Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    Microsoft shares detailed guidance for AI scams that are nearly impossible to not fall for

    Karlston

    By Karlston,
    Published Date:

    • 96 views
    • 4 minutes
     Share
    • 96 views
    • 4 minutes

    Microsoft today published its latest edition of the Cyber Signals report, which details how to deal with the latest types of cybersecurity threats, scams and frauds. The company has explained how, with the help of AI, it is easier than perhaps ever to build software with malicious intent and purposes.

     

    Microsoft points out various ways threat actors can trick potential victims using things like deepfakes, voice cloning, fake employee profiles and hoax e-commerce company website pages and product images, among other things:

     

    AI has started to lower the technical bar for fraud and cybercrime actors looking for their own productivity tools, making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate.

     

    ...

     

    AI tools can scan and scrape the web for company information, helping cyberattackers build detailed profiles of employees or other targets to create highly convincing social engineering lures.

     

    In some cases, bad actors are luring victims into increasingly complex fraud schemes using fake AI-enhanced product reviews and AI-generated storefronts, where scammers create entire websites and e-commerce brands, complete with fake business histories and customer testimonials. By using deepfakes, voice cloning, phishing emails, and authentic-looking fake websites, threat actors seek to appear legitimate at wider scale.

    Microsoft's concerns are perfectly valid, as techniques like deepfakes and voice clones are truly dangerous in the context of tech support scams among other things, as they can be near impossible to call out unless you are really looking hard for clues; and even then, the pace at which AI is progressing, telling fakes from the real thing is also getting more and more challenging.

     

    As such, Microsoft has published a list of general recommendations:

     

    • Strengthen employer authentication: Fraudsters often hijack legitimate company profiles or create fake recruiters to deceive job seekers. To prevent this, job platforms should introduce multifactor authentication and Verified ID as part of Microsoft Entra ID for employer accounts, making it harder for unauthorized users to gain control.
    • Monitor for AI-based recruitment scams: Companies should deploy deepfake detection algorithms to identify AI-generated interviews where facial expressions and speech patterns may not align naturally.
    • Be cautious of websites and job listings that seem too good to be true: Verify the legitimacy of websites by checking for secure connections (https) and using tools like Microsoft Edge’s typo protection.
    • Avoid providing personal information or payment details to unverified sources: Look for red flags in job listings, such as requests for payment or communication through informal platforms like text messages, WhatsApp, nonbusiness Gmail accounts, or requests to contact someone on a personal device for more information.

    In the end, Microsoft has also highlighted how some of its apps and tools, like Quick Assist, are also evolving to safeguard against such tech support fraud and scams using methods like Digital Fingerprinting, and implementing blocks on full control requests. It writes:

     

    To help combat tech support fraud, we have incorporated warning messages to alert users about possible tech support scams in Quick Assist before they grant access to someone approaching them purporting to be an authorized IT department or other support resource.

     

    ...

     

    Microsoft has significantly enhanced Quick Assist protection for Windows users by leveraging its security signal. In response to tech support scams and other threats, Microsoft now blocks an average of 4,415 suspicious Quick Assist connection attempts daily, accounting for approximately 5.46% of global connection attempts.

    Microsoft, however, recommends using Remote Help instead of Quick Assist for internal use within an organisation, which consequently makes it the safer alternative.

     

    It has also mentioned how some of the security features in Edge, like Typo protection and domain impersonation protection, can save users from typosquatting into imposter malicious websites. You can view the full report here on Microsoft's website.

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of March): 1,357

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...