Month: November 2024

How Small Businesses Can Take Advantage of AI on a Tight Budget

In today’s competitive landscape, artificial intelligence (AI) has become an essential tool for businesses of all sizes. For small companies with limited budgets, accessing the power of AI might seem intimidating. Due to high living costs and the galloping inflation, free or low-cost AI tools, such as ChatGPT, Google Gemini, or perplexity can open the door to significant improvements in efficiency, productivity, and customer engagement.

Here’s how small businesses can get started without breaking the bank in 6 steps and a real-world example:

Step 1: Determine Key Business Challenges

Before diving into AI tools, small businesses should focus on the areas where AI can provide the most impact. Common challenges that AI can address include:

  • Customer Service: Slow response times or a high volume of inquiries.
  • Marketing: Inefficient targeting or difficulty creating engaging content.
  • Operations: Manual, time-consuming tasks like bookkeeping or data entry.

By focusing on these specific areas, businesses can ensure that they utilize AI in the most effective way possible.

Step 2: Start with Freely Available Tools

Platforms like ChatGPT and Google Gemini offer free versions that are ideal for small-scale applications:

  • ChatGPT (Free Plan): A conversational AI tool that can generate content, assist with customer inquiries, or provide operational suggestions.
  • Google Gemini (Free Plan): Ideal for analyzing documents stored in Google Drive, extracting key insights, and identifying trends.

How to Use These Tools:

  1. Customer Support: Use ChatGPT to create pre-drafted responses for common customer questions.
  2. Document Analysis: Leverage Google Gemini to summarize contracts, reports, or feedback forms.
  3. Marketing Content: ChatGPT can generate blog posts, social media captions, or email campaigns tailored to your business.

    Note: Always review AI-generated content. While these tools are powerful, they can occasionally produce errors or inaccuracies that require manual correction.

Step 3: Prioritize and Optimize Usage

Since free plans come with limitations, focus on the most critical tasks:

  • Analyze High-Priority Documents: Use Gemini to process key files such as contracts, performance reports, or client feedback.
  • Break Down Large Tasks: Split extensive documents into smaller sections before uploading to Gemini.
  • Draft and Edit: Use ChatGPT to draft content, which can then be refined manually for greater accuracy and customization.

Step 4: Combine Free AI Tools for Greater Efficiency

For businesses looking to overcome the limitations of free plans, combining tools can maximize outcomes:

  • Content Creation: Pair ChatGPT with tools like Canva (free version) to create visually engaging marketing materials.
  • Document Processing: Use Google Workspace’s AI-powered suggestions alongside Gemini for better productivity in Sheets and Docs.
  • Workflow Automation: Use free automation platforms like Zapier’s Free Plan or IFTTT to integrate AI insights into existing business workflows.

Step 5: Upskill Your Team with Free Resources

Learning how to use these tools effectively is key to success:

  • Free Online Tutorials: Platforms like YouTube and Coursera offer free courses on using AI tools like ChatGPT and Google Workspace.
  • Communities and Forums: Join groups on Reddit (e.g., r/smallbusiness) or Google Workspace communities to learn from others.

Encouraging team members to explore these resources ensures that everyone can contribute to leveraging AI effectively.

Step 6: Incorporate Manual Efforts Strategically

Even with free tools, manual intervention can enhance outcomes by adding context, precision, or creativity to AI-generated results.

Example Workflow for Combining AI and Manual Efforts:

  1. Use Google Gemini to extract insights from a customer feedback survey, such as recurring complaints or suggestions.
  2. Manually organize these insights into categories (e.g., product quality, customer service) to identify actionable patterns.
  3. Draft solutions or improvements tailored to these categories, ensuring they align with the company’s goals.

This process combines the speed of AI with the nuance of human understanding, delivering better results for your business.

Step 7: Monitor Free Tool Updates

AI providers frequently update their offerings, which may include enhanced capabilities or more affordable pricing options. For example:

  • Google might expand Gemini’s free document analysis limits.
  • ChatGPT may enhance its free features with more integrations or plugins.

Keeping an eye on these updates ensures businesses can stay ahead without overspending.

