With the ability for AI tools such as ChatGPT to create error-free content, cybercriminals are using the technology to make cyberattacks more convincing. On top of this, AI-driven tools also make it easier for cybercriminals to increase attack volume.
Phishing attempts may not initially target payments data directly, but once they find a way in, they have access to everything in the system. Keeping your software secure and helping protect your customers starts with being aware of some of the ways cybercriminals will target their victims.
Phishing scams are becoming harder to spot
In the past, scams have been easier to identify because they have come with spelling and grammar errors, lack of personalization, or obvious signs that the link isn’t from the business reaching out. However, AI tools are making it much easier for cybercriminals to produce error-free content in phishing scams.
Communications are no longer limited to email. Text messages have become prevalent, and they often look legitimate at first glance. Phishing attempts have graduated beyond requests to reset your password or asking for payment. Text messages now appear to come from someone you know or in your network. The initial request to respond can seem friendly and conversational. However, once you respond you’ll find they’re typically asking for a “favor” which can include anything from sending cards to pay for something urgent to “helping” reset a password. The level of sophistication is growing, and it takes much more awareness to prevent cybercriminals from having a way to get inside of secure systems.
To help protect against phishing scams, you and your customers should:
- Consistently provide training to employees and customers on how to look out for phishing attempts and what to do when they receive a suspicious email or text message.
- Remember that mistakes can happen. There should be a plan in place if someone accidentally clicks a link they shouldn’t, so immediate action can be taken to block access or mitigate further intrusion.
- Establish system management plans and procedures to monitor and detect threats for company issued devices and programs
- Consider AI-driven detection and response software that can help devices defend themselves
Spear-phishing is a problem too
Spear-phishing refers to emails that try to get specific details from potential victims. It’s a more targeted attempt and takes general phishing one step further. This may include passwords and other sensitive personal information. Cybercriminals can now feed data from a person’s online presence into an AI tool to create a tailored email that’s convincing. Alarmingly, a recent report by Check Point outlined that a US-Israeli cybersecurity firm was able to get around ChatGPT’s safety procedures to create a phishing email by telling ChatGPT that the content was for a cybersecurity awareness program.
To protect against spear-phishing, you and your customers should:
- Implement cyberattack monitoring and detection measures from the list above
- More training and education. It’s critical to understand what to watch out for so it doesn’t get overlooked amidst the many communications received on a daily basis.
- Never click a link you weren’t expecting to receive
Business email compromise can cause large financial losses
Another cyberattack method is business email compromise (BEC). Business email compromise is considered a phishing attempt, but the cybercriminal’s main goal is financial gain. Broader phishing attempts are looking for information while BEC is specifically targeting a payment attempt. The emails typically appear to be coming from the CEO, HR, or an attorney and once a compromise has occurred, details are often sold on the dark web.
To protect your company and its customers from BEC, you should:
- Continue to stay up-to-date on all forms of phishing attacks and what to do if a breach occurs
- Implement separation of duties – establish a policy that requires verification from a second employee to validate expenses
- Educate your team on how invoices are paid and who they come from for any expenses related to your business
- For your customers, continue to educate them on the value of Embedded Payments – all payments are made directly in the software and any attempts outside of the software should be investigated
Strengthen your payment security with Payrix
As AI enters the picture and makes phishing attempts harder to identify, it’s imperative that your software company keeps security top of mind and educates your customers about security. While specific cybersecurity protection systems are important, payment security protection comes in many forms – from information security, data protection, PCI compliance, authentication programs, risk management and more.
Book a demo to speak with one of Payrix’s payment security experts today about ensuring your platform has a comprehensive program to protect your payments.