in

This AI-generated crypto invoice scam almost got me, and I’m a security pro

<!–>

smartboy10/Getty Images

I’ve taken a much-needed respite from writing at ZDNET during the past six months. Now, I’m back – and the first thing I have to tell you is that I am an idiot. 

In the time I’ve been away, I’ve had a lot of exposure to generative artifical intelligence (AI) and large language models (LLMs) as a content creation professional, both as a powerful tool for improving productivity, and as a creative assistant. But as with any technology, there is a dark side and the potential for abuse. 

Also: 6 harmful ways ChatGPT can be used by bad actors

Last week, I was almost certainly the target of AI-assisted phishing attempt. I almost fell victim to it, even though I have written about this subject professionally and was previously employed as a threat analyst at a major infosec company specializing in shielding enterprises against phishing attacks. 

–>

Should I have known better? Absolutely. 

But as human beings, we are only as good as how well we are trained to recognize the phish, and part of that capability is being able to tell the fake from the real, and to train the ancient lizard brain to scream at us when something smells wrong. 

Also: Generative AI brings new risks to everyone. Here’s how you can stay safe

However, If something scans as sufficiently authentic, then even someone with a lot of experience can end up doing something foolish. And that person was me.

How I got phished using AI

During the past few weeks, I have received emails that closely resemble invoices from Stripe, a payment processor often used for cryptocurrency transactions. The email is an HTML-formatted message that looks very authentic and even includes PDF attachments that look like invoices for cryptocurrency purchases through Coinbase.

<!–> phishing-email-posing-as-a-paypal-invoice

–>

Phishing email posing as a PayPal Invoice.

Screenshot by Jason Perlow/ZDNET

<!–> enclosed-pdf-with-faked-coinbase-payment-via-paypal-with-convincing-888-customer-support-phone-number

–>

Enclosed PDF with faked Coinbase payment via PayPal, with convincing 888 customer support phone number.

Screenshot by Jason Perlow/ZDNET