Real-World Example

A small bakery faced challenges managing customer inquiries and promoting its seasonal products. Here’s how it used free AI tools:

  1. Customer Service: ChatGPT generated standardized responses to common questions, such as ‘What are today’s specials?’ or ‘Do you offer gluten-free options?’
  2. Marketing: ChatGPT helped generate email templates and social media posts for holiday promotions.
  3. Document Management: Gemini analyzed supplier contracts, helping the owner identify cost-saving opportunities.

By combining AI tools and manual adjustments, the bakery saved time, reduced costs, and increased customer engagement.

Small businesses can leverage AI effectively without significant financial investment. By prioritizing key tasks, starting with free tools like ChatGPT and Google Gemini, and optimizing usage through automation and manual refinement, even budget-conscious companies can gain a competitive edge.

With creativity and strategic planning, AI becomes not just a luxury for large corporations but a practical and accessible tool for small businesses to thrive.

Disclaimer:
I am not affiliated with or financially benefiting from any of the companies, platforms, or tools mentioned in this article, including ChatGPT (OpenAI), Google Gemini, Perplexity AI, Canva, Google Workspace, Zapier, and IFTTT. This article is purely informational and intended to help readers understand and access free or affordable AI and automation tools. No sponsorships, partnerships, or compensation were involved in the creation of this content.

The Cybersecurity Dangers in Everyday Conversations

What if the conversation happening right next to you in the supermarket could be the starting point for a cyberattack on a financial institution?

Yes, you heard it right – in the supermarket!

It just happened to me this afternoon after attending a FinTech event. I was simply minding my own business, waiting in line for some groceries, when a group of young professionals started discussing an app that hasn’t even been released yet. Now, I’m not one to eavesdrop on conversations, but the word app immediately grabbed my attention (since I work in IT).

I noticed their badges clearly displaying the company name and department. They were discussing the app’s features, pointing out some weaknesses and concerns. While it’s always interesting to hear different perspectives on upcoming technology, what struck me was how much sensitive information they were openly discussing in a public space.

Had I been a malicious actor, I could have easily gathered information – company names (via their badges), department roles, app details, and even identifiable data (such as serial numbers, which were visible on the badges) – without them realizing it. In moments like these, it’s a stark reminder of how quickly a seemingly harmless conversation can turn into a potential security risk.

As cybersecurity professionals or enthusiasts, we know that attackers thrive on the smallest bits of information – “ingredients” – that can later be used for more targeted attacks or social engineering. In this case, an open discussion about app details combined with easily identifiable workplace information could give someone the tools needed to attempt a security breach.

It was a harmless conversation… or so it seemed. But the more I listened, the more I realized just how much danger these individuals were exposing themselves to, and how easily I, or anyone else, could exploit that information. In fact, had I wanted to, I could have even started to analyze part of their psychological profile, given the long wait time.

The Dangers of Public Conversations

I want to share my thoughts through this article to remind us all to be vigilant about our surroundings and to consider the consequences of sharing too much information – whether online or in physical spaces like a supermarket.

The Public Vulnerability

It’s easy to forget how much information we’re sharing in public, especially when we’re speaking casually or discussing topics like upcoming projects in our company. Yet, all of these seemingly harmless details can create significant vulnerabilities.

Just think a minute about it, company names, app features, departmental roles – these are all pieces of data that attackers can use to start building a profile. They’re like breadcrumbs leading an attacker directly to their target.

Real-World Implications

Let’s consider this from a real-world perspective. Had I been a hacker, as mentioned, I could’ve gathered crucial data – names, department information, and app specifics – all from an innocent conversation. It doesn’t take much to piece this together and launch a targeted attack, whether through phishing, social engineering, or another method.

Public spaces are rife with opportunities for cyber threats, and most people don’t realize how easy it is to glean this type of information in everyday situations. Even the seemingly innocuous details we overlook can be dangerous when they fall into the wrong hands, for instance when someone gossips about another person.

Link to Social Engineering

Cybercriminals don’t always need sophisticated technology to breach a system. Sometimes, all they need are a few personal details – details that are often freely shared in casual conversations, or gossips. This is the essence of social engineering, where attackers manipulate individuals based on information they’ve gathered, sometimes from a single overheard comment.

The more people reveal in casual interactions, the easier it becomes for hackers to manipulate their way into organizations or systems.

