Hello everyone, and welcome to the fourth edition of Answers HQ Online Security Newsletter.
Last month, we covered the topic of secure downloads from the internet. If you missed it or would like a refresher on how to maintain security while downloading files, you can revisit the January issue here.
This month, we will cover a quite hot topic from the last few months - which is AI (Artificial Intelligence). Specifically, we'll be discussing how AI can be exploited in phishing attacks. This edition will build upon the content from a previous one in November. If you missed that one, take a look here.
We also have an important message about the change in the Answers HQ notification sender's email address. Read more in the Info Hub section.
As usual, any discussion participant or challenger from previous editions would receive a unique badge. This month, similar to the November edition, we have a custom badge with the one and only, you favourite turian Garrus Vakarian!
Have you noticed the hints in the previous newsletter? 😉
Security focus - AI in social engineering
- What is Artificial Intelligence?
(I've asked this question to one of popular AI solution - ChatGPT)
Artificial Intelligence, or AI, is a field in computer science where machines are made to mimic human intelligence, enabling them to learn, make decisions, recognize speech, and understand language. It's basically teaching machines to think and learn like humans.
- What is social engineering?
Social engineering has various methods and mediums whose sole purpose is to trick the victim into revealing sensitive information about themselves. In some scenarios, it can also persuade unaware victims into performing actions that they normally wouldn't do.
- Spear Phishing Attack using AI
One of the things that AI is good at is analyzing text-based data. When attackers gather enough data (for example, via OSINT), they can, by using AI, create convincing emails or text messages based on the information provided. This, of course, could be done without AI, but using this technology significantly speeds up the process. The best way to keep yourself safe from such situations is to maintain your online privacy and only share information with which you are comfortable.
- Vishing Attack Using AI
Vishing is a type of phishing attack that is performed via voice communication. A Vishing attack, which is in itself a very dangerous attack, can be amplified if the attacker uses AI to create a voice similar to one we know. Without going too much into details, let's consider how to prevent such attacks. One of the best ways to ensure that we are talking with the person who says they are who they claim to be is to use a safe word. Having a certain keyword, which would be shared among friends and family, could help prevent falling into scam scenarios like this.
- Near future of AI in cybersecurity
According to NCSC report about impact of AI on the cyber threat AI is expected to significantly enhance cyber criminals' capabilities in areas like social engineering, reconnaissance, and exfiltration over the next two years. Particularly, generative AI can be used to create more convincing interactions with victims, reducing the chance of identifying phishing attempts.
Artificial Intelligence is constantly evolving, as are the dangers of using it in illegitimate ways. To stay secure, remember at least to:
- Use strong passwords and MFA whenever possible
- Be mindful of your digital footprint and your online privacy
- Make use of "safe words" and be aware of common phishing tactics
IMPORTANT CHANGES related to Answers HQ sender's email address.
In response with changes introduced by Google for email delivery at Gmail and Yahoo addresses, we are changing sending address for our Answers HQ mailer.
This change aims to decrease the amount of spam and phishing emails received in your inbox.
What will change?
The email sender will change from Answers HQ <AnswerHQ@ea.com> to Answers HQ <AnswersHQ@ahq.ea.com>
Where I can learn more about this change?
The New Requirements for Email Delivery at Gmail
Email sender guidelines
PlayStation: Passkeys: Introducing a More Secure, More Convenient Way to Play
What is a passkey?
A passkey is a password replacement that provides faster, easier, and more secure sign-in to your account for PlayStation Network. It allows you to access your account without a password. Instead, you sign in through your mobile device or computer using the same convenient device screen unlocking method like a fingerprint, face scan or PIN.
- Answers HQ Online Security Newsletter Quiz - February
- OSINT + Cipher challenge
Same as we did in the Protecting your gaming account(s) thread during October Cybersecurity Awareness month, whenever you crack the cipher reply in this thread in spoiler.
Over the next weeks we'll give you hints to crack the code, if you get stuck 😉
01001000 01101111 01110111 00100000 01110100 01101111 00100000 01100111 01100101 01110100 00100000 01101000 01100101 01110010 01100101 00100000 01101001 01101110 00100000 01110011 01110101 01101101 01101101 01100101 01110010 00111111
72.5801054094715, -38.458521276138626
Clgc Fkllcu 1 - Spuitp - Vrtba gimpnnk - Caaq Smov'h Rnfvtvh Nt Cd Stneerbh Annmups.
Community Admin
Community Manager
