[00:00:00] Speaker A: SA welcome back to AI Today. I'm your host, Dr. Alan Badot. And this week we are diving into something that affects every single one of us.
It's CyberSecurity. In our AI powered world, whether you're running a business or you're just checking your email at home, you know, these, these threats are real and we, we see that they continue to evolve and they're getting smarter and smarter every single day.
So what we're going to do this week we're going to look at, you know, trying to bring you really some really quick, intensive hands on look at ways that, you know, cyber criminals are using AI against us and more importantly, you know, how we can use AI and the tools that you have and that, you know, you've been using all along to try to fight back and protect yourself. So we're going to get our hands dirty a little bit, especially in the next segment and we're going to do some real demonstrations and like normal, you're going to see how these things behave and what happens when we're doing some things live. So we never know what we're going to get. Right. But you know, I want to paint a picture though for everybody because, you know, last year alone, the cybercrime, you know, it costs the global economy almost $10 trillion. That's not my statistics, that's statistics that you can find pretty, you know, pretty much out in the open. And you know, here are some of the things though, that changed. If you think about it, it's not just your stolen passwords anymore.
That's really not the prime worry that you should have. It's talking about, you know, we're talking about deep fakes that can mimic your face and it can happen in real time. Zoom calls. We're talking about emails that are so sophisticated that they mimic your boss's writing style. And then we're also thinking about social engineering attacks that, you know, it really lets them know more about you than maybe even, you know about yourself in some cases, which is kind of scary. And you know, these, these things always are hitting us and they're hitting us some from so many different parts.
You know, everybody probably knows somebody that's been affected by this. And it doesn't matter if it's a junk email that, you know, you mistakenly clicked on or you know, a work email that, you know, potentially exposes, you know, corporate proprietary PII data.
It all affects us in the, in the same way. And then it's, you know, it's, it's not a good thing.
And the scary part, though, is that it's starting to get more coordinated. Even we're starting to see, because of the tools that we have, you know, nation states that are constantly, you know, attacking us, trying to get our information, and even, even some, you know, criminals are starting to, to, to come together to, you know, fight a lot of different, you know, fight against a lot of different, you know, people that are trying to, to protect us. And the even scarier part is, you know, it's happening in a younger and younger age, too. You know, we've all seen and heard, you know, teenagers are doing some of these things. And, you know, now with AI, if you've got an Internet connection and a laptop, you can almost do these, you know, things on your own. And that's, that's, that's very troublesome, I think, for people.
And if you look at how they are getting at you and what your, you know, we call it attack vectors. Right.
Well, number one, we all know, you know, humans, we click on things where we are the biggest problem. All right, so we'll touch on that a little bit. But if you start looking at, you know, other things, whether it's identity theft and that could be facial recognition exploitation or, you know, you know, fingerprints or, you know, even. Because if you think about it, your face is now your password. And a lot of different systems, especially mobile devices, right?
And, you know, it's very easy now, though, if somebody can just get an Internet, you know, a photo of you that is a couple of different sides, potentially. They can create their own motion movies and they can start to fool, you know, these 3D detectors that are out there that are trying to look at those, those kind of things.
You know, how many of you have gotten the email from the Nigerian prince that is promising you, you know, $100 million if you just send your credit card or if you just, you know, do X, Y and Z with your, your email or your bank account or whatever that is, right? They're using natural language processing to look at a broad spectrum of emails. Now in learning some of your communication patterns, your relationships, your schedules, those kind of things. And so it's become much more sophisticated from that perspective. And as I mentioned, social engineering, it's gone AI powered as well.
Attackers, they can create fake online Personas, complete with back stops and, you know, pictures and vacations of them at the beach that, you know, never happened. But it's so convincing that, you know, obviously they're, they're real. Otherwise there's no way that those people would.
No way AI could create something like that, right? And no, that's not, that's not the case anymore. They've even been able to know, infiltrate professional networks and you know, they take a long time in some cases to build trust. And now AI can, can do that. And you know, here's the, here's the kicker about that.
You know, you want to use large language models and these tools that we have for productivity, it's the same technology. We want to be able to write better emails and we want to be able to, you know, interpret information better. But the reality is, is they're starting to use those same tools against us. And so we have to, we have to make sure that we are prepared to do that.
