AI Enhanced Scam Emails
In a number of webinars I’ve attended this year on information security, I have been alerted to the changes AI is making to email scams.
Background
Email is the most effect tool for attack that hackers have, because if an email looks like it is from a particular company or from someone known to the recipient, that recipient is likely to interact with the email as though it is proven safe.
AI in Use by Scammers
For some time, IT managers have been instructing users to check email carefully. One of the key red flags of a scam email has been the prevalence of errors, sometimes comical errors in the text of the email. What AI is doing in this case is providing hackers/scammers with tools to improve the quality of their fake emails.
Today I received an email that purported to be from Namecheap. Namecheap is a company I do business with, mostly domain name registration, but I also use their privateemail service, so this is a potential trap. Some people will be led astray by the fact that they do business with the company, thinking that is sufficient to indicate the email is real. “They have my email address and they know I’m a customer. How could a hacker know?”
Note: Nothing about this email is the fault of Namecheap.com, which is a reputable company.
Well, it is quite possible for a hacker to know in multiple ways. In my case, they might simply read this blog post. They might read a review of a company I do business with. But vastly more probably is that they simply send out the email to a few million people, some of whom are bound to be customers of the company they are impersonating. They don’t need to know.
Examining the Email
Here’s an image of the email.
You can’t see the links, as it is an image (intentionally so), but let me note that the MyAccount text at the top is correctly linked to Namecheap, as is the gray logo at the bottom. The three icons at the bottom are not linked, but the “Need to Chat?” text is linked to Namecheap.com. The “update the credit card” link is linked to another site, which I didn’t visit, but which can be presumed to be dangerous, and so is the “login to your account.”
Overall, however, this is a much more effective scam email than we’ve tended to see over the last couple of years.
Keeping Yourself Safe
How did I avoid this? Well, I’m pretty good at recognizing scams, and I should have immediately noticed the fact that this is to renew a “Hosting Package,” which is something I do not have from Namecheap.com. The “privateemail” reference in the “From” field of the email indicated something to which I do subscribe. Nonetheless, as is my practice, I didn’t click on any links. I went straight to the Namecheap website by typing their URL into the address bar of my browser, and immediately I noted that there was no message corresponding to this email in my inbox there.
With the improvement in the quality of these scam emails, that is a procedure I continue to suggest. Never go to a link in an email. Go directly to the site in question. That’s the safest practice.
One Comment