Attackers use AI to facilitate social engineering campaigns.
Social engineering with generative AI.
Researchers at Safeguard Cyber have observed a social engineering campaign on LinkedIn that used the DALL-E generative AI model to make images for phony ads.
Ads designed to gather personal information.
The malicious ads purported to offer a link to a whitepaper that would empower “sales team[s] with next-level insights and strategies.” If a user clicks the ad, they’ll be asked to enter their personal information, including their email address and phone number, in order to receive the whitepaper.
Information could be used in additional social engineering attacks.
Safeguard Cyber’s researchers commented on the campaign, noting that this information would be useful for targeted phishing attacks:
“The most alarming implication of this incident is that it could be a recon test. The company ad page was crude and poorly set up and the ad creative left something to be desired. However, it’s clear how a threat actor could quickly ratchet up the sophistication from here. The threat actor could easily iterate on messaging, creative, and audience targeting, to achieve ever more refined and targeted phishing ads.
“Encountering this fake LinkedIn ad was a significant reminder of new social engineering dangers now appearing when coupled with Generative AI. A common goal in any social engineering attack is to speed up a transaction, before the critical thought process kicks in. It’s more critical than ever to be vigilant and suspicious. We immediately reported the ad and company page. This attempt, albeit facile, has immediate implications for security awareness training.”