How Cybercriminals Can Use AI to Target Young People

As generative AI tools like ChatGPT and DALL-E become increasingly widespread, their potential for good seems virtually limitless. AI (short for artificial intelligence) is unlocking new possibilities across the fields of business, medicine, education, technology, and more; it helps write computer code, improve medical imaging analysis, and even generate high-resolution weather forecasts. 

But at the pace AI is advancing, many people are beginning to wonder about the potential negative effects that come from the growing use of AI technology, especially with regards to cybersecurity and identity theft. Every day for hours a day young people are digitally connected to streaming platforms, email, internet and social media. Concerns grow with each passing day on how these young people will be able to navigate the potential dangers of this emerging technology.

Is AI technology dangerous?

AI may not be inherently dangerous, but like any technology, it can be misused by those with malicious intent. In the hands of identity thieves, artificial intelligence can be a powerful tool, making it easier to exploit victims’ vulnerabilities and gather sensitive personal information.

Is AI part of cyber security?

Though AI can help improve cybersecurity by making threat detection measurement more accurate by analyzing endpoint behavior or monitor networks for suspicious activity, it can also be used by cybercriminals to initiate various forms of cyber attacks.

How is AI being used for identity theft to target young people?

There are several ways cybercriminals can use AI for identity theft, including (but not limited to):

1. Automated phishing attacks

   AI can analyze large datasets to personalize phishing emails, text (smishing) messages, or voice (vishing) messages, making them appear more legitimate and trustworthy to young people. Since these messages appear to come from trusted sources, victims may be more likely to disclose personal information, such as login credentials or financial details.

2. Data breaches

   Not only can AI make data collection easier and faster, but it can also be used to identify vulnerabilities in computer systems and networks for executing large-scale data breaches. If personal information from a young person is collected by company or online retailer that experiences a data breach, that stolen information can be used or sold to commit identity theft.

3. Social engineering

   AI-powered bots can be used to analyze social media profiles and gather detailed personal information, especially about young people, who as internet natives may be inclined to share this information more carelessly. Cybercriminals can then use this data to create detailed profiles of their targets and craft more convincing social engineering attacks.

4. Credential stuffing attacks

   Credential stuffing attacks are a type of cyber attack that uses account credentials collected from one place (often a data breach) to gain unauthorized access to accounts elsewhere. AI helps orchestrate these attacks by automating the process of collecting and trying different combinations of username and password.

   Tip: Credential stuffing attacks work because many users recycle the same combinations of username and password across multiple sites. This is why it’s so important that we teach our youth about the importance of where they type their credentials and to make sure to keep a wide variety of strong passwords to avoid across the board access to their person accounts.

5. Deepfakes

   AI can be used to generate highly realistic deepfake videos or audio, making it easier for cybercriminals to impersonate victims’ loved ones and deceive young people into sharing confidential information.

6. Automated cyberattacks

   AI-powered bots can be used to conduct automated cyberattacks, such as brute force attacks on weak passwords or attempts to crack encryption keys, allowing attackers to gain access to personal data.

7. Chatbots for scamming

   AI-powered chatbots can simulate real conversations, making it easier for cybercriminals to engage with young people and extract personal information or spread malicious content.

8. Malware and ransomware attacks

   AI can be used to develop advanced malware or ransomware that can bypass security measures more effectively, potentially targeting young people through seemingly harmless downloads or links.

What is an example of an AI-based cyberattack?

One-way cybercriminals are starting to use AI in cyber-attacks is via AI voice cloning. Using an audio sample that’s just 3 seconds long, AI voice cloning tools can mimic the tone, pitch, and cadence of virtually anyone’s voice. Cybercriminals can use the cloned voice to target a victim’s friends or loved ones with calls and voice messages designed to trick them into sending money. Generally, these messages play on victims’ emotions by making them believe their loved one is in a distressing situation, like a car accident, robbery, or kidnapping. 

AI voice cloning attacks are considered a form of spear phishing, a type of cyberattack where scammers target specific victims with messages from what appears to be a trusted sender. 

What should I do if I think I’m the victim of an AI-powered scam?

If you suspect that you've become a victim of an AI-powered scam, it's essential to act quickly to help protect yourself and mitigate any potential damage. Here are some steps you should take:

1. Stop all interactions

   Cut off all communication with the suspected scammer immediately. If it involves an email, do not click on any links, download attachments, or reply to the sender.

2. Report the scam

   Alert the appropriate authorities about the suspected scam, including the FTC, the FBI’s Internet Crime Complaint Center, and your local law enforcement. Additionally, report the scam to the platform or service where the scam originated, such as social media sites or email providers.

3. Monitor your accounts and credit report

   Regularly monitor your bank accounts, credit cards, and other financial accounts for any suspicious transactions. If you notice any unauthorized activity, report it to your financial institution immediately.

4. Change your passwords

   If you suspect you’ve been the victim of a scam, you should immediately change the passwords for all your online accounts, especially if you suspect that your login credentials have been compromised. Use strong, unique passwords for each account and enable two-factor authentication (2FA) wherever possible. As a preventative measure, continue to change your passwords on a regular basis. 

5.  Educate yourself

   Learn more about AI-powered scams and other types of cyber threats. Staying informed about the latest scams may help you recognize potential dangers in the future.

6. Be wary of sharing personal information

   Be cautious about sharing personal information online, especially on social media platforms. Limit the amount of personal data you make publicly available.

7. Install security software

   Ensure you have up-to-date antivirus and anti-malware software installed on your devices to protect against potential threats.

8. Seek professional help

   If you believe your identity has been stolen, consider enrolling in an identity theft protection service like PrivacyGuard. With PrivacyGuard, you have access to your own Personal Resolution Expert, in case you become a victim of identity theft.  Your dedicated expert will work with you step-by-step in helping you restore your identity. With PrivacyGuard, if you become a victim of identity theft, you'll also be provided with documents filled with helpful information to guide you through the process to help you recover your good name faster.

9. Warn others

   Inform your family, friends, and colleagues about the scam you encountered. Spreading awareness can help prevent others from falling victim to similar scams.

10. Stay vigilant

    Be cautious and skeptical about unsolicited messages or emails, especially if they appear too good to be true. If you receive unexpected offers or requests, verify the legitimacy of the sender through official channels before taking any action.

    Remember that being a victim of a scam is not your fault, and seeking help and reporting the incident promptly can aid in mitigating potential damage. Always prioritize your online security and stay vigilant against evolving cyber threats.

What next?

Monitoring for identity theft can feel like a full-time job — but you don’t have to do it alone. Sign up for identity protection from PrivacyGuard to help you monitor certain changes in your personal information.