The Psychological Effect: How It Feels to Be ‘That Person’

First-Person Narrative

As I stood there, I experienced a mix of curiosity and disbelief. Here were people, unknowingly sharing sensitive data that could easily be misused. It wasn’t malicious, but it could have had serious consequences. And as I processed it, I couldn’t help but feel a sense of responsibility. What if I was the one to point this out? So, I did – I pointed out to them the responsibility they had towards their clients, who would eventually use that app, whether internally or externally to the financial institution.

It’s moments like these that highlight the true importance of cybersecurity awareness – not just in the office but in everyday life. Even casual conversations can hold critical information that, if left unchecked, can open doors for cybercriminals.

The Awakened Sense of Responsibility

The more I reflected on that moment, the more I realized how crucial it is for individuals to be conscious of their surroundings and the information they share. Cybersecurity isn’t just about firewalls or encryption. It’s also about how we, as individuals, manage and protect the information we share – even when we’re unaware that it could be at risk.

We all have a role to play in keeping our personal and professional data secure. It’s not just about protecting the company’s firewall, rather it’s about protecting the privacy of those we interact with every day.

How to Protect Yourself and Others

Practical Advice

So how can we avoid falling victim to this type of vulnerability? It starts with awareness.

Whenever you’re discussing sensitive information, always consider the context:

  • Could someone overhear you?
  • Are you in a public space where a conversation about an app or your company could be pieced together to gain a clearer picture of your work?

It’s not just about keeping secrets – it’s about being mindful of how much data is exposed in everyday interactions.

Promote a Security-Conscious Culture

We need to encourage a culture where people think twice about their surroundings, even in seemingly innocent environments like grocery stores, coffee shops, or public transportation. It’s easy to assume that our work or personal conversations are only meant for the people involved, but we need to recognize the risks and make sure others are aware too.

Call to Action

As cybersecurity professionals and individuals, we have a responsibility to foster this culture of vigilance. Let’s stop making it easy for hackers to exploit our everyday conversations. Share these tips with colleagues, friends, and family – encourage them to adopt more cautious practices.

Next time you’re in a public space, think twice before discussing company details or personal projects. Be aware of the invisible risks around you.

The Final Thought

The next time you’re standing in line at the supermarket, remember this:

The most dangerous hack might not come from your computer, but from the conversation happening right next to you.

Let’s take these everyday risks seriously and make sure we’re not inadvertently making it easier for cybercriminals to exploit us.

Here is another problem that involves 45 of 50 top banks, a data breach!

https://www.forbes.com/sites/larsdaniel/2024/11/20/global-fintech-giant-finastra-investigating-data-breach

Dormant Malware, the Hidden Threat Lurking in Your Systems

In cybersecurity, malware remains a persistent and growing concern. One of the most dangerous forms of malware is dormant malware, also known as sleeper malware.

This malicious software can remain inactive for extended periods within a system before being activated by cybercriminals, sometimes waiting for months or even years. While there is no precise data on how many systems are infected with dormant malware, certain statistics shed light on the prevalence and potential impact of this hidden threat.

Dormant Malware Prevalence

The term dormant malware refers to malicious programs that are intentionally left inactive, sometimes for months or even years, before being triggered by external, but mainly by internal, conditions – keywords, access to specific files, date events… This form of malware is challenging to detect because it does not show any obvious signs of compromise until activated. Some key data points provide insight into how dormant malware may be affecting systems worldwide:

  • 560,000 new malware samples are detected DAILY, contributing to an already staggering total of over 1 billion known malware programs. Many of these could potentially remain dormant within infected systems, waiting for the right conditions to activate [1], with the staggering cost of an average of US$/EUR 4.5 million per incident.
  • In 2023, the total number of malware attacks worldwide reached an alarming 6+ billion, marking a 10% increase from the previous year [2]. This increase in attacks raises concerns about the growing threat landscape, with dormant malware being a likely factor in many incidents.
  • A particularly concerning statistic is that nearly every second computer in China is infected with malware, with a 47% infection rate that ranks as the highest globally. Many of these infections could involve dormant malware that is lying in wait for activation [1], and it can spill over into systems worldwide, including the West.

Malware knows no borders, much like influenza.

