The weakest link in any security is not the computer, but the human. Attackers know this, so instead of cracking passwords they simply trick people into opening the door for them. With the arrival of artificial intelligence, these scams are more dangerous than ever. Let us explain how they work and how to defend against them.

What social engineering is

Social engineering is the manipulation of people into revealing information or doing something harmful. The attacker does not hack the computer, they hack the human. They play on emotions and trust: they create fear, urgency or curiosity so the victim acts before realizing it is a scam.

Common tricks

  • Urgency and fear. “Your account will be blocked, act now.”
  • Pretended authority. The attacker poses as a bank, IT support or a superior.
  • Curiosity and bait. A fake win, an unexpected parcel, a great offer.

New: scams with artificial intelligence

AI has taken these scams to a new level:

  • Voice cloning. From a few seconds of recording, AI can imitate the voice of your relative or boss and call you with a request for money.
  • Deepfake video. A fake but convincing video or video call with a “familiar” face.
  • Perfect phishing. AI writes scam messages without grammatical errors that cannot be told apart from the real ones.

Specific scenarios

  • A grandchild or child in trouble calls in a familiar voice and asks you to send money immediately.
  • A fake boss writes to the accountant to urgently pay an invoice (so-called CEO fraud).
  • Fake support poses as Microsoft and wants remote access to the computer.

How to defend

  • Verify through a second channel. With a suspicious request, call back on a known number, not the one from the suspicious message.
  • Do not be rushed. Urgency is the scammer’s main tool, calmly check the facts.
  • Do not trust the display. Both a phone number and an email address can be faked.
  • Agree on a password. In a family and a company, a secret word can help verify identity.
  • Train employees, because even one lapse is enough.

What never to do

Never send money or data based on an urgent message without verifying, and do not let “support” into your computer remotely. This is related to protection against phishing and fraudulent messages.

Want to protect yourself or your employees from scams? Get in touch, we will advise and train your team as part of IT support for companies.