AI-Powered Scammers Raise Concerns About the Scale and Sophistication of Cyberattacks

The rapid evolution of artificial intelligence (AI) is giving scammers access to powerful tools that enable highly sophisticated attacks on a large scale, according to Richard Ma, co-founder of the Web3 security firm Quantstamp. Speaking at Korea Blockchain Week, Ma emphasized that while social engineering attacks have been around for some time, AI is making hackers more convincing and increasing the success rate of their attacks.

Ma shared an example involving one of Quantstamp’s clients, where an attacker posed as the chief technology officer of the targeted company. The attacker engaged in extensive conversations with one of the company’s engineers, creating a sense of urgency before requesting sensitive information. This added complexity to attacks makes individuals more likely to hand over important data.

Before AI, scammers might have simply asked for a gift card or Bitcoin in an emergency, but now they engage in more sophisticated dialogue to establish legitimacy.

Ma’s main concern is the sheer scale at which AI-driven attacks can be executed. Automated AI systems allow attackers to conduct social engineering and other advanced scams across numerous organizations with minimal human involvement. In the cryptocurrency space, hackers often have access to databases containing contact information for key individuals in various projects, making it challenging for organizations to train their employees not to respond to such attacks.

To protect against these threats, Ma advises individuals and organizations to avoid sending sensitive information via email or text and to use internal communication channels like Slack for important data exchanges. Additionally, he recommends investing in anti-phishing software that filters out automated emails from bots and AI. Ma cited the use of anti-phishing software from a company called IronScales by Quantstamp as an example.

He concludes by emphasizing that we are only at the beginning of an ongoing struggle to distinguish between humans and increasingly convincing AI, making vigilance and protective measures crucial in the evolving landscape of cybersecurity.