Day Job: I help companies unlock possibilities as a blockchain visionary. Side Hustle: I help people realize what they can imagine.
Staying safe from hackers has become harder. Here’s what you need to know to stay safe.
A Sobering Reality: Traditional Techniques Aren’t Working
Social engineering has always been the most effective method used by hackers, but AI has transformed it into something far more dangerous. “Phishing attacks surged by 58.2% in 2023,” and phishing attacks have increased by 4,151% since the launch of ChatGPT in 2022.
It makes sense—AI has eliminated many of the red flags we’ve learned to lean on to spot phishing attempts. LLM chatbots overcome the limitations of average hackers to create accurate, believable phishing communications in any language and context. We used to be able to spot scams by the style of their communications, but today’s AI-generated attacks closely imitate legitimate communications.
Perfection Is Suspicious: Two Real Encounters
This transformation affected me recently with two sophisticated attacks. The first appeared to be an invitation from CoinDesk to an exclusive roundtable. When I requested email verification, they agreed. Although it took some time for them to engineer it, the email that hit my inbox looked flawless and even fooled my Gmail search for “coindesk.com.”
It still felt a bit off, so I asked my security team to examine it. Thank goodness I did. They discovered the subtle deception: The “i” in “coindesk” was actually “ì” with an accent mark. These attackers had purchased coìndesk.com to target me and others and lure us into connecting our X accounts.
The second attack came through LinkedIn—a professional consultation request with a few questions to answer through a form. Everything appeared legitimate until the final “video verification” request. I’m not sure if I would have clicked “Allow,” but fortunately, my security software flagged it before I did, preventing malware installation.
The New Landscape For Trust
These weren’t isolated incidents: 40% of phishing campaigns are “now extending beyond traditional email,” and “senior executives are 23% more likely to fall victim to AI-driven, personalized attacks.” Most of them are well-worded and articulate, specifically targeting good communicators.
Even voice phishing attacks increased by 442% in 2024, using AI-generated voices to impersonate trusted figures. Since the average cost of a phishing breach is $4.88 million for a large company, these present a disturbing trend.
How To Defend Yourself In The New Landscape
Never Trust ‘Verification’ Requests
No legitimate company will ask you to record yourself as verification. This tactic triggers your desire to prove yourself and lowers your guard, allowing them to install malware through “verification software.”
Reject All Permission Requests From Cold Outreach
Legitimate companies don’t ask you to connect your social media accounts or give them system permissions, especially through unsolicited communications.
Analyze Landing Pages
If you are directed to pages unconnected to a company’s main website, be suspicious and verify that any forms are hosted on the company’s primary domain.
Reach Out For Independent Verification
Always independently verify your contact’s authenticity. An email from the correct domain is good, but confirmation from a publicly listed employee is better.
Never Download Files From Cold Outreach
This rule has no exceptions. Never download code, scripts or files from unsolicited communications, regardless of how much money is offered.
Recognize Psychological Triggers
Be alert to:
• Large, specific monetary amounts (activating greed)
• Verification requests (exploiting validation needs)
• Urgency language (forcing quick decisions)
• Flattery or exclusivity (reducing caution)
Don’t Broadcast Your Transactions
If you transact on-chain, use shielding tools like SilentSwap to maintain your privacy, and don’t use ENS domain names that connect to your personal identifying information.
Advanced Protection: Domain Awareness
Learn to examine URLs carefully. The CoinDesk attack I experienced used an IDN homograph attack—international domain names where Unicode characters can make fake domains look identical to real ones. Look for:
• Subtle character substitutions (ì instead of i)
• Extra or missing letters
• Different top-level domains (.co instead of .com)
• Suspicious subdomains
For high-stakes situations where you have to interact, examine email headers, check DNS records and inspect SSL certificates or get a security expert’s opinion before you click. Don’t test suspicious files on your primary system.
Industry Vulnerabilities
Different sectors attract different targeted patterns. Finance, healthcare and government are most targeted by AI-driven attacks. New hires are particularly vulnerable, “with a 44% higher phishing click rate during their first 90 days” while they are learning the norms and anxious to conform.
The Path Forward
Security thought leaders are predicting that we will all have daily AI attacks by 2025. The most effective defense combines technological solutions with skepticism. Ninety-five percent of security professionals believe AI cybersecurity tools will strengthen their defenses, which suggests we may be headed for an AI-versus-AI future.
To effectively protect yourself, you should establish clear verification protocols, implement technical controls that don’t rely on human judgment and foster a work culture where security-conscious behavior is rewarded.
The attacks will only get more sophisticated and more frequent. But you can protect yourself from even the most advanced AI-powered social engineering campaigns when armed with the right information.
Remember: In a world where AI can generate thousands of convincing phishing emails in minutes, your best defense is systematic skepticism. The goal isn’t eliminating all risk—it’s making yourself a harder target to fool.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?