top of page

Beware of scammers taking advantage of the AI hype

  • cypac1
  • May 30
  • 3 min read

AI Scams

Happy Friday I’ve sent out a few updates recently about how cybercriminals are tricking people into installing malware and ransomware by hiding malicious code inside software that appears completely legitimate.


Here’s how it usually works: Someone searches for a useful tool, maybe a legal document template or a free version of expensive software and ends up downloading malware disguised as the real thing.


Some recent examples include...



Criminals are pushing the same tactic even further by capitalizing on the excitement around AI.


Cisco Talos researchers recently identified a campaign involving a fake version of a real AI lead generation tool called NovaLeads. Cybercriminals created a cloned site at novaleadsai[.]com and promoted a fake one-year free subscription. Victims who downloaded the installer found themselves infected with ransomware.


Once inside the system, the malware encrypted files and demanded a $50,000 ransom in Monero, a cryptocurrency that's difficult to trace. The ransom note claimed the money would support humanitarian causes in regions such as Palestine, Ukraine, Africa, and Asia. It's extortion with a marketing twist.


Unfortunately this approach is spreading quickly. Ransomware is now being distributed through fake ChatGPT installers, Microsoft open-source AI tools, video and media editing software like InVideo AI.


We have no way of knowing how many systems have been compromised, but the volume of these campaigns has been increasing.


The Takeaway


As more cybercriminals attempt to take advantage of people's growing interest in AI tools, caution is advised. Make sure to:


  • Use trusted and up-to-date security software that includes endpoint protection, patch management, DNS filtering, and active monitoring. A paid solution is far more likely to catch these threats.

  • Stick to AI tools with proven credibility. If no one reputable has vetted the software, avoid it. Popular doesn't always mean safe... or sometimes even real.

  • Download software only from official sources. Avoid links from social media, YouTube video descriptions, or even sponsored search results. These are common launch points for scams.

  • Train your team to recognize the warning signs. Many of these attacks rely on social engineering. Our CyberEdu program helps employees identify threats before they spread through the organization


Not everything labeled as “AI” is real or safe. Curiosity is good, but be consciously skeptical.


If you're ever uncertain about whether a tool or website is legitimate, contact your IT team or feel free to reach out. We're happy to take a look and help you avoid a potential disaster.


-Attila


PS. The PBS Insights interview from last week is now available! Man, that show was hot - a lot of people called in with questions. We really tried to get to as many as possible.


I was there with other Cybersecurity experts and network defenders to talk about the latest threats facing our community and what to do about them. Click here to watch.


attila pbs

New - the Positivity Box


We talked about cryptocurrency scams during last week's PBS episode. The Department of Justice announced this week that they had successfully seized more than $868,247 in proceeds from an alleged cryptocurrency confidence scheme HERE IN HAWAII.


We get asked quite often if these scammers are in the US and if they are, if any are local. Well, it's a definite yes and you can read all about it on the DOJ's website.


Kudos to the team at the FBI Honolulu Field Office who are investigating the case. Great job!


New Friday Funnies!


How does AI get drunk?

It takes screenshots.


Artificial intelligence is getting smarter every day.

Which is great, because some days I forget where I put my actual intelligence.


Scientists predict human-level artificial intelligence by 2030.

Maybe sooner if the bar keeps dropping.



 
 
 

ความคิดเห็น

bottom of page