Skip to main content

HEART OF STEELE

Phishing, Smishing: AI is getting creepier
By
Joni Hubred, News Editor
Joni Hubred, editor, Steele County Times

When Steele County IT director Dave Purscell talks about cybersecurity, I always walk away feeling just a tiny bit terrified.

Last week, he shared with county commissioners some highlights of a recent cybersecurity event he attended in Denver–and “tiny bit” no longer applies. What he had to say about AI–artificial intelligence–scared the bejeebers out of me.

I’m just starting to get comfortable with “virtual assistants” and “chatbots.” They can be helpful; for instance, the Spectrum app on my phone has a chatbot that can tell me whether I’m in an internet service outage or talk me through steps to restart my router.

I’ve used ChatGPT, which gives me search results without a ton of annoying ads and “recommended” websites. With absolutely no shame, I also use it to quickly figure out answers when I’m hopelessly stuck on a tough crossword puzzle.

But an increasing number of people are using this technology for far more nefarious purposes.

Phishing scams, where bad actor use fake emails that trick people into revealing sensitive information or sending money, have been joined by “smishing” with fake text messages. Purscell also said with just two minutes of someone’s voice, AI can produce a realistic recording of it in real time–and convince someone on the other end of a telephone call to do something they shouldn’t.

He talked about a payment redirection scheme that uses contractor payment information that the county is required by law to publish. By using “deep fake” technology, a criminal can replicate the voice of someone with the contracting firm and call the county to provide a new bank account number for depositing the check.

“When we’re getting ready to make those payments, threat actors are redirecting the funds,” he said. “There have been counties that have been stung to the tune of $7.5 million. By the time they found out the people who were supposed to get paid didn’t get paid, it’s too late.”

Purscell said a recommended policy is to “lock down” transactions once the numbers have been published, so bank account information can’t be changed. The Secret Service, he added, can reverse wire transfers within 72 hours of being sent, in the U.S. and a handful of other countries.

Purscell described AI as a powerful tool for government–but it’s also a dangerous one. He urged officials to start looking at policies designed to prevent the unthinkable from happening with residents’ data and/or tax dollars.

It’s time for the rest of us to follow suit when it comes to our personal policies. As Purscell said, be skeptical of everything you hear and see, question instructions and orders. Before sending any money or information to a “loved one”, double-check whether they’re really in trouble. Remember that utility and credit card companies will never ask for sensitive personal information over the phone or email–they’ve already got it.

While it’s disheartening that we all have to take these extra measures, it’s well worth the effort to protect ourselves and our families from real harm.

Sign up for News Alerts

Subscribe to news updates