And so here's some good news though. I don't want to be doom and gloom on in this show because, you know, we've got some, we've got some interesting things that'll help you out. But if you're watching today, there are ways that you can fight against that using the same tools. Just as criminals are using these tools to try to attack you and try to take advantage of you. I'm going to show you today how you can protect yourself against those. So we're going to build a quick AI powered security assistant. All right? We're going to set it up.
We'll have it focus on trying to detect some fake emails, okay, Things that make it easier for you to understand.
Some protocols that we'll have in place using, you know, large language models that will help identify social engineering attempts. And we'll try to do it in real time.
We never know what's going to happen in real time, but that's what we're going to try to do. And then we're going to try to demonstrate how you can really protect your digital identity. We talk about this all the time, that, that is your, your main source now that you have to watch. And so we're going to try to, you know, help you, you know, protect that and give you some tools or some ideas and things that you can do to, to make sure that that's not stolen.
Because, you know, here's the thing. I'm not going to try to say that you're going to be a cybersecurity expert overnight or an ethical hacker or any of those things. But I just want you to have, whether you're a small business or, you know, you're just, you know, at home checking your stuff, I want you to have some tools for you to go to if something looks a little suspicious. Or if something is, you know, a little bit off, you're not quite sure what it is, but it might be, it might be off because at the end of this show, I want to make sure that, you know, you can hit 75, 80, even maybe 90% of those potential targets and, you know, attacks that are coming in against you.
That's going to be a win for us. And if we can do that, that'll be, that'll be really fantastic.
So if you want to try at home, that's great. I hope you do grab your laptop and, you know, in our next segment, we are going to start with something that's going to, I think, might shock many of you. We're going to start looking at ways to spoof an email and figure out what one looks like. How do you determine one you trust versus one that you don't? And then more importantly, we're gonna, we're gonna build some defense against that and you're gonna see exactly what's happening on my screen and I want you to follow along step by step, and hopefully you'll be able to do that. So, you know what we always say, you know, knowledge is power and, you know, in cybersecurity, though, applied knowledge is really protection. All right, so stay with us. We'll be back after a few messages from our sponsors.
[00:10:22] Speaker B: Two 1.
[00:10:25] Speaker A: Loving what you're watching. Don't miss a moment of AI Today or any Now Media TV show, live or on demand, anytime, anywhere. Download the Free Now Media TV app on Roku or your iOS device for instant access to bilingual content.
It's in English and in Spanish.
Prefer to listen on the go. Stream the podcast at www.nowmedia.tv.
from business and breaking news to lifestyle and culture, Now Media TV is streaming 24. 7. Ready whenever you are, everyone. Welcome back.
You should be able to see my screen.
We are gonna, we're gonna share, you know, live and we're gonna, we're gonna look through really what, what some infers, you know, interesting information can bring to us around, you know, as we get some of these emails and what we're, what we're doing with some of those. And so what I'm gonna do first, I am going to post an email and I'm looking, I'm just digging through it here. Everybody give me a second and I have Claude up. You guys know that I'm a big fan of Claude, but let's see here. We're going to take it and we're just going to post it in here real fast and so says you can see it's from our security. They're trying to IT security, the Alan Badot AI-support.com and you know, it's got an urgent message, mandatory security update required. Action is needed today. And it says, dear team members. And you can see it's going through.
There is a click, you know, hyperlink in here for your verification of your profile and all of that other, you know, additional information that is there. And it says, oh, it's so fast, it only takes about five minutes to do, you know, but you know what? Failure to complete this update is going to result in a temporary account suspension. So they're trying to, one trying to, you know, convey a message to you that, oh, you've got this security training that is required and you've got to verify your information, you know, same sort of thing that we see, you know, all the time. Right. And, and more important, it's telling you, oh yeah, we're going through this process so that you can enable advanced your, your two factor authentication. Because why, because that's so important to be able to, to do. Right. And so, you know, we're going through. It's looking at it. It even has relevant information, your IT ticket number information. It looks like it's coming from somebody that is, you know, working at this, you know, the, the company, yada, yada, yada. Right. And so if I were to send this to you, you probably say, huh, okay, that's not too bad.