Factors Contributing to Dormant Malware

There are several reasons why malware might remain dormant in a system. Understanding these threats can help organizations strengthen their defenses and detect them more effectively:

  1. Dependency on External Infrastructure: Dormant malware may not activate if it cannot communicate with its command-and-control (C&C) server, which is responsible for sending activation commands. Without this connection, the malware remains inert until the link is re-established [3]. This is my favorite method, ‘air-gapped systems’, but still not safe without certain precautions.
  2. Internal Component Dependency: Many malware families consist of multiple components that must work together to execute their payload. If a critical component is missing, the malware may remain dormant until the necessary components are present or accessible [3], making it undetectable.
  3. Missing/Expected Input: Some malware requires specific inputs or conditions to execute, as mentioned before. Without these triggers, such as certain user actions or system events, the malware stays inactive, posing a potential threat that could go undetected until activation [3].
  4. Broken ‘Packer‘: Malware often uses packers (encryption tools) to evade antivirus detection. If the packer malfunctions or breaks, the malware may fail to unpack and remain dormant, as the broken payload can be replaced or reinitialized when a suitable trigger activates it. [3].

Impact and Detection Challenges

The threat posed by dormant malware is varied. On one hand, its ability to stay hidden for extended periods makes it difficult to detect. On the other hand, when activated, it can cause huge ravages, not only in terms of financial loss but also in exposing individuals’ private lives to the world. Major challenges include:

  • Extended Dwell Times: Cybercriminals often rely on extended dwell times, using these inactive periods to plan their attacks carefully and maximize the damage once the malware is activated. The longer the malware stays dormant, the more time attackers have to refine their strategies [6].
  • Traditional Security Gaps: Traditional perimeter security tools, such as firewalls and antivirus software, may fail to detect dormant malware, allowing it to sit undetected for weeks, months, or even longer. As cybersecurity tools become more sophisticated, so do the methods that malware uses to remain hidden [6].
  • Case Studies of Detection: In Q3 2023, Kaspersky’s security solutions blocked banking malware on the computers of 76,551 unique users. While it’s unclear whether these infections were dormant before activation, this statistic highlights the scope of the problem and the challenges in detecting malware that lies in wait [4].

Why You Should Care About Dormant Malware

Dormant malware is particularly dangerous because systems may appear to be functioning normally while harboring malicious code that can be triggered at any time. Organizations and individuals alike must understand the threat and take proactive measures to protect their data and systems.

How to Defend Against Dormant Malware

To mitigate the risks, it’s critical to implement comprehensive cybersecurity strategies that go beyond traditional defenses:

  • Advanced Detection Tools: Rely on more sophisticated security software that can detect and analyze suspicious activities over extended periods, looking beyond the immediate threat to uncover hidden dangers.
  • Regular Security Audits: Conduct regular security audits to identify any signs of dormant malware and ensure that all components of your system are functioning properly.
  • Employee Training: Educate employees on the risks of malware, including dormant threats. Awareness and vigilance can go a long way in preventing the initial infection that could lead to dormant malware. As I’ve written multiple times, don’t click on any suspicious links – the most prevalent cyberthreat ever, PHISHING.
  • Network Segmentation: Segment networks to limit the spread of dormant malware. If malware does become active, limiting its ability to move through the system can contain the damage. Segment the data from the system !!!

While precise statistics on dormant malware infections are elusive, the data available paints a clear picture:

Dormant malware is a growing concern among all companies.

With increasing numbers of malware attacks and the sophistication of these threats, organizations must remain vigilant and employ advanced detection techniques to identify and mitigate dormant malware risks, without forgetting to train your employees. By focusing on both technological solutions and user education, we can reduce the chances of becoming the next victim of this hidden threat.

References:

[1] Astra Security, Malware Statistics – https://www.getastra.com/blog/security-audit/malware-statistics/
[2] Statista, Malware Attacks Per Year Worldwide – https://www.statista.com/statistics/873097/malware-attacks-per-year-worldwide/
[3] Tripwire, Four Common Scenarios for Dormant Functionality in Malware – https://www.tripwire.com/state-of-security/four-common-scenarios-for-dormant-functionality-in-malware
[4] Securelist, IT Threat Evolution Q3 2023 – https://securelist.com/it-threat-evolution-q3-2023-non-mobile-statistics/111228/
[5] Statista, Malware Overview – https://www.statista.com/topics/8338/malware/
[6] Node4, Why Ransomware Hides in Your Systems for Months – https://node4.co.uk/blog/why-ransomware-now-hides-in-your-systems-for-months/
[7] Gabsten, Dormant Malware: Beware the Lurking Threat to Your Data – https://www.gabsten.co.za/2024/01/19/dormant-malware-beware-the-lurking-threat-to-your-data/

How to Recognize Phishing Emails and Hidden Links

Just one simple email can halt all the production in your company, potentially causing the loss of millions of EUR/US$ per day – that’s serious!

