Various IT specialists have recently referred to artificial intelligence as a double-edged sword. In cybersecurity, while AI can identify potential cyberattacks by detecting anomalous patterns, it also empowers cybercriminals to develop more sophisticated attacks and convincingly replicate a user’s voice for scamming purposes.

AI-driven scamming techniques often fall under the category of social engineering attacks. These threats differ from common malware attacks given that they rely on psychological manipulation and deception to bypass security controls, rather than exploiting technical vulnerabilities in computer systems. Social engineering attacks frequently involve impersonation, trust-building and manipulation tactics to persuade users to divulge confidential information or perform actions that compromise their organization’s digital safety.

While phishing scams are currently the most prevalent social engineering cyberattacks, vishing (voice phishing) has recently gained momentum due to the realistic touch that AI-powered tools provide. It is the injection of personal and lifelike elements into these vishing scams that significantly enhanced the success rate of these social engineering attacks.  

“Caller ID spoofing is a technique that allows scammers to make it appear as if the call is coming from a legitimate number, such as a bank or a credit card company. This increases the likelihood that people will trust the call and provide personal information,” said Miguel Llerena, VP Latin America, Tanium. According to cybersecurity company Tanium, current AI-powered tools can efficiently impersonate a user’s voice and gestures by inputting just 15 minutes of audible recordings. 

Despite AI’s potential to identify and prevent cyberattacks, it has also enabled cybercriminals to automate and personalize their attacks more efficiently. In fact, automating cyberthreats has allowed hackers to increase the number of attempts that they can carry out daily, posing a real threat to companies lacking the sufficient IT infrastructure to efficiently defend themselves. This worrisome trend is further exacerbated by the proliferation of such tools and services in the dark web, where cybercriminals offer their hacking services for monetary gain.

To mitigate the risks associated with vishing attacks, Tanium advises users to remain vigilant and detect distorted voice quality, which can indicate prerecorded messages or voice synthesis software. Additionally, they recommend maintaining a healthy skepticism towards phone call promotions that appear too good to be true.

Nevertheless, this surge in vishing attacks can pose a real threat to countries like Mexico, where social engineering cyberattacks such as phishing scams are growing in number, sophistication and effectiveness. Just last month, Perception Point identified a massive phishing campaign targeting five major banks within the country, which effectively breached the banking accounts of 4,000 Mexicans, jeopardizing their confidential data. 

Additionally, Infoblox’s recent study revealed that 53% Mexican organizations fell victim to at least one phishing scam over the last year. However, IT specialists anticipate this number to rise significantly due to the role emerging technologies like AI play in enhancing social engineering techniques. Ultimately, fostering a coherent cybersecurity awareness among Mexican citizens becomes crucial, as the precision with which these scams impersonate authorities, government officials, or friends has become nearly indistinguishable to an untrained eye.

This article first appeared in Mexico Business News, written by Tomás Lujambio on September 20, 2023.