It's referencing a lot of information if you worked at the company, especially, you know, if you looked at the IT security policy, guess what? That is the correct, that is the correct number with that.
So that's a little scary, right?
It's going through. And what I want you to think is, geez, if I had to rate this one out of 10 from a phishing email, what, what would, what would I rate it?
Well, you know, take some time, think about it. I'll give you three seconds, four seconds as we go through this. But there are some interesting nuances though with that number one.
Anytime somebody sends you an email and it says urgent, oh, it's of the utmost importance, need your attention right now.
That number one is an indicator. Okay. You need to think about, oh, geez, is it really that important? How come they didn't call me? Why didn't they send me a text? They sent me an email. They know I don't check my email very often, maybe. Right. Or something like that. Right. And so it does want, it does ask you to have some questions around that. And so what I'm going to do is we're going to just ask Claude, we're going to say, is this a legitimate.
Oh, I'm a terrible speller, guys. There we go. Thank you, Claude. Is this a legitimate email or is this a spoof?
Well, Claude. And by the way, Claude 4.1 just came out.
Well, some of it's been testing a little bit. Just came out, was released a little bit ago today. So pretty, pretty excited to see what Opus 4.1 can do. It's going through things, it's looking, it's. And it says, oh, this is almost certainly a spoof. Ooh, now that's interesting.
Why is that? Oh, look at this.
So it says, sender's domain doesn't match the actual domain.
1.
A legitimate IT department that you know is not coming from. That is a problem.
I'm not outsourcing now. Some people do, but they still have the same domain because companies don't want you to know that they're outsourcing their own it, especially if they're an IT company.
So that's a problem.
Then you look at some of the classic, you know, phishing schemes that they have.
You know, I already talked about the urgency around that. But there's also the fear factor that goes into that. Oh, they're going to suspend your account.
Most people may today say, yeah, please do. Right. And so, you know, but that's, that's their tactic. They're looking at a general greeting. They're not saying hi, Carol or hi, Anna or hi, David. They're saying dear team member.
Okay, all right, that's a, that's, that's, that's usually an issue.
They haven't been very specific on the security concern either.
And of course, you know, they want your credentials. That's their number one goal. They want your credentials.
So that's a problem.
So let me blow this up a little bit so y' all can see. And this way it's a little easier.
But it's important, though, remember, you're not going to get in trouble if you contact the IT department and just ask them, is this real or is it not real? Okay. And, you know, the last thing is, though, just delete the email after you've gotten direction from it. Just make sure that you don't send it out to anybody. Don't, don't, don't forward it. Be, Be smart. Stop it in its tracks, and then you'll be, you'll be in great shape. All right, so now we want to look at another one, I want you to see a, a favorite of mine as you.
I'll put this in the.
And Claude, again, this is a really fantastic one. This one is all about invoice payments, right? And looking at it and saying, oh geez, you owe this amount of money, it's overdue. There's going to be late fees that are going to be applied to it.
And you know, same, same criteria, right?
[00:18:47] Speaker B: We're looking at it.
[00:18:48] Speaker A: It's a pay now thing. There's an invoice, but guess what? They, they messed up a couple of times because the whole view invoice and the pay now in the brackets, right? That's a generic thing that a lot of people will, will try to do. Try to, they're trying to generalize it and they make a mistake, they send it out.
You know, that's, that's good for you, bad for them, right? So again, there are the red flags are fake domain name again, quickbooks, you know-notifications.net they're using zeros instead of letters. Books. Oh, that's pretty good one.
Something to, to definitely pay attention to. It happens all the time. And then also, you know, the real email it'll come from, you know, something like quickbooks.com or intuit.com or things like that. But then there's also some really, that invoice pattern that is used all the time. You didn't expect an invoice. You haven't bought anything, you haven't, you don't owe anything, right? But there's always a substantial amount that they want you to pay. And it's that kind of, you know, threatening language that they're, oh, a service interruption, an issue.
Here's your final notice. You know, you wish it was your.
[00:20:14] Speaker B: Final notice though, right?
[00:20:15] Speaker A: But the reality is it's, it's just, you know, another attempt. And of course, generic again. No company name, contradictory instructions.
