a telltale clue in the past. These tools allow you to create context-specific messages, personalized with the recipient's name, address or other information collected via stolen databases.
Higher quality multilingual translation
Cybercriminals are also using AI-assisted translation tools to reach more people and therefore increase their chances of achieving their unhealthy goals. Unlike the rough translations of the past, these tools produce fluid and idiomatic texts, increasing the credibility of messages. A French user, for example, will receive an email in perfect French, allegedly from their bank or the tax administration.
Precise targeting through data analysis
Artificial intelligence tools also make it possible to analyze illegally collected data to target specific victims. Cybercriminals thus identify individuals likely to respond to certain types of messages. For example, a professional could receive a fraudulent email related to their activity, while a student could be targeted by an alleged scholarship or student loan offer.
Creation of images and graphics
Generative AI tools can reproduce logos, headers, and even electronic signatures that perfectly mimic those of legitimate organizations. These visual elements reinforce the apparent authenticity of the emails. In addition, AI image-generating technologies make it possible to design convincing attachments or screenshots, imitating official documents.
Fake sites developed by AI
Beyond the emails themselves, cybercriminals are using AI to create fraudulent websites that look almost perfect like their authentic counterparts. These sites include deceptive URLs, user interfaces identical to legitimate sites, and sometimes SSL certificates, making them even more difficult to detect by unsuspecting users. These platforms are often integrated into messages to steal identifiers, credit card numbers or other sensitive data.
Faced with increasingly credible phishing emails, it is crucial to adopt a proactive and methodical approach to avoid being trapped. Here are some tips to follow and share without moderation.
Check the sender's address
Before clicking on a link or opening an attachment, carefully review the sender's email address. Often, cybercriminals use addresses similar to those of official entities, but with slight variations (for example, a “.com” domain name instead of “.gouv”). If the address looks suspicious, don't take any chances.
Check the sender's email and delete the email if it seems suspicious
Pay attention to mistakes and inconsistencies
Even if emails generated by AI are of better quality, certain anomalies may remain, particularly in the style or tone (colloquial language in particular). Be wary of messages that are too insistent, alarming or that seem unusual compared to the usual communications of the supposed sending organization.
Crude phishing attempt with mistakes and inconsistencies
Never interact directly with a suspicious link
Before clicking on a link, hover your mouse over it to check the actual URL. It is normally displayed at the bottom of your browser window. If this differs from the official address of the organization advertised, it is probably a phishing attempt. Always prefer to access the site by directly typing its address into your browser.
Use a password manager
Password managers can help you identify fraudulent sites. If a malicious site tries to masquerade as a legitimate site, your password manager will refuse to autofill your credentials because it won't recognize the URL. If the fields are not filled out, run away.
Beware of offers that are too good to be true
A message announcing an unexpected win, an urgent alert on your bank account or an exclusive offer is often a sign of a scam. These emails exploit urgency and emotion to push victims to act impulsively and therefore ignore our initial advice of caution.
Be careful with attachments
Never open an attachment from a suspicious email, even if the document appears legitimate (invoice, receipt, etc.) and with a known extension (PDF, DOC, etc.). Malicious files may contain spyware or viruses that can steal your data.
Enable two-factor authentication (2FA)
Two-factor authentication adds an extra layer of security to your online accounts. Even if a scammer manages to obtain your credentials, it will be much more difficult for them to access your accounts without the additional code.
Trust your browser
If you visit a fraudulent or insufficiently secure site, your browser may notify you and automatically block the connection. The alert page is then displayed and invites you to go your way.
Use a security suite for effective protection against phishing
How can an antivirus or security suite block a phishing email or access to fraudulent sites, you ask yourself. Quite simply by offering protection tools such as a VPN, anti-spam tools for your email client, a secure browser that detects suspicious URLs, or even a password manager that only fills in your login credentials on the official page of your account.
Of course, nothing replaces your vigilance, but these tools can help you avoid being confronted with these scams and also protect you if these phishing emails force you to download malware which will search your computer, looking for exploitable data to steal.
Thus, among the most effective security solutions on the market, two of them stand out: Norton 360 Deluxe and Avira Prime.
Norton 360 Deluxe
With your Norton 360 Deluxe subscription, you have a range of features to protect you from phishing attempts, in addition to antivirus and antimalware protection, a SafeCam module, parental controls and many others tools.
Several tools are specially designed for phishing. Thus, Norton Safe Email goes much further than a standard spam filter by analyzing incoming emails and their possible attachments. Then compared to a cloud-based database of emails and fraudulent content, this data is automatically blocked if it appears dangerous. It is possible to protect your Gmail and Outlook inbox, but also all your IMAP/POP and other email accounts.
Norton 360 Deluxe includes email protection, a firewall and numerous tools to block phishing attacks © Gen Digital
Norton 360 Deluxe includes a module called Web Protection which further secures your web browsing, as does the Norton Safe Web extension, compatible with Google Chrome, Mozilla Firefox and Microsoft Edge. This anti-phishing system provides important information about the websites you visit and in particular their security status. By displaying a specific icon directly in your search engine, you are immediately alerted whether the site is safe or not.
Among other phishing-related features, the password manager is essential. Not only does it automatically fill in the connection fields of a website, which prevents the theft of identifiers by keylogger (recording of keystrokes), but it will only fill these fields provided that the web page on which you are you have the right URL and therefore the right connection address.
Avira Prime
Avira Prime also stands out as a powerful security suite to protect users against all web threats, including phishing attacks. This solution combines advanced tools to ensure complete protection of your devices and online privacy, combined with a seamless user experience.
Avira Prime offers web protection against phishing and fake sites © Gen Digital
One of its main assets against phishing is Avira Browser Safety, a browser extension that acts in real time to detect and block fraudulent websites. This tool analyzes each link that the user is about to visit and prevents access to suspicious pages, thus avoiding typical phishing traps.
Avira Prime's password manager also plays a crucial role. By saving and automatically filling logins only on authentic sites, it prevents users from unintentionally sharing their sensitive information. This manager also generates complex and unique passwords, making it even more difficult to exploit stolen data.
Avira Prime's built-in web protection strengthens overall security by scanning every visited page. Combined with an intelligent firewall, it monitors network traffic to identify and neutralize abnormal behavior linked to malicious activity. Emails, the main vectors of phishing attempts, are also supported using advanced verification technology. Avira scans attachments and links in messages to identify infected files or redirects to questionable sites.
