The Evolution of Cyber Crime Tech and What It Means for Your Business
It used to be that the calling cards for phishing were pretty obvious: generic emails and texts ripe with misspellings, grammatical errors, and other markers of shoddy impersonations. As a result, it was easy to spot them and hit the delete button.
It also used to be that being a hacker required some degree of coding knowledge, persistence, and patience. “Success” as a cybercriminal was based on building up experience with scams and tactics that worked and then replicating that in some way. It was a career that required a specialist skill set.
Technology has changed all of that.
Now with ChatGPT and other artificial intelligence (AI) and machine learning (ML) technologies, scammers can generate endless outputs of code, letters, and text messages with incredible speed and quality.
The general availability of these technologies now means that cybercriminals require no special level of technical skill or experience to run these scams and are likely to see even greater levels of success in committing fraud due to the improved quality of their messages, webpages, and content with the help of AI.
Many email security technologies also detected poor language and flawed punctuation, blocking them from reaching users' inboxes. Now, nearly perfect language allows these fraudulent emails to stay under the radar.
These rapid technological evolutions are shaping our personal and professional lives, but they come with clear downsides. So how do you keep your business protected and your clients secure?
AI/ML tools will fuel the next generation of cybercrime.
AI technology like ChatGPT has come a long way, producing high-quality essays and surprisingly even computer code – in some instances some primitive malware. Big tech companies like Google and Microsoft are entering the fray, offering even more opportunities for AI-driven content.
Although this is a natural evolution for digital technology, ChatGPT and other AI and machine learning tools also make it easier for cybercriminals to create more sophisticated content to fool their targets.
While restrictions are in place to prevent ChatGPT from blatantly generating malicious content, simply rewording the prompt into something more innocuous can generate output that can be used for fraudulent purposes. For example, ChatGPT can:
- Draft numerous phishing emails and text messages.
- Process large amounts of data breach information to identify potential targets based on specific search criteria or attributes.
- Produce websites and related content to make messages look more legitimate and use typosquatting to host websites with similar domain names to real sites.
Once a victim is tricked by one of these attacks, the cybercriminals can perform various malicious activities powered by AI and machine learning.
AI and machine learning can generate code and content to support:
- The creation of custom malware that can bypass antivirus detection to run on victim devices.
- The generation of professional-looking content to support business email compromise and email spoofing.
- Voicemail messages that sound real and legitimate, using SpoofCards
I recently discussed these and other latest developments in a webinar with Tom Cronkright from CertifID. View the webinar to learn more about what these technologies are and how they work.
What does this mean for our industry?
Cybercriminals use many tactics to commit real estate fraud. The same best practices that thwart and deter these tactics also apply to fraud powered by AI and machine learning.
Here are some of the most important cybersecurity steps you can take:
- Ensure that you practice proper password hygiene by creating complex strings that do not use words found in the dictionary and are not shared across accounts. Use passphrases to create even longer but memorable passwords. This holds true for your business accounts and personal accounts.
- Know the warning signs of phishing and business email compromise, such as unusual changes in the content or behavior of correspondence or an unexpected sense of urgency.
- Pay attention to any changes in email addresses throughout the thread. Any additions or deletions of recipients should be examined and scrutinized.
- Trust your gut! If you are unsure about a request, pick up the phone and talk to a trusted professional.
- Work with the team at Stewart to utilize wire fraud protection software like CertifID. This platform provides independent identity verification, end-to-end encryption for wire transfer information, and the added peace of mind of insurance coverage of up to $1M per transaction.
Fight back against real estate fraud.
ChatGPT and other AI and machine learning tools continue to redefine many facets of our personal and professional lives. Although these changes can introduce many new exciting services and features, these same platforms can also empower cybercriminals to target title companies that don’t take the necessary precautions.
Fortunately, by following the guidelines outlined here, you can sleep better at night knowing your real estate transaction will be better protected from fraud.
To learn more about keeping your company secure, get this guide on the IT Security Stack for Title Professionals. It provides an overview of the key areas of potential risks and how to improve your security posture over time.