Phishing attacks, generally via email also via SMS, one of the oldest and most effective forms of cyberattack, are becoming increasingly sophisticated. Even experienced users, including cybersecurity experts, can be tricked. Why is that?

In today’s criminal landscape, some rogue organizations or governments employ psychologists and psychiatrists to craft highly convincing emails and links, and even create mock identical websites that mimic your company’s website.

For many, identifying phishing emails – especially those with hidden or deceptive links, often through text or a button – can be challenging. This article provides a quick guide and an example on how to spot these threats:

Phishing or not a phishing email

1. Start at the top: Look for Suspicious Sender Information

Phishing emails often come from addresses that seem familiar but have subtle anomalies. Always check the sender’s email carefully:
• Misspelled company names.
• Generic email domains like @gmail.com instead of company-specific domains, as legitimate companies should use their own domain.
• “Undisclosed recipients” or other oddities in the recipient field.

2. Examine the Email Content for Urgency or Threats

Phishing emails often create a false sense of urgency, for instance “Your account will be locked or suspended!”. Legitimate companies don’t pressure users this way. If the message seems too urgent or threatening, be skeptical and call the sender directly – taking a few minutes to verify can save you much more time in the long run, and possibly even prevent legal issues.

3. Hover Over Links Without Clicking

A key sign of phishing emails is the presence of misleading links. Hover your mouse pointer over any link (without clicking) to check where it actually leads – a bubble will pop up with the address or appears in the status bar – see picture (look at the beginning, the domain name “example.com”, and not the rest behind). Look for:
• Discrepancies between the visible link and its destination.
• Misspelled domain names or extra characters in the URL.
• Shortened links, which are often used to disguise malicious destinations.
• If your web browser’s security is disabled, check for the “https://” (see picture) prefix in the URL to ensure the connection is secure.

Check thoroughly the email
Check thoroughly the email!

4. Look for Generic Greetings

Phishing emails often use generic phrases like “Dear Customer” or “Hello Dear” instead of addressing you by name. Genuine emails from companies you’ve dealt with will usually address you by your full name or username.

5. Verify with the Source Directly

If an email asks you to take immediate action (e.g., reset your password, make a payment), go directly to the company’s official website or contact their support team by phone. Never trust the links in the email itself.

6. Check for Spelling and Grammar Errors

Many phishing emails are poorly written, with awkward phrasing, missing punctuation, or spelling mistakes. Legitimate companies usually proofread their emails carefully. In case of doubt, call the sender directly to confirm (sometimes the official language isn’t the sender’s mother tongue).

Conclusion

Recognizing phishing emails requires vigilance, but by following these simple steps, you can protect yourself from falling victim to these types of attacks.
Don’t dismiss the narratives like, “he (she) is overdramatic…”. It’s better to be a bit overdramatic than to be sorry afterward.
When in doubt, don’t click any links, and always verify through official channels.

New Threats!

There’s now a new threat – although not entirely new but making a comeback – called snail mail (physical mail) phishing or scams:

Some months ago, I received a “letter” claiming to be from my bank. How did I recognize it as a scam? As simple as it was, the stamp! Everything else about the letter was identical to the official correspondence my bank typically sends. This highlights the importance of scrutinizing even traditional communication channels, as scammers are increasingly adept at mimicking legitimate mail, telephone calls, and messaging.

As a side note, I don’t even use traditional telephone calls for secure or highly private communications, instead, I rely on one of the most secure messaging apps.

But this is a topic for a future article!

Do you know if your data is wandering around on the Internet?

You’d be horrified by how much we can find about you online.

We often implicitly trust companies to keep our data safe, but wait a minute – just because they say it’s safe doesn’t mean it’s foolproof. In fact, companies often warn you in their contracts about how they will handle your information.

