AI Is Creating New Mobile Scamming Threats   

Uploaded on 2023-03-21 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

McAfee's  latest Consumer Mobile Threat Report  details key global trends in mobile threats and scams to be aware of, and how to protect against them. In particular McAfee are worried about the potentially game-changing Artificial Intelligence (AI)  applications like as OpenAI’s ChatGPT chatbot and DALL-E 2 image generator. 

These provide powerful AI tools to the mass market, creating exciting opportunities for innovation and productivity, but also provide the same major opportunities to cyber criminals. 

McAfee's latest report focuses on how cyber criminals are leveraging these tools to trick or defraud consumers in growing numbers as identified by McAfee’s Mobile Research team. A common theme throughout is the prevalence of malicious phone applications. “Our mobile devices are an essential part of our daily lives now more than ever. They allow us to access a wealth of information and entertainment and provide the freedom to be productive from almost anywhere,” says Steve Grobman, Chief Technology Officer, McAfee.  “Unfortunately, they also provide cyber criminals with greater access to potential victims. By sharing insights from McAfee’s Threat Research Team, we are empowering our customers to freely and safely enjoy their digital lives.” 

Malicious apps tend to fall into a few categories, things that are popular, easy to use, and seemingly harmless. Many malicious apps deliver some legitimate functionality, but just because a free app works, doesn’t mean that it’s not hiding ulterior motives. Criminals often use encryption to hide their malicious code from reviewers, or they build in a delay, so the bad stuff doesn’t show up until the app is published in the app store.

OpenAI’s new AI image generator, DALL-E 2, ushered in a wave of AI-based mobile applications that could create artistic images based on photos. While some of these apps are legitimate, others may be malicious apps looking to capitalise on recent AI trends.  The report details how cyber criminals are leveraging malicious apps by:

Sliding into your DMs:    6.2% of threats that McAfee identified on Google during 2022 were in the "Communication" category, mainly malware masqueraded as SMS apps. But even legitimate communication apps can create an opportunity for scammers. They will use fraudulent messages to trick consumers into clicking on a malicious link, trying to get them to share login credentials, account numbers, or personal information. 

While these messages sometimes contain spelling or grammar errors or use odd phrasing, the emergence of AI tools like ChatGPT can help scammers clean up their spelling and grammar mistakes, making it tougher to spot scam messages by mistakes in the content. 

The severity of these Communication threats is also evident in the volume of adults (66%) who have been messaged by a stranger on social media, with 55% asked to transfer money. 

Taking advantage of Bring Your Own Device policies:    23% of threats that McAfee identified were in the "Tools" app category. Work-related apps for mobile devices are great productivity boosters, categories like PDF editors, VPNs, messaging managers, document scanners, battery boosters, and memory cleaners. These types of apps are targeted for malware because people expect the app to require permissions on their phone.

Asking for permissions to storage, messaging, calendars, contacts, location, and even system settings is not unusual and enables the scammers to retrieve all sorts of work-related information. 

Targeting teens and tween gamers with phones:    9% of threats that McAfee identified were Games from app categories such as Casual, Arcade and Action. Malicious apps often target things that children and teens like, such as gaming, making videos, and managing social media. The most common types of threats detected within the gaming category in 2022 were aggressive adware - apps that display excessive advertisements while using the app and even when you're not using it.

 It’s important to make sure that kids’ phones are either restricted from downloading new apps, or that they’re informed and capable of questioning suspicious apps and identifying fraudulent ones.

McAfee’s Mobile Research team recommends the following tactics: 

  • Be suspicious of unsolicited emails, texts, or direct messages and think twice before you click on any links.
  • Remember that most of these scams work because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender.
  • Ensure that your mobile device is protected with security solutions that includes features to monitor and block potentially malicious links.

The report also reveals the top mobile malware groups (also referred to as families or types) McAfee identified in 2022, and predictions for the year ahead and repeats the  golden rule - If it’s too good to be true, it probably is

You Might Also Read: 

Cyber Security Issues For The Mobile Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Have Already Cost Medibank $26m
US Federal Agency Hacked  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

MicroEJ

MicroEJ

MicroEJ is a software vendor of cost-driven solutions for embedded and IoT devices.

Blueskytec (BST)

Blueskytec (BST)

BST provide accredited, patent-pending commercial cyber security hardware and software to protect your cyber physical systems from attack.

Evanston Technology Partners (ETP)

Evanston Technology Partners (ETP)

ETP provides services and solutions to enable and transform businesses in the areas of cybersecurity, data protection, and efficient operations practices.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

National Cybersecurity Agency (ACN) - Italy

National Cybersecurity Agency (ACN) - Italy

The ACN is the National Authority for Cybersecurity in Italy. the Agency promotes public-private initiatives to strengthen the national cybersecurity and resilience posture.

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.