University of Illinois Urbana-Champaign researchers have demonstrated that OpenAI’s ChatGPT-4o can be exploited to conduct autonomous voice-based financial scams, achieving success rates between 20 to 60 percent. The study highlights various scam methods, including bank transfers and credential theft, with the cost of executing these scams averaging just 75 cents per successful attempt. Notably, credential theft from Gmail had a success rate of 60 percent. OpenAI has responded, stating that their latest model, o1, incorporates better defenses against such abuses. They emphasize the importance of research like that conducted by UIUC in enhancing safety measures against malicious use of AI technologies.
Security researchers have issued a warning about a new threat campaign where hackers impersonate IT support on Microsoft Teams to deceive users. A report from Reliaquest highlights a major shift in tactics since late October 2024, moving from mass email spam—where about 1,000 emails were sent in just 50 minutes—to direct messaging on Teams. The attackers, believed to be operating from Russia, aim to convince users to download remote access tools like AnyDesk, allowing them to deploy ransomware. To counter these tactics, organizations are advised to disable communication from external users on Teams and implement training programs to raise awareness of evolving social engineering threats.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to federal executives about a large-scale spear phishing campaign orchestrated by foreign actors, who are using malicious remote desktop protocol files to gain unauthorized access to networks. CISA has recommended ten protective measures for organizations.
Why do we care?
Lots of tactical threats to be aware of today. Those voice based scams are increasing, and I expect we will see more of those to come.
