The new wave of scams are able to use AI in order to generate messages that are scarily convincing. Learn to spot the signs, and you’ll have a better chance of identifying a scam before it gets you instead of after.
1. There’s a Panic
Many phishing schemes assume you’ll correctly identify that their message is a scam if you have time to stop and think about it. So, they try not to let you. Scams will start their messages overly urgent, and insist that there will be disastrous consequences if you don’t send 300$ to a bank account right that very second. Some will tell you they can tell when you’ve opened the email, and you’ll have 24 hours from the time the email was opened to get payment to them; some send it and hope the threat of a water shutoff within the hour is good enough to get you whenever you open it.
Blackmail panic is also a common scam. While much harder to say definitively, they will often tell you things that are impossible in an effort to get you to send them money. An email may tell you that they’ve been watching you through your webcam, for example, regardless of what model your computer is or if it even has one, because it’s a generic email. It may even try to use the name you have set for your email account – which sometimes reveals the trick if your email is named something like “Utility Mail Only”. Either way, the scammer is giving you very little time to think it over. Ignore them.
2. The Payment Method Doesn’t Make Any Sense
Your utility company prefers ACH, but can take credit card. Credit cards are extremely traceable. Debit less so, but still to some degree, and ACH transfers can be interrupted, but may be difficult to claw back after. Middlemen like PayPal and Google Pay are usually still pulling money off of a credit card. Generally speaking, these widely-accepted methods should be the only thing any utility or reputable business asks you for, because many other methods – like gift cards and crypto – are untraceable by their nature.
Some scams trying to use gift cards as payment methods are still kicking. They will tell you there’s some problem with either your bank or theirs when trying to process some “utility service” and that you’ve got to buy them a couple of 500$ Apple Gift cards and pay that way. Or, they may say there’s something wrong with your card directly, and you must buy some gift cards and take a picture of the back so they can do some verification or something with it, sometimes promising to refund you for them after the fact. Gift cards are a preferred method because once the money has left the bank account, the card itself is much harder to track the spending on – the company must be contacted directly, and it’s often impossible to tell where a balance was added from a specific card. At the very least, it’s much harder to reverse a gift card scam than it is to reverse a credit card one.
Similarly, BitCoin is also untraceable, but it’s not as popular because it often requires a tutorial for the victim to use it. That doesn’t stop attempts, though, and those attempts tend to be of the blackmail variety over the impersonation variety. They will try to tell you that you’ve accessed something illegal, or that they caught you doing something via your webcam (once again, this is often a bluff) and then lay out the instructions to purchase BitCoin as well as the wallet address they want you to send it to. These are not quite as common as the gift card scams simply because they’re so much harder for the victim to follow the instructions on even if they’re willing to follow through.
3. It’s Oddly Abrupt
A recent scam that circulated the Las Vegas professionals community was using hacked emails, which looked legitimate, to send a link to a “Billing Proposal” or similar document “for review” by whoever received it. The entire message was a sentence long – the legitimacy came from the fact the email was a known email. The way those scams work, an email is stolen, and then messages are sent to all of the people on the contact list. After that, those emails get the same message that hacked the original, and if they get hacked too, then their contact lists start getting the emails. The second set of emails will always be from a familiar address. But, if the message is spending too long trying to look legitimate, it might give away that something is off. So it’s just an incredibly short email instead, because it’s trying to avoid raising red flags.
4. It’s Asking For Redundant Info
If you’re signed into Microsoft in another window, generally speaking, it will not ask you to sign in again in the same browser session. When I say “browser session”, what I mean is, the period from which you open one regular browser window and do not close it. If you don’t close all the windows open on your browser, the browser’s session hasn’t ended. You may know there are exceptions, like if you clear your browser history, or are using private or anonymous windows, which treat you like you’re working out of a fresh browser window with only certain browser settings applied. Crucially, though, they don’t store cookies, which is how the website knows you’re logged in, so an anonymous page – when first opened – should never imply you’re logged in somewhere if this is the first time you’re visiting it in that private browsing window. Another thing to look out for.
Similarly, if you click a link and it takes you to a website asking for your password, tells you that it was wrong, and then reloads immediately afterward where it does then take the same password, that should be a cause for alarm – you should reset the password on that account. A common scam from the 2010s was sending people fake boring account notification emails, routing them to a fake home page, having them “sign in” (where their account details were stolen) and then sending them to the real home page after the input to bury the lede.
5. Odd Breaks In Quality
One call I received used AI services to generate the message. A real person read the name off of a set of data they purchased (incorrectly), and then an AI bot, approximately the same tone but incorrect accent, read off the actual address they were attempting to use to scam me. I was clued in that this was not right, I hung up. If you hear odd breaks, chances are someone is trying to disguise the AI they’re using to try and blend in with any other kind of phone call.
The Modern Age
It can be tough to identify scams. Humans are a social species, and there’s a strong instinct to trust one another; scams take advantage of this, and have for hundreds if not thousands of years. When people get wise to one type of scam, the scammers move onto the next kind, and the next kind after that, in a neverending cycle of stolen information and money. Once aware, people can generally dodge scams pretty well. Elderly relatives can be told “never EVER click an email from someone you don’t recognize” and they used to be able to manage fine. Then emails and phone caller IDs started lying to them and saying they were someone the target knew. The new age of AI is only going to make it tougher. It will affect people who swear up and down that they’d never fall for a scam. There have been hypotheticals where a hacked individual may have their sent and received emails put through an LLM, and then have the LLM asked to impersonate them to make scamming their contacts easier; generative AI can whip up a fake front login page that looks just like the original in a matter of minutes. Identifying real emails from fake ones, and fake emails sent from real people, is going to get tougher and tougher as time goes on. The best we can do is to pause, take a minute, and think about the messages we’ve received.