Now with, okay, I've seen many of them that look like that, that say.a1 or you know, a11en, you know, those, those kind of things that should be an indicator, should be a red flag. Something's not, not right with it. But if you have a question, drop it into Claude and Claude will help you look through those things. Very, you know, very sophisticated in its ability to pick up some of those things. And again, don't ever click the buttons. You know, never click the buttons.
Don't make any payments.
Don't give them your bank information, don't give them your credit card information. Don't do anything like that, and if it's sent to your personal account, delete it, flag it, that it's spam, and this way the next time it'll go right into your spam.
You know, the problem is if you do click it oftentimes they're going to get your credentials, of course, but they're also going to get a lot more. They're going to get access to potentially your bank account, your, all your information associated with that. Any kind of vendor, you know, issues, things like that, you just got to be careful of. Now, how can you really protect against that? And that is, that's going to be the question. And so what I did, I've got something I want you to take a look at. It's kind of a, you know, really how you can just quickly create with Claude, you know, really a cyber security SME that'll, you know, again, it'll last you, you know, for a few, a few times you'll probably have to re. Enter this, this prompt because we know how large language models behave.
They're temperamental and it may not last very long. However, something that's, that's really easy to help folks look at and I'll spread this out a little bit for you all to see.
But what you want to do is you just tell Claude, hey, listen, you know, you're a cybersecurity analyst. I need you to help me look at email.
And you want it to detect phishing and you also want it to analyze.
[00:23:04] Speaker B: It for security threats. And then so you just, all you have to do is cut and paste your email in here.
[00:23:08] Speaker A: And then it's going to look at some elements, some basic elements around that is the authenticity of it. Now, Claude, because it can search the Internet, you know, there's, it's got a lot more power associated with being able to find domains that are relevant information that's relevant, you know, those kind of things.
It's going to look at those known patterns that you have, right, because you've asked it to be an analyst. So now it's going to think, okay, urgency, pressure, you know, tactics, you know, things like that. Anything that's time constrained is going to be a flag for it.
Then of course, you've got unusual requests that happen to pop out there. Unusual by, oh, of course they want your credentials, of course they want you to put in your password.
[00:23:54] Speaker B: Of course they want you to put in your financial information.
[00:23:58] Speaker A: All of that stuff comes into play. Now again, Tone, some other things that you may not think of, Claude is.
[00:24:07] Speaker B: Is taking a look at and so this is something very easy for you to do.
[00:24:11] Speaker A: Cut and paste it, use it, don't just keep it in there because again, you have to remind these large language models what it's supposed to be doing.
[00:24:22] Speaker B: Sometimes, otherwise it'll start to lose and forget about some things.
[00:24:26] Speaker A: But this is something very easy for.
[00:24:29] Speaker B: You to use, very quick for you.
[00:24:31] Speaker A: To put in there and, and it's a quick tool to make sure that you're protecting yourself.
So stay with us. We're going to be back after a couple of messages from our sponsors and we're going to look at some social.
[00:24:43] Speaker B: Engineering tactics that are out there and.
[00:24:45] Speaker A: How to protect yourself there too. Stay with us.
Loving what you're watching. Don't miss a moment of AI Today or any NOW Media TV show, live or on demand, anytime, anywhere. Download the free Now Media TV app on Roku or your iOS device for instant access to bilingual programming in English and in Spanish. Prefer to listen on the go.
Stream the podcast at www.nowmedia tv. From business and breaking news to lifestyle and culture, Now Media TV is streaming 247 ready whenever you are.
Well, welcome back. And what I'm showing up here on the screen now is just some other examples and, you know, feel free to reach out to me. I'll send this to you so you everybody gets a copy of it. But there's a whole bunch of emails that I've pulled together and if you want to use them for, you know, testing of some of your, you know, employees and, you know, go through some fire drills with them, that's, that'll be great. But you'll be able to see what, you know, what some real ones look like and then you can show them some comparison emails of what real ones are and have them try to guess the two in between. And so I think, you know, it's going to be helpful for you to see that from that perspective because, you know, we're just trying to give you some examples on things that will help you or your team recognize the difference. But again, always don't be worried, don't be afraid to check. And so I'm just going to share my screen so you should be able to see that.
