Cyber Security News

Hackers Use Artificial Intelligence to Create Sophisticated Social Engineering Attacks

The Federal Bureau of Investigation (FBI) has issued a warning about a growing trend in cybercrime, hackers leveraging generative artificial intelligence (AI) to develop highly sophisticated social engineering attacks.

With advancements in AI technology, cybercriminals are crafting fraud schemes that are more convincing, scalable, and difficult to detect than ever before.

Generative AI, a technology that synthesizes new content by learning from vast amounts of data, is being used to automate and elevate cybercriminal tactics.

This capability has drastically reduced the time and effort required to conduct fraud, allowing hackers to target larger audiences with unprecedented precision and effectiveness.

The FBI highlighted that while the creation and distribution of AI-generated content is not inherently illegal, bad actors are increasingly using it to facilitate crimes such as fraud, extortion, and identity theft, as reported by IC3.

“Generative AI is a double-edged sword—it enables creativity and innovation on one side but has given cybercriminals a powerful arsenal to exploit unsuspecting victims on the other,” stated an FBI spokesperson.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Tactics Leveraging AI-Generated Content

Hackers are making use of AI in various ways to outwit their targets. Below are some of the specific methods highlighted by the FBI:

AI-Generated Text: Enhancing Social Engineering Attacks

  • Fabricating Social Media Profiles: Generative AI helps criminals create thousands of convincing fake social media personas, tricking victims into fraudulent financial transactions.
  • Streamlining Fraudulent Messaging: AI tools allow hackers to craft polished and persuasive phishing emails and text messages faster, ensuring they reach larger audiences while avoiding common spelling or grammatical errors that might raise suspicion.
  • Foreign Language Translation: Cybercriminals targeting international victims are using AI to create multilingual messages with accurate grammar, increasing the believability of their scams.
  • Website Content: Hackers are populating fake investment and cryptocurrency scam websites with sleek, convincing marketing content. Some sites even include AI-powered chatbots to lure victims into engaging with malicious links.

AI-Generated Images: Deceptively Realistic Visuals

  • Fake Profiles and IDs: AI-generated images are used to create realistic social media profile photos, fake identification documents, and fraudulent credentials for impersonation schemes.
  • Convincing Personal Communications: Scammers are using AI-generated images of fictitious individuals to build trust with victims in romance and confidence schemes.
  • Deceptive Marketing: AI can fabricate images of influencers or celebrities seemingly endorsing counterfeit goods or fraudulent investment opportunities.
  • Charity Scams: Images of disasters or global conflicts are being faked to solicit donations for fraudulent causes.

AI-Generated Audio: The Rise of Vocal Cloning

  • Impersonation for Fraud: Hackers can clone the voices of loved ones or public figures to extract sensitive information or money. Fake audio clips have been used in “emergency” scams where criminals impersonate relatives in distress to demand immediate payments.
  • Bank Account Fraud: AI-generated audio mimicking a victim’s voice has been used to access sensitive financial accounts.

AI-Generated Videos: Deepfakes in Real-Time Schemes

  • Fictitious Video Calls: In some cases, scammers send AI-generated video clips of “executives,” “law enforcement agents,” or “loved ones” during real-time video calls to appear credible.
  • Investment Fraud: Deepfake videos, featuring fabricated financial endorsements, are being used to entice victims into fraudulent schemes.

The FBI emphasizes vigilance and awareness as the best defenses against AI-driven fraud. Here are their recommended measures:

  1. Set a Secret Code: Establish a secret word or phrase with family members to verify their identity in emergencies.
  2. Scrutinize Visual and Audio Content: Look for imperfections in AI-generated imagery (e.g., distorted hands, inconsistent facial features, or unrealistic motions) or inconsistencies in vocal tone and word choice.
  3. Limit Your Online Footprint: Minimize sharing personal content on social media, such as images or voice recordings. Keep your accounts private and limit followers to those you know.
  4. Verify Before Trusting: If contacted by someone claiming to be a bank representative or authority figure, hang up and independently verify their identity using direct contact information.
  5. Avoid Sharing Sensitive Information: Never disclose personal, financial, or sensitive information over the phone or online unless you know the person’s identity.
  6. Refrain from Sending Money: Do not send money, gift cards, or cryptocurrency to individuals or organizations you have not verified in person.

The FBI’s alert underscores the urgency for individuals and organizations to remain vigilant as cybercriminals grow increasingly adept at exploiting generative AI.

As this technology becomes more accessible, the line between legitimate and fraudulent content is becoming harder to discern. Public awareness and proactive measures are essential to staying one step ahead of these sophisticated schemes.

Investigate Real-World Malicious Links,Malware & Phishing Attacks With ANY.RUN - Try for Free

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Brinker Named Among “10 Most Promising Defense Tech Startups of 2025”

Brinker, an innovative narrative intelligence platform dedicated to combating disinformation and influence campaigns, has been…

6 hours ago

Hackers Use DeepSeek and Remote Desktop Apps to Deploy TookPS Malware

A recent investigation by cybersecurity researchers has uncovered a large-scale malware campaign leveraging the DeepSeek…

6 hours ago

SmokeLoader Malware Uses Weaponized 7z Archives to Deliver Infostealers

A recent malware campaign has been observed targeting the First Ukrainian International Bank (PUMB), utilizing…

6 hours ago

New Malware Targets Magic Enthusiasts to Steal Logins

A newly discovered malware, dubbed Trojan.Arcanum, is targeting enthusiasts of tarot, astrology, and other esoteric…

6 hours ago

Hackers Exploit Cloudflare for Advanced Phishing Attacks

A sophisticated phishing campaign orchestrated by a Russian-speaking threat actor has been uncovered, revealing the…

6 hours ago

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A sophisticated malware campaign has compromised over 1,500 PostgreSQL servers, leveraging fileless techniques to deploy…

6 hours ago