I have met multiple cybersecurity experts, and they really were experts and in general very intelligent and knowledgeable people, that have fallen for very obvious scams. One of them was one of those gift card scams which in my eyes is possibly the most obvious one.
I myself have almost fallen for a well crafted phishing attack, the only reason I never ended up putting in my card details was that I was technical enough to know that a generic URL with no query params can't possibly have my tracking code pre-filled on a page I've never been to before. Had the scammers just made me enter my own tracking code, or if I didn't know what a query param is, I 100% would've fallen for it.
My point is that no one is immune to a momentary lapse in judgement or just plain bad luck. You can be an expert, extremely intelligent, whatever, all it takes is 5 minutes of weakness to get you, whether that's because you slept bad, had something else on your mind, weren't being diligent enough (it's impossible to be diligent 24/7 after all) or any other myriad list of reasons.
It's easy to put the blame on the victims here, but with generative AI the line between reality and fabrication is getting thinner and thinner. I'm a massive AI skeptic (just check my comments here), but I'm 100% positive that sooner or later we'll hit a stage where it's quite literally impossible to discern an AI fabrication from a real event unless you witnessed it in person yourself. You won't be able to trust images, or audio or even videos of your loved ones unless you basically see them send it to you, and even then there's no guarantee the final footage isn't doctored by the phone in some way.
So sure, people need to smarten up a bit, but we also need to start thinking about these problematic issues with AI sooner rather than later, cause things are only going to get worse, and fast.
What I've observed is that normally cautious people will fall for scams when the scam aligns with something expected. Maybe you've just paid your water bull and you get an email that says there's something wrong with your payment. Could just be random chance but it seems related to something you've just done so your normal instinct of "not giving information if I didn't initiate the process" might not be triggered.
> What I've observed is that normally cautious people will fall for scams when the scam aligns with something expected.
Exactly! In my example for myself, I really was expecting a package, and I was expecting to be paying some extra duties/fees, so the phishing site asking me to enter card details didn't strike me as odd. The website itself looked exactly like how the real one looks, there were no grammatical errors or anything else that would tip you off that you're not looking at a legitimate page. The URL, in hindsight was a bit sketchy, but honestly I've received official legitimate communiques from various large companies from very weird URLs before so even then I didn't question the URL too hard, as it wasn't typosquatting or using the Turkish l instead of the regular l or anything like that, just something like dhl-express.com (I can't remember exactly what the URL was). It even had a proper header navbar that they carefully copied from the real thing.
Literally the only thing that tipped me off that it was a scam was that it prefilled the tracking code for me, but the link I had received had no query param as I mentioned and I've never visited the page before (so the tracking code wouldn't be persisted in localStorage or a cookie). I can very, very easily imagine someone less technical falling for it, and hell depending on circumstances I probably would've fallen for it if I was tired after a long day of work or something like that.
Were they really "cybersecurity experts" though? Cybersecurity has been a gold rush field lately which has attracted a lot of grifters and people who are only in it for the money. I've met cybersecurity "though leaders" who talked a good game but were really zeros. A lot of people confuse confidence and fluency for expertise.
I myself have almost fallen for a well crafted phishing attack, the only reason I never ended up putting in my card details was that I was technical enough to know that a generic URL with no query params can't possibly have my tracking code pre-filled on a page I've never been to before. Had the scammers just made me enter my own tracking code, or if I didn't know what a query param is, I 100% would've fallen for it.
My point is that no one is immune to a momentary lapse in judgement or just plain bad luck. You can be an expert, extremely intelligent, whatever, all it takes is 5 minutes of weakness to get you, whether that's because you slept bad, had something else on your mind, weren't being diligent enough (it's impossible to be diligent 24/7 after all) or any other myriad list of reasons.
It's easy to put the blame on the victims here, but with generative AI the line between reality and fabrication is getting thinner and thinner. I'm a massive AI skeptic (just check my comments here), but I'm 100% positive that sooner or later we'll hit a stage where it's quite literally impossible to discern an AI fabrication from a real event unless you witnessed it in person yourself. You won't be able to trust images, or audio or even videos of your loved ones unless you basically see them send it to you, and even then there's no guarantee the final footage isn't doctored by the phone in some way.
So sure, people need to smarten up a bit, but we also need to start thinking about these problematic issues with AI sooner rather than later, cause things are only going to get worse, and fast.