And there we go. Now there's some other things, though, that we have talked about and again, I'll scroll down through these really quick.
We've talked about the social engineering, okay, because at the end of the day what we want to do is we want to make sure that you have got the tools that will allow you to really build on your vocabulary and.
[00:27:29] Speaker B: Build on some things to take a look at. And so just here is a really quick chart.
[00:27:34] Speaker A: So here are some ideas and really some, you know, vocabulary for you all to build on and some things for you to look at and say, you know what, this is real. This isn't real. And then I've even included a scale to kind of help you with, you know, telling folks and things to really pay attention to and look at as.
[00:27:57] Speaker B: You'Re going through some of this stuff. And so of course, you know, you.
[00:28:01] Speaker A: Always want to look at the domains.
[00:28:02] Speaker B: You always want to look at the urgencies around that and then even some of the signature pieces around that. And then of course, that will tie over to everything that you're looking at.
[00:28:13] Speaker A: And the important part of that is that, you know, where's the risk?
[00:28:18] Speaker B: How do I identify the risk?
[00:28:20] Speaker A: And as you're, as you're going through, you'll see some scales that I've just.
[00:28:26] Speaker B: Just some general ones. And then I've just pulled together a.
[00:28:28] Speaker A: Really quick, you know, reference card for, for you all to look at. And, you know, the thing is, if you don't know who's sending it to you or you don't know why it's.
[00:28:40] Speaker B: Being sent to you or whatever that is, then it's always safer to check, right? Because then you're, you're 100% sure what is taking place. And so just keep that in mind as we, as we go through that. So now we want to talk about some of the social engineering capabilities that, that folks are bringing to bear. Because as you look at all of these things that are taking place on social media, all these spoof accounts, all of these accounts that just pop up out of nowhere that you're curious about. You know, you're thinking, oh, geez, I've got another website that has popped up. I mean, if, even, even on my stuff, you know, I see that now. I've got a couple of Instagram accounts that I don't have.
[00:29:26] Speaker A: And you know, they're Ellen Bideau one or Alan Bideau three, four, seven, I think was another one.
[00:29:33] Speaker B: I guess that meant that 5 and 6 were taken.
[00:29:35] Speaker A: But, you know, you have to, you have to think about that kind of stuff as you're going through that.
And, you know, you need to check. I check simply because I don't want somebody to, you know, take advantage of you, the audience, or any of my friends or things like that. And it's important that we, we are.
[00:29:57] Speaker B: Aware of those activities that are going.
[00:30:00] Speaker A: On because, you know, I know it's, it's easy to just ignore them and.
[00:30:07] Speaker B: To say, oh, you know, I'm not, I'm not concerned about that because it's not, it's not really me doing it and somebody else's responsibility, but you can turn them in for those kind of, you know, activities and you can have those counts deleted or erased when you.
[00:30:27] Speaker A: Have the opportunity to do so, because.
[00:30:29] Speaker B: That is your, I think, responsibility. You know, we are seeing a lot and I'm trying to find the next demo piece that I have for us to do. But we're seeing an awful lot of those types of efforts by, you know, our, I guess I would say our attackers is an easy way to say it. But let me go ahead and we'll share Claude again and we will just.
[00:31:00] Speaker A: Do it like we do when we have to. We will wing it and bring it. Let's see here. Which one do I want to share? I want to share that one.
All right, now we are back.
You should be able to see my Claude screen again.
Engagement techniques. Oh, I've got the wrong window. Here we go.
That's all right.
These things get more and more fun as we are going through them. Right. And so we will go back to Claude. Now what I want to do, I want Claude to show you what a social media engineering attack looks like. And Claude, sometimes you got to be, be careful because the way Claude is built, it's very protective. It tries to help you, it tries to make sure it's not doing anything harmful or gives you something that will.
[00:31:57] Speaker B: Allow you to harm somebody else.
[00:32:00] Speaker A: And that's a great thing about it. But sometimes it can be a little over protective. So what we're going to do is I'm going to say, you know, for my TV show, so I need an example of a social engineering attack.
Now please use mock data and no real profiles. So hopefully it thinks that I'm trying to be a good guy and trying to show you all what some of these might potentially look like or how they may come to fruition. Right. And so it's thinking, it's going through the process of crafting what that social engineering attack could look like. And what I think is important is here's some scenarios that it's going through and these are things that happen all the time.
