National Westminster Bank, the London-based bank familiarly known as NatWest, has warned its customers to be on the alert for emails pretending to be from NatWest, but which in fact are from scammers trying to bubble the unwary out of their savings.

Remember The Sims? Well Stanford created a small virtual world with 25 ChatGPT-powered "people". The simulation ran for 2 days and showed that AI-powered bots can interact in a very human-like way. They planned a party, coordinated the event, and attended the party within the sim. A summary of it can be found on the Cornell University website. That page also has a download link for a PDF of the entire paper (via Reddit).

A method used in domain impersonation attacks, combosquatting aids the threat actor by using a modified domain name to further increase the credibility of an attack. If you aren’t familiar with the term combosquatting, it’s where a threat actor takes a legitimate domain – let’s use companyco.tld and combine another phrase with the domain name to create something like support-companyco.tld.

The use of Large Language Models (LLMs) is the fine tuning AI engines like ChatGPT need to focus the scam email output to only effective content that results in a wave of new email scams.

Affinity phishing scams are ones in which criminals cultivate trust in their prospective victims by trading on common background, either real or feigned. Thus a fraudster might claim a common religion, a shared military background, membership in a profession, or a common ethnicity, all with the goal convincing the victim that they can be trusted. What follows all too often one can readily imagine.

With all the overwrought hype with ChatGPT and AI…much of it earned…you could be forgiven for thinking that only the bad actors are going to be using these advanced technologies and the rest of us are at their mercy. But this is not an asymmetric battle where the bad actors use AI and the rest of us are struggling using our pencils and abacuses to catch up. It is the good side that invented and is accelerating AI. It is the good scientists that made ChatGPT and all of its competitors.

Anticipation leads people to suspend their better judgment as a new campaign of credential theft exploits a person’s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard.

4/11/2023 - Gizmodo just dropped this eye-roll inducing news. The disgraced crypto exchange had no dedicated cybersecurity staff and "protected" users assets with minimal safeguards, according to new bankruptcy filings. Here are just two paragraphs of the whole story. The whole thing is unbelievable.

Researchers at Securonix are tracking an ongoing phishing campaign dubbed “TACTICAL#OCTOPUS” that’s been targeting users in the US with tax-related phishing emails.

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type. According to new data found in HP Wolf Security’s latest Security Threat Insights Report for Q4 of 2022, 13% of all email threats being sent make their way past layered email security defenses to reach the user’s inbox. This, up from the previously published finding of 11.7% of threats doing so by Acronis.