You’ve Been Phished! 🐟

What Just Happened?

The link you clicked was part of a simulated phishing exercise to help raise awareness about cybersecurity threats. This was not a real phishing attempt, but it demonstrates how easily cybercriminals can trick people into clicking harmful links, particularly in the age of artificial intelligence (AI). In fact, the emails, images, and code used in this exercise were entirely generated using freely available AI tools on the internet – tools that cybercriminals are already employing to commit crimes.

Why Is This Important?

Phishing is one of the most common methods hackers use to compromise personal and company data. These malicious efforts are now being supercharged with the use of AI. AI can be used to generate emails in the writing style of a particular person (if that person has any content available online), to create fake images (eg, the image of Elizabeth and ‘Bob’ in the phish email), or even generate fake video and voice. Please take a moment to read this article about how AI deepfakes were used to convince a finance employee to transfer over $25 million to cybercriminals.

    How to Spot a Phishing Attempt

    1. Check the sender’s email address. Does it look legitimate?
    2. Hover over links before clicking. Does the URL look suspicious?
    3. Watch for urgency or fear tactics. Scammers often try to rush you into action.
    4. Look for typos or unusual language. Phishing emails often have errors that give them away although AI is making this much less common.
    5. Look for unusual details in photos. AI photos might look real at first glance, but the details may be strange.

    Next Steps

    Take a moment to reflect on this experience and review your cybersecurity practices. Learn how to identify and avoid this type of phishing attempt by visiting our Business Email Compromise training and take the AI Image Challenge below and remember to stay vigilante and if you’re ever unsure about an email, report it to IT.

    AI Image Challenge

    Here are some examples of other AI-generated images of our CEO using publicly-available data sources. See if you can find anomalies that give these away as being AI generated.

    Building exterior in Toronto, Canada