[00:32:58] Speaker B: Now if you're doing training for your.
[00:33:02] Speaker A: Workers or training for any sort of material or things like that, it's, it's great because it really gives you a lot of power to, you know, to check again, to look at some things and to better understand what some of that stuff can look like. And so let's start at the top because it's going to give you a very in depth, you know, in depth.
[00:33:25] Speaker B: Answer for, for this.
[00:33:26] Speaker A: Let me try to blow it up a little bit.
Now granted you saw the prompt I had, right?
[00:33:30] Speaker B: It's nothing special.
[00:33:31] Speaker A: It's not that it wasn't that in.
[00:33:33] Speaker B: Depth or detailed about it, but here's a potential attack.
[00:33:38] Speaker A: It's, it's, it's really around the recruiting scam. You probably like myself, have gotten texts about, oh, somebody wants you to start a business and you only have to work five hours and they'll pay you a thousand dollars, right? Or in this case it's around a fake LinkedIn. LinkedIn profile that is out there. And it's all about recruiting though, because why, because they want your information.
They, you know, and once they get that information, they're done and they can do really whatever they want. And this is a, a pretty interesting one.
So the profile is Emily Richardson. Richardson and talks about, you know, the connections that she has and where she worked and what the experience looks like, etc. Etc.
[00:34:29] Speaker B: Etc.
[00:34:30] Speaker A: Now it's going pretty deep.
It's pretty, it's pretty impressive how it.
[00:34:37] Speaker B: Can write resumes now, right?
[00:34:39] Speaker A: And so it's looking at recent activities.
[00:34:42] Speaker B: Recent posts, initial contact messages and things like that.
It's, it's talking about, oh, I saw.
[00:34:49] Speaker A: Your, your profile on LinkedIn and it.
[00:34:52] Speaker B: Looks impressive, blah, blah, blah, blah, blah. Trying to play to my good side.
It's really trying to build that foundation with you to say, you know, you.
[00:35:02] Speaker A: Know, I'm reaching out, let's be, you know, we're, we're, you know, colleagues and.
[00:35:06] Speaker B: I want to get more info from.
[00:35:08] Speaker A: You and you know, we would love.
[00:35:09] Speaker B: To really connect and start to, to share what we're doing and we can build something together, right? And it's just phase process that you will go through. And then here is another trust building message that you may get and it says, you know, thanks for connecting.
[00:35:27] Speaker A: I guess I, I guess I accepted.
[00:35:29] Speaker B: The invitation, but thanks for connecting. I wanted to follow up on an earlier message. And here we go.
You know, if you start digging about.
[00:35:41] Speaker A: Us though, we're in stealth mode so you're not really going to be able.
[00:35:44] Speaker B: To find very much information about that.
[00:35:47] Speaker A: And you know, but here's just a basic idea and we want you to.
[00:35:52] Speaker B: Say, you know, it says about the Palantir meeting, DeepMind, so, but it's for cyber security, right?
[00:35:58] Speaker A: And so it's trying to play to.
[00:36:00] Speaker B: My technical side and my, my goals of, of really combining these things. So clearly it has gone out and it's looked at my profile and it just looked at, you know, some of the interests that I have out there. And, you know, it's pulling all of that stuff together and it's writing a very compelling, you know, you know, message.
[00:36:22] Speaker A: To me that's kind of scary, right?
And with AI tools, look how easy this is.
[00:36:32] Speaker B: It's, it's, it's very impressive what you can do with some of these tools.
[00:36:38] Speaker A: And, you know, that's what makes it so easy for attackers, though, to, to do some of these things now, because it's giving them a tool that takes a matter of seconds to, to come up with this stuff.
Before it was much more in depth, it would take them a long time.
[00:36:58] Speaker B: To look at that material, look at your online profile, look at, you know, how you're doing things, look at the emails that they're sending to you, look at what they're trying to do from an engagement perspective. And like we've always said, right, hackers want to take the path of least resistance. They don't want to spend a lot of time doing this kind of stuff.
They want to get your information and get out. That's their big driver, spending a lot of time on your background and all these other things.
