Is Artificial Intelligence (AI) safe to use? This question continues to circulate in the banking industry. More organizations are leveraging AI-driven solutions to replace or enhance traditional fraud prevention techniques, streamline data entry, and analyze financial data.
Regardless of the application, AI is becoming an integral part of many organizations' daily activities and a key driver of industry innovation. However, the risk with inputting confidential data into AI programs is that there often needs to be clear guidelines for how that information will be stored or re-used.
Community Banks are responsible for protecting the sensitive personal information of their customers from cyber-attacks and potential threats. Understanding the role of AI and being aware of common threats will help you and your community stay cyber-safe.
What Should Banks Watch Out For?
AI solutions continue to evolve, and so do the tactics criminals leverage. To protect sensitive information from these more sophisticated crimes, we’ve outlined frequent tactics we’re seeing.
Brand Impersonations
Brand impersonators, whether sending phishing emails or imitating a well-known website, will use publicly available data to undermine your trust in the brand they want to impersonate. These criminals are practical—they will use your company’s logo and near identical messaging to sway you to click the link to their “website.” If you click the link, it may be a cyber criminal's key to your company’s information you try so hard to protect.
A common impersonation technique is the DeepFake. This is when fraudsters use generative AI to create realistic replicas of high-ranking personnel or customer service representatives to get you to think you are communicating with a real person. They use AI to create a script and talk to you through phone calls or video chats. The danger of these scams is that people are more likely to believe cyber criminals if they think they are talking to a real person or someone they know.
Emergency Scams
Never doubt the lengths a scammer will go to convince you to give them your information. One questionable tactic they deploy is grandparent scams. This social engineering attack manipulates human emotions to carry out a malicious goal, using highly targeted information to create a sense of urgency. This could be public information like the name of their grandkids, best friend, or location; scammers will use a full arsenal of strategies to get what they want from an unexpected party.
Attackers will use generative AI voice-mimicking tools to replicate the voice of a loved one. A few sentences of a recording are all it takes to curate voice snippets that can be used on social media, in a phone call, or voicemail. Typically, for a phone call, the scammers will call at unexpected times, like early morning or late at night. They will begin by familiarizing themselves by asking, “Grandma, do you know who this is?” which allows them to ‘verify’ their identity. Then, the fraudster will present a troubling situation, asking the caller to send them money immediately. Sometimes, they will even impersonate a police officer or government official to make it more convincing.
Although these attacks become more sophisticated as technology advances, there are ways you can protect yourself:
- Keep your guard up! Always be mindful and question unexpected urgent-seeming calls, texts, or emails.
- Verify the caller or sender. Ask specific questions that only the loved one would know. Ask for details about the situation.
- When in doubt, reach out. Hang up and contact the loved one using a different method of communication.
Staying Cyber-Safe in a Digital Age
The Power of the Pack
People are often seen as the final layer of security, but they are your best first line of defense. Empower them to leverage AI tools that augment human capabilities rather than replace them.
Solutions like the Analyst from Beauceron Security use AI to gather insights, send automatic action-reported emails, and save time on training to focus on the real threats targeting your organization. The ability to identify the most common attacks hitting your organization's inboxes and create rules that automatically action those attacks in the future helps keep teams on top of current threats. Further, the Analyzer ML, an algorithm tuned to minimize false negatives when analyzing reported emails, can automatically identify emails as 'phish' or 'spam', saving the security team time and expediting the prioritization process for which emails need further action.
Best Practices
There are a few points to keep top of mind when using tools or applications that integrate with AI:
- Be conscious of the information you share with generative AI. The data you feed AI services like ChatGPT may not be private and could be accessed or used maliciously unintentionally. It’s important not to share personal, work, or confidential information with AI and to understand the terms and conditions of its use.
- If you don’t know if something is confidential, ask. Your manager or IT team can guide you on best practices for working with AI and can provide an explanation of the information allowed by your organization's policies.
- Read up on your organization’s policies around AI use. It’s important to be educated on what is and isn’t appropriate to input into AI technology like ChatGPT. Your organization may want to set up authorized AI providers, like using existing trusted cloud providers such as Microsoft Azure, which help with data privacy concerns.
Your Partner in Risk Reduction
When people are educated to be in control of the technology they use every day, they make good choices to reduce cyber risk, leading to better detection of suspicious and malicious behavior. Motivate your teams to do their part and empower them to make cyber-safe decisions that deliver better results.
Beauceron Security is a B2B SaaS cybersecurity company with headquarters in Atlantic Canada. The company was founded in 2017 by security practitioners at the University of Brunswick who recognized a key problem in cybersecurity: the lack of focus on educating and motivating people. The company has helped over 700 organizations globally reduce cyber risk. In 2022, it was named to the CyberTech 100 list of top cybersecurity solutions for financial institutions and was named an Employer of Diversity by Atlantic Business Magazine. Get in touch with a member of the Beauceron Pack for a Discovery Awareness Session to learn more about how you can start delivering meaningful risk reduction.