AI-Enhanced Social Engineering: Beware of the “Friendly” Voice of Fraud
This article appeared in the Sep/Oct issue of MiMfg Magazine. Read the full issue and find past issues online.
What better way to demonstrate the reality of AI — its capabilities and limitations, boundless potential and risk — than in an article about AI-powered social engineering that OpenAI “wrote.” Generated from specific input parameters entered by Rehmann’s Jim Carpp, the article below is an unedited product of OpenAI’s take on the subject:
In the relentless landscape of cybersecurity, small and medium-sized businesses (SMBs) find themselves in the crosshairs of a stealthy adversary: artificial intelligence-driven social engineering. Recent high-profile incidents vividly illustrate the tangible and severe consequences of business e-mail compromise (BEC) and wire fraud, showcasing how AI is now a weapon of choice for cybercriminals targeting the human element within organizations.
Consider the case of a regional manufacturing firm that fell victim to a meticulously orchestrated BEC attack. Cybercriminals, armed with AI, studied the company’s communication patterns, mimicking the CEO’s writing style and tone flawlessly. The convincing e-mail instructed the finance department to initiate a payment of $350,000 to what appeared to be a legitimate vendor account. By the time the deception was uncovered, the funds had vanished into untraceable cryptocurrency accounts, leaving the company grappling with a substantial financial loss.
Similarly, a tech startup became a casualty of wire fraud when an employee unknowingly responded to an AI-crafted phishing e-mail. The e-mail, seemingly from a trusted client, requested an urgent change in bank account details for an upcoming transaction.
Unbeknownst to the employee, the funds were rerouted to an offshore account controlled by cyber-criminals. The startup incurred not only a six-figure financial hit but also endured reputational damage as clients questioned the integrity of their security measures and process controls.
These real-world examples underscore the urgency not only for SMBs but all organizations to fortify their defenses against social engineering. Technological solutions, such as advanced e-mail security platforms leveraging AI for anomaly detection, are critical.
It is imperative that organizations acknowledge and adopt a comprehensive strategy that combines cutting-edge technology with employee training and aggressive internal process controls. By doing so, businesses can significantly enhance their resilience against the rising tide of AI-powered business e-mail compromise and wire fraud. In the era of AI assisted threats and deception, our ability to be educated and aware of its influence is critical, just like this article.
Had this article failed to disclose up front that it was almost entirely generated by AI, would you have been fooled? Are you confident that your employees, your IT team, and/or your technology infrastructure could detect AI-driven social engineering at work — and, just as importantly — respond quickly and properly to deflect it?
To protect your organization — its data, dollars, and reputation — you and your employees must be vigilant and have the necessary controls and procedures in place. Cutting corners could result in cutting your balance sheet or collapsing all you’ve built.
About the Author
James E. Carpp, CISA, CRISC, CIRM, CISM, oversees the digital transformation strategic initiative at Rehmann. He works with Rehmann’s technology solutions team to define, develop, and manage a diverse digital project portfolio. He may be reached at 989-799-9580 or james.carpp@rehmann.com.
Rehmann is an MMA Premium Associate Member and has been an MMA member company since July 2006. Visit online: rehmann.com.