They're not interested in that.
[00:37:29] Speaker A: But today they don't have to be.
[00:37:31] Speaker B: Interested in it because it's a lot faster with a large language model and being able to just generate some of this stuff. And now, look, they're throwing salaries and you know, even some of these other things. And you can see that it's building, it is constantly building what that engagement looks like. Now it's talking about equity, now it's talking about salary. Now it's talking about whatever, whatever, whatever.
And now we've got a, now we've got some interesting things. And so if we look at what.
[00:38:04] Speaker A: The attack vectors are, right? We always want to look at what the attack vectors are around that you're going to look at.
You know, here's a verification form that they want you to fill out.
[00:38:17] Speaker B: They've sent you two weeks worth of info, two weeks worth of email information.
And now, now when they're going to take their chance, now they're going to try to ask you to fill something out, put it down on paper, send it in, and they want to get that info from you.
[00:38:33] Speaker A: Of course, they, you know, your date.
[00:38:35] Speaker B: Of birth, your current employer, these things Are, are of course, extraordinarily important, right? And then they want, oh, your security clearance, of course.
And then they also want a whole bunch of information that goes along with that. A lot of stuff looks very legit, right? They want references, they want emails, they want your current salary, they want all that stuff. And why? Because oftentimes they can either get passwords from that information or it could be your authentication piece. Answer this question. Oh, you know, yes, I was born in X City, right? And that's your, that's your, you know, password reset question or something like that. Because the more info that they get, the better rounded they are and the better it is for them to get access to all that stuff. And then it can get as, you know, as deep as, and this is.
[00:39:30] Speaker A: Really scary around videos and transcripts and looking all those things. You're not safe when it comes to any of that stuff that you get that's unexpected.
One, you always have to ask the question, did I reach out to them?
And if the answer is no, then.
[00:39:49] Speaker B: You'Ve got to go to the second question.
Have I demonstrated enough that somebody that I don't know in some other country, some other state, and whatever my job proficiency is.
[00:40:03] Speaker A: Is there a reason that they would reach out to me?
[00:40:06] Speaker B: You know, if you can't say yes, because I've done this, this, this, this and this, then it's probably a spoof.
That's, there's nothing wrong with that, of course, but you've just, let's, let's have a little bit of common sense when it comes that kind of stuff. If I get a call from the Yankees saying, hey, we want you to come play for us, but, you know, give us your background information so we can do a background check and you know, that kind of stuff.
Well, I'm a little out of my prime, right? And it's the same thing with any kind of job.
It's so easy to do that they do it on Facebook. They can get all that information, though. That's why I always tell you the more information you put out there, the more you jeopardize what your, you know, your, your, you're jeopardizing your ability to protect yourself.
So think about that.
Look through these things. More than happy to send these out to folks as well.
You know, stick around though, because we've got one more segment for you and it's going to come right after a couple messages from our sponsors.
[00:41:32] Speaker A: Foreign Loving what you're watching. Don't miss a moment of AI today or any now Media TV show, live or on demand, anytime, anywhere.
Download the free Now Media TV app on your Roku device or your iOS device for instant access to bilingual programming in English and in Spanish.
Download the. Or prefer to listen on the go. Stream the
[email protected].
from business and breaking news to lifestyle and culture, Now Media TV is streaming 24. 7 ready whenever you are.
So we want to close out today's show by really just giving a couple of quick review and just some things.
[00:42:35] Speaker B: To think about, right?
We have to be prepared for these sort of attacks to happen because they're happening to everybody. And it's very easy.
[00:42:46] Speaker A: Remember, we're are, we are our biggest.
[00:42:49] Speaker B: Enemy because we're clicking on things, we're not paying attention, we're going too fast. We're trying to get through a whole bunch of things that we have that we've, we want to accomplish for the day. And email and getting through that backlog is one that we, we, we just have to do. So we'll click through everything, we'll click on everything, and then sometimes we click.
[00:43:09] Speaker A: On the wrong thing and then you've opened Pandora's box.
[00:43:13] Speaker B: Right? So we want to prevent that from happening. So again, just some, some basic things to think about.
Cyber attacks usually start with a phishing email.