That’s not possible, you might say. Well, just recently, in July 2024, AT&T confirmed that cybercriminals had stolen phone numbers and call records of “nearly all” of its customers, affecting approximately 110 million people [1].

The genetic testing company ’23andMe’ reported a breach, affecting 14,000 users [2].

Under the subtitle “Top 5 Data Breaches of 2023,” you can read about this genetic company and others [2].

Here’s an altered story – almost real (company names and personal names have been changed to guarantee anonymity) – that will make you think twice about your own online security… and even your physical security:

The High-School Friend and The DNA Test

Juliana Luniq, a young German medical professional, had just moved to a new city, Amsterdam. She was juggling her new job while setting up her new place, keeping her busy and somewhat feeling lonely. A few days after settling in, she was thrilled to reconnect with Amanda, her best friend from high school. Amanda had reached out on social media, and soon they were remembering about old times, laughing over high-school photos, and catching up on Juliana’s new life that Amanda had followed on social media, where Juliana posted her move from Germany to the Netherlands.

Juliana felt a wave of nostalgia as she reconnected with Amanda, who remembered all the details – favorite bands, embarrassing prom moments, even the long summer road trip they had taken after graduation.

It was comforting to have an old friend in her inbox, especially while adjusting to a new city and all the challenges of starting fresh. Juliana and Amanda chatted over the next few weeks, catching up on everything from career to family. Juliana even shared that she had recently taken a DNA test with a popular international company, GeneVII GmbH, to explore her ancestry and potential health risks. She had always been interested in her heritage, and the test had provided insights into her family’s genetic makeup, along with a few notes on health predispositions.

Unknown to Juliana, the “Amanda” she thought she was chatting with was not her friend at all. The real Amanda had no idea this “reconnection” was happening. Juliana was, in fact, being targeted by a sophisticated scam ring that exploited leaked data from GeneVII GmbH and social media. By piecing together both Amanda’s and Juliana’s social media posts, tagged photos (dates, places…), and even Juliana’s genetic data, the scam ring crafted a disturbingly convincing persona from Juliana’s past. Like so many of us – even high-profile cybersecurity experts who’ve been targeted – Juliana had unknowingly provided the foundation they needed.

Over the next few weeks, “Amanda” became a comforting presence for Juliana – a familiar face who seemed to understand her. They exchanged stories and recommendations, and one day, “Amanda” suggested an exclusive supplemental health analysis service from GeneVII GmbH that she had found after Juliana had recommended the company to her. The offer seemed like the perfect opportunity for Juliana to explore her health profile in greater depth, especially with the recommendation from her friend.

Juliana clicked the fake link sent to her, logged in, provided her details, and verified her account “for security purposes” via a 6-digit Google Authenticator code (any code would work), thinking this was just another benefit of her GeneVII GmbH membership. The address had only a slight change – where ‘VII’ had one lowercase ‘L’ instead of two (unnoticeable).

That very night, the scam operation went into action. “Amanda” and her team now had complete access to Juliana’s GeneVII GmbH account, including her full genetic profile. Worse still, they had changed her security questions, password, and locked her out – a move timed over the weekend when most companies are closed. As a precaution, they also accessed her email, confirmed all changes, and deleted any email notifications.

On Monday, while Juliana was at work, her family received an unexpected call from a professional-sounding woman claiming to be a genetic counselor from GeneVII GmbH. She explained that, through routine analysis, they had discovered a serious genetic marker for an aggressive disease in Juliana’s DNA. The counselor’s tone was calm, compassionate, and and eerily calm. She warned Juliana’s parents that their daughter was at imminent risk for the disease and that a groundbreaking, though experimental, treatment was available privately.

“We’re reaching out because Juliana didn’t respond to her emergency contact,” the counselor said smoothly, spinning a believable story that left Juliana’s parents in a state of panic. Her father tried to contact her directly, but each attempt was met with an error message asking him to try again later. The scammers had managed to block her account and used a pretense with the operator to change her phone number.

In the midst of this supposed crisis, the counselor put the family in touch with “Amanda”, claiming that Juliana had trusted her as a local contact in Amsterdam. Tearfully, “Amanda” explained that Juliana had confided in her about feeling fatigued and overwhelmed, and was considering this experimental treatment – if only it weren’t so costly. To make the story even more convincing, “Amanda” shared personal, intimate details about her supposed friend.

Juliana’s family was devastated. Unable to reach her, feeling powerless and desperate, they resolved to do anything to save her. The counselor assured them that EUR 80,000 was all that was needed to secure a spot in the exclusive medical trial, but emphasized that spots were filling up quickly.

In an emotional rush, Juliana’s parents wired the money, convinced they were buying their daughter precious time. All the while, Juliana was blissfully unaware of the deception, still going about her happy life in Amsterdam.

That evening, she only discovered the truth when she tried to log into her GeneVII GmbH account to do what “Amanda” told her about the new test and found she was locked out. Panicked, she called the company’s customer service, only to learn that her account had been accessed from a new device two days earlier, and her details had been changed. Her heart raced as she thought, ‘Who could that be?’ when suddenly all the private messages she had exchanged with “Amanda” came to mind, making her realize that her supposed friend had known far too much. It struck her like a ton of bricks that this “friend” was a complete stranger, piecing together her life and vulnerabilities through years of social media, and now genetic data.

With mounting dread, she urgently called her parents from the company’s phone since her own phone was disabled – only to learn of the money they had sent and the horror they had endured on her behalf. They were all heartbroken, and Juliana was devastated at having unknowingly led them there. Every choice she had made seemed to unravel with one simple, careless mistake:

Trusting an ‘online friend request’ from someone who felt familiar.

Juliana had fallen victim to a deeply personal scam, one that exploited intimate details of her life, her genetic data, and her family’s trust. A single click, a connection with a “familiar” face, and a series of misplaced trust had led her and her family into the hands of a highly organized scam ring.

What can we take away from this story?

Every digital footprint you leave online remains permanent – whether you ask Google to remove it or not. Think beyond just Google, and consider other search engines outside the EU and US, and especially governmental databases. Your photos, friendships, and even your DNA can be weaponized by bad actors. In an age where data breaches occur daily and scammers exploit the smallest details, it’s crucial to rethink who you trust online and what data you share. Your information might be worth more than you realize – not just to you, but to those who would use it against you and the people you love.

This story serves as a reminder to think carefully about the personal information you share, even with online friends (check with them before, via email, telephone…), to recognize the potential for deep personal consequences. Be proactive by asking questions!

In our days, we urgently need to exercise caution when it comes to our data in today’s digital world. Be mindful of what you share on social media, and consider removing tags and geolocation data from your photos and videos.

Just for fun (or maybe not), try asking ChatGPT to create a profile about you – you will be amazed at what it can tell you. Now just imagine governments who collect every bit of data about you, and using a more powerful AI!

A new DANGER!

A new threat is now looming, the imitation of our voices, which could be used to scam us all.

These AI-generated voices can be incredibly realistic, to the point that it becomes difficult to tell if you are speaking to a human or a machine. Imagine receiving a call from a loved one, asking for money urgently, only to find out it was not them at all, but a deepfake of their voice.

Advise your friends or loved ones to take action if they notice anything unusual or suspicious. For instance, they can use security-based questions to verify whether they are truly speaking to the person they think they are. These questions could be designed to test familiarity or mutual knowledge that only the real person would know. Here are some examples:

  • What was the color of my childhood bedroom?” (A personal question based on shared history.)
  • What’s the name of the family dog?” (A detail that’s specific and difficult for an imposter to guess.)
  • What was the title of the last movie we watched together?” (Something that could easily reveal whether the caller is the real person or not.)
  • Can you name the musical band we saw last summer?” (A shared experience that would be hard for anyone else to know.)
  • What was the first thing I said when we met?” (A personal memory that only the real person would be able to recall.)

These questions can help confirm that the person on the other end is who they claim to be, especially in cases where AI-generated voices might be used to deceive. In fact, you could even use these questions while chatting, as AI currently excels more in text-based conversations than in voice interactions.

Be proactive in educating your circle about these potential threats, and always verify anything that seems even slightly out of the ordinary.

Is the first sentence justified?

“You’d be horrified by how much we can find about you online.”

Disclaimer:
The names, places, companies, and, in part, events mentioned in this article are purely fictional and created solely for illustrative purposes. Any resemblance to actual individuals, locations, or organizations is entirely coincidental.

References:
[1] https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/
[2] https://jumpcloud.com/blog/top-data-breaches-2023