- The crooks use AI to usurp the identity of the workers of the IRS and the taxpayers of the scam
- AI also helps attackers to develop quickly on several vectors
- Microsoft shares some simple tips to protect you
Schools are increasingly observed using artificial intelligence to fuel malware, many opting for vocal scams generated by AI-AI and deep buttocks to usurp the identity of income, accountants or IRS officials.
American citizens participating in the day of the tax, the thrust of the vocal phishing attacks (Vishing) means that we see cybercriminals using personal details stolen for false identities and scams convincingly to share financial documents and sensitive details.
While consumers have long known the signs of phishing by email, this new attacking vector takes more victims.
Vishing scams target taxpayers
American citizens participating in the day of the tax on April 15, a new Microsoft Threat Intelligence report hopes to educate users on how they can better protect their data.
Certain easy fixes include the implementation of multi-factor authentication on online accounts and the verification of URL authenticity-reward the URLs themselves, users can avoid potential scams such as the use of a capital, which is often used instead of an “ in the attacks.
In addition, citizens should familiarize themselves with the communication methods verified-for example, the IRS does not launch contact by e-mail, text or social media for personal or financial information, therefore a message like the latter should immediately ring alarm ringtones.
The generative AI allowed the crooks to develop their attacks and create very credible phishing communications, including realistic emails, voice calls and videos. It can be used at all levels of the attack, to decide what to say or to write to make content in the form of emails, websites and even voice identity.
Fraudsters can even handle research rankings to direct the victims to false sites that promise tax reimbursements, increasing their feeling of authenticity.
Other current attacks may include PDF malicious attachments, the use of QR codes and legitimate services such as Dropbox and fake Docusign destination pages. Engineering, IT and Council workers are among the most likely to be attacked.