And I think the stats around that are between 85 and 90% always start with a phishing email.
So that means we have to be prepared and we have to do a better job looking at those and protecting against it. If you've got a question about it, then don't click anything. Use Claude. I showed you some techniques, I showed you some, some ways that you can prevent those things. Just be, be on the lookout for that.
Again, looking at how much it costs, it is so expensive for retail for, you know, all these segments, banking, you name it. We're talking billions and billions of dollars every year.
Even the ransomware attacks that have happened have started because of clicking an email.
[00:44:19] Speaker A: And you know, if you look at.
[00:44:22] Speaker B: What some of those statistics are. No, I'll give you a range, but roughly between, you know, each employee that you have will usually get between 10 and 25 malicious, you know, emails per month.
Now, some it's less, some it's more. Depends on, you know, your industry, of course, and how often you're getting them. But about 12% are clicking on those malicious links.
That's scary.
[00:44:56] Speaker A: And the other scary thing is, is.
[00:44:57] Speaker B: That, you know, if you do a test and you drop a USB drive out in the parking lot and it's got skull and crossbones on it. Ask yourself how many employees that you have are going to grab that usb, bring it in, plug it into their computer so they can see what's on it.
Scary.
It's more than you think.
So as you're, as you're going through these, as you're looking to try to protect yourself, just, you know, get some folks to remember some basic things, right? You've got to make sure that you trust and verify, okay? Just because it's from your boss, just become, it's, you know, because it's from a family member, whatever, you still got to verify it. Especially if they're asking you for something in return.
If you doubt it, then give them a call, send somebody an email, check with Claude, run it through the Claude thing, and then if it still comes back and you're still not sure, double check it again.
If you're an attacker, you want to create urgency. You want to make sure that people get these things done fast.
If you've automated it and you're doing these two way things, like I showed you, with the social engineering emails that a lot of folks are receiving, they're automating it. They can send out massive amounts of those types of emails and attacks and it allows them to have an advantage that you wouldn't be able to predict before.
And always remember, if your gut is telling you something does not feel right, again, verify it, okay? You are your strongest defense against these things. You do not have to respond, you do not have to reply, especially if you're not sure about it.
And that, that goes a long way.
But then also, you know, again, let's take a dose of reality. Will not drink the Kool Aid quite as much.
If it looks too good to be real, it probably isn't.
I am not related to a Nigerian prince.
You probably are not related to a Nigerian prince who's going to give you millions of dollars.
So those kind of things, they tend to not happen.
So it's a jump. Get rid of it. Text, same thing.
You know, if, if somebody wants you because they, they've looked at your profile, they want you to start a business and you only have to work a few hours and they're going to pay you loads of money.
Those opportunities are not real. The folks that are making the money are the ones that are creating these opportunities for folks to buy into. That's it.
[00:47:44] Speaker A: And then ask yourself, would your IT.
[00:47:49] Speaker B: Department, would your cio, would your CEO, would your boss ask you to do that in an email or ask you to do it in person or via, you know, phone.
But even then, you got to be careful because again, you can spoof those kind of things.
So it's not necessarily to scare you, but I'm trying to give you some tools to look at things. I showed you what the advanced prompt look looks like. Remember, you've got to keep changing it. There's other prompts that are out there to ask it to make sure, to verify, to do research, to go look at things, reminders of, you know, oh, make sure that you check this or you scan this or you change passwords or you rotate what those passwords are. And those kind of things go a very, very, very long way.
And with that in mind, layering these, these types of tools together is going to even protect you more. Some common sense, some email checks, some, you know, reaching out to, to the right people at the right time, teaching your folks to do that is the only way that you're going to be able to protect yourself. AI can't solve all those problems. It can't solve the human in us, right, because it makes us different.
So hopefully you've learned a lot. Hopefully you've got some ideas now that you can apply to your business. And now moving forward, maybe, maybe you're going to prevent that next attack that's going to hit you or it can hit your family or your business. So hopefully we learned a lot this week. So thank you again for being here.
We love exploring these kind of things with you. We love trying to get AI into your hands to use it the right way and to prevent things from happening. So we'll see you next week and we'll have a great topic for you again. Thank you. And you know, hopefully you keep using AI for the right reasons.
