Skip to main content

AI-powered threats: Exploring the growing influence of artificial intelligence in cybercrime

Scammers are using increasingly sophisticated AI technology to rob Australians through identity theft, investment scams and other fraud, but you can fight back.

On average, there is a cyber-attack every 10 minutes in Australia1, with 43% of these attacks targeting SMEs, costing people and businesses a total of $33 billion a year2.  

We discuss some ways in which AI is being used in cybercrime and how you can remain vigilant to protect your business. 

AI impersonation 

Entrepreneur Dick Smith has been a ubiquitous figure in Australia for decades thanks to his business success and distinctive voice.

Alarmingly, though, scammers late last year exploited that profile with ‘deep-fake’ videos using Smith’s image to spruik a fraudulent investment scheme – and the ruse even fooled Smith. As he told A Current Affair, “I’m incredibly angry because when I first saw it I thought it was really me. I thought they’d done an interview somewhere that I’d forgotten about, but then I realised, ‘no’, it wasn’t.3”

Celebrities such as Tom Hanks4 have been similarly impersonated by scammers using artificial intelligence (AI) to dupe people into fake investments. They target investors and the public using artificial videos which have been created using digital software and machine learning to alter images and faces to create new, deep-fake footage.

Disturbingly, they can even pose as family members, friends, staff, or colleagues. The aim is to convince people to divulge personal details and financial information with a view to transferring funds.

Real-looking, personalised emails are also an issue, with malicious actors using AI-driven language models such as ChatGPT to craft and clean up the messages that they send to potential victims. 

The modus operandi of scammers is often to create a ‘relationship’ with their targets through videos, emails or text messages. When trust is established, they will start asking for money, gifts and bank details. 

Such impersonation scams accounted for more than 70% of the 234,672 reports to Scamwatch between January 1 and September 30, 2023. The most-reported impersonation scams involved road toll (19,141 reports), Australian Government impersonations (17,770 reports) and ‘Hi Mum’ family impersonations (9307 reports)5. With the latter, the cyber-criminals clone voices of loved ones and leave messages asking for money to be urgently sent to their bank accounts. 

Tips to defy scammers:

We know the scammers are out there waiting to strike, but how do we foil them?

Make sure your computer is protected with anti-virus software that you have bought and installed yourself and ensure that you activate any patches or automatic updates.

Being vigilant is the best form of defence, and here are some other suggestions:

1

If you get a call or text from any entity requesting your personal information, or online banking or credit card details, hang up or delete the message. If you are unsure of the bona fides of the company, call a trusted phone number from an official website and check if the inquiry is genuine.

2

Some unsolicited callers will request access to your computer to ‘fix’ a supposed problem. Do not agree to their request and shut it down. Remember, too, that callers should never ask you to disclose your ID details, passwords, or one-time passcodes.

3

Be cautious when discussing your finances over the phone, even if you believe you are speaking to a child or family member. If the call seems to be suspicious, put the call on hold and ring them yourself.

4

Scammers often request payments via channels that are hard to trace, such as gift cards and cryptocurrency, so treat any requests for transactions through such means as a red flag.

5

Set up or enable multi-factor authentication, if you have not done so already to provide another layer of financial and ID protection.

6

Before making a payment to a company for the first time, call them on a valid phone number to confirm contact and banking details.

Most of all, use common sense and follow your gut when you are engaging with third parties on the phone, via email and online. If something sounds dodgy, take the advice of Scamwatch and “stop, think and check” before you act. 

Scammers are counting on you to not spot warning signs because you may be in a rush, or do not want to be seen as being rude. Play it safe. 

Want to learn more from the team at Marsh? 

As a business that handles sensitive information, you are a prime target for cyber-attacks. This includes (but not limited to) professionals in various fields, such as:

  • Accountants
  • Lawyers
  • Health service providers (including complimentary therapists, gyms, weight loss clinics etc.)
  • Financial advisors
  • HR professionals
  • IT consultants

Cyber insurance can provide valuable protection for your business, helping to safeguard you from financial loss and liabilities that may arise from data breaches, cyber-attacks, and other cyber incidents.

Not only can cyber insurance give your clients more confidence in your business, but it also aims to provide you with access to a 24/7 incident response team and cyber security expertise who can work with you in the event of an incident, removing the need for you to establish separate contracts with other providers.

Need help protecting your business from cyber-attacks?

Cyber-attacks are becoming increasingly common. Protect your small business with cyber insurance solutions arranged by Marsh.

Industry Insurance

Cybersecurity insurance

Technology creates as many risks as it does opportunities. Stay safer and work smarter with cybersecurity insurance.

Learn more

Industry Insurance

Are you a CPA Australia member?

Designed specifically for CPA Australia public practitioners, you can purchase professional indemnity and public liability insurance, as well as cyber cover to help you manage the fallout from a cyber-attack.

Learn more

LCPA 24/502

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors.

Marsh Advantage Insurance Pty Ltd (ABN 31 081 358 303, AFSL 238369) (“Marsh”) arranges the general insurance (i.e. not the Discretionary Trust Arrangement) and is not the insurer. This page contains general information and does not take into account your individual objectives, financial situation or needs. For full details of the terms, conditions and limitations of the covers, refer to the specific policy wordings and/or Product Disclosure Statements available from Marsh on request. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). Any advice or dealing in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226 827) (“JLT”). JGS and JLT are businesses of Marsh McLennan. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions.