AARRTTIIFFIICCIIAALL IINNTTEELLLLIIGGEENNCCEE PREPARED BY: NUR FARAH ADRINA BINTI ADRIS (2022865048) THE THREATS OF CYBER SCAMS USING
Author Profile Nur Farah Adrina Binti Adris is a passionate writer hailing from Johor Darul Takzim. With a keen interest in cybersecurity and the evolving digital landscape, she dedicates her writing to exploring the implications of emerging technologies on our daily lives. Her insightful analysis and commitment to raising awareness about digital threats make her a prominent voice in the field. When she's not writing, Farah enjoys cooking and spending quality time with her family, balancing her professional pursuits with her personal passions.
Abstract The proliferation of Artificial Intelligence (AI) in cyber scams has introduced a new dimension of complexity and danger to digital security. AIpowered scams employ sophisticated techniques to mimic legitimate communications, evade traditional security systems, and adapt to new defenses in real time, posing significant risks to individuals and organizations. This paper explores the nature and threats of AI-driven cyber scams, emphasizing the need for advanced defensive measures. Key strategies include the use of machine learning for behavioral analysis, implementation of multifactor authentication, and rigorous patch management. Understanding these AI mechanisms and adopting comprehensive security practices are essential for mitigating risks and protecting sensitive information in the ever-evolving digital landscape. Through increased awareness and proactive measures, we can enhance our defenses and ensure a more secure online environment.
Table of Content Author profile ....................................................................i Abstract .............................................................................ii Table of content ..............................................................iii Introduction ..................................................................... 1 Previous research studies related to cyber scams and AI. ................................... 2-3 Malaysian case studies on cyber scams and AI. ...................................................... 4-5 Definition and examples of cyber scams and AI terminology ............................... 6-7 Standard of Procedure (SOP) / Guideline on cyber scams and AI. ............................. 8-9 Issues and challenges of cyber scams and AI technology in Malaysia. ............................... 10-11 Suggestions on how to combat the global rise in cyber scams in Malaysia. ...................... 12 Conclusion ....................................................................... 13 References....................................................................... 14
In today's digital world, cyber scams are becoming more and more advanced, using the latest technologies to trick people and exploit weaknesses in our systems. One of the most powerful tools in the hands of cybercriminals is Artificial Intelligence (AI). AI helps them create more convincing scams, avoid detection by traditional security systems, and quickly adapt to new security measures. This new type of cyber scam is a serious threat to both individuals and organizations because it can imitate legitimate communications and sneak past security defenses. Therefore, to fight against these AI-driven scams, we need advanced defenses like machine learning to analyze unusual behavior, multi-factor authentication to make it harder for criminals to access sensitive information, and regular software updates to fix vulnerabilities. It's essential to understand how AI-powered cyber scams work so we can develop strong strategies to protect our digital information and keep our online environments safe. 1 INTRODUCTION
CYBERSCAMS ANDAI PREVIOUS RESEARCH STUDIES RELATED TO
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach Based on the research article "Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach" by Syed Ghazanfar Abbas, the study aimed to use threat modeling approaches to identify and mitigate phishing attack threats in Internet of Things (IoT) use cases. The researchers proposed a framework for assessing phishing risks in IoT environments and developing appropriate countermeasures. This involved a threat modeling process to systematically analyze potential phishing attack vectors and risks in IoT systems and applications. The researchers likely used techniques like attack trees, STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), or other threat modeling methodologies. Moroever, the research identified common phishing attack patterns and vulnerabilities that can arise in IoT use cases, where devices and systems are interconnected. Based on the threat analysis, the authors proposed a framework or set of guidelines for IoT developers and organizations to assess and mitigate phishing risks in their IoT deployments. The framework included recommendations on secure design practices, user awareness, and technical controls to defend against phishing attacks targeting IoT environments. The study provides a structured approach to understanding and addressing phishing threats in the rapidly evolving IoT landscape, where devices and systems are increasingly interconnected. The proposed threat modeling framework can help IoT developers and organizations proactively identify and mitigate phishing vulnerabilities, enhancing the overall security of their IoT ecosystems. In summary, this research article presents a threat modeling-based methodology to identify and mitigate phishing attack threats in IoT use cases, offering a valuable contribution to the field of IoT security and resilience against social engineering attacks. 2
Identifying and Mitigating Phishing Attack Threats in IoT Use Cases Using a Threat Modelling Approach The article is about investigating the role of language teachers' ChatGPT readiness in shaping their language teaching innovation and meeting accountability. The main objective of the article is to investigate the role of language teachers' ChatGPT readiness in shaping their language teaching innovation and meeting accountability in the Iranian EFL context. Specifically, the study aimed to validate ChatGPT readiness, language teaching innovativeness, and accountability as distinct constructs. Examine the direct relationship between language teachers' ChatGPT readiness dimensions (cognition, ability, vision, ethics) and their achievement of external and internal accountability. Lastly, the need to explore the mediating role of language teachers' innovative exploration, generation, and implementation between their ChatGPT readiness and accountability. Based on my finding, the article highlight ChatGPT readiness, language teaching innovativeness, and accountability were validated as distinct constructs in the Iranian EFL context. Unexpectedly, teachers' cognition readiness only predicted implementing innovative teaching, not overall innovativeness. Cognition and vision readiness were not necessary for teachers to meet external accountability, while ability readiness and ethical considerations increased their chances of passing. Exploration and generation were necessary for external accountability, but extending them further did not improve results. The methodology approach that have been used are bisymmetric approach, combining partial least squares structural equation modeling (PLS-SEM) and necessary condition analysis (NCA). PLSSEM was used to analyze the direct relationships and mediating effects between language teachers' ChatGPT readiness dimensions, their innovative implementation, and their achievement of internal and external accountability. NCA was used to identify the necessary conditions for teachers to meet external accountability. 3
CYBERSCAMS ANDAI MALAYSIAN CASE STUDIES ON
WHAT The article discusses the growing problem of digital fraud and cyber scams where the significant financial losses faced by Malaysians, with over RM1.6 billion lost to online fraud in 2022. WHO Malaysian consumers and victims of cyber scams are involved. Not only that, Bank Negara Malaysia, the central bank and financial regulator WHY The article addresses the reasons behind the global rise in cyber fraud, including the Increased reliance on mobile transactions and digital financial services The vulnerabilities in existing security measures like SMS one-time passwords. WHEN The problem has been growing in recent years. It also mentions Bank Negara Malaysia's recent advisory to banks, suggesting these are recent developments. HOW There are several approaches being taken to combat cyber fraud in Malaysia by transitioning to more secure app-based authentication methods. Secondly, introducing cooling-off periods for new accounts. Lastly, enhancing real-time monitoring and detection of suspicious transaction. Monday, 28 Nov 2022 Based on the article research title “Combating a Global Rise in Cyber Fraud” published on 28 November 2022, the author discussed about the growing sophistication of cyber scams in Malaysia and the need for a multi-pronged approach involving technology upgrades, public awareness, and regulatory measures to combat this rising threat. It provides a good overview of the current situation and challenges faced in Malaysia. 4
WHAT The study examined the awareness levels of Malaysian students regarding different types of cyber scams. It also assessed the overall cybersecurity awareness covering topics like privacy, password management, and online trust. . WHO The researchers were interested in understanding the cyber scam and cybersecurity awareness of this specific demographic. The key participants in the study were Malaysian university students. WHY University students are considered a vulnerable group when it comes to cyber threats, as they are increasingly reliant on digital technologies and may lack of skills to protect themselves WHEN The exact timeframe is not specified in the information provided. However, the findings are likely still relevant, as cyber threats and the need for cybersecurity awareness among young people remain pressing issues. HOW The researchers used a survey-based approach to collect data from the university students. May 2023 Based on the article research title “A study of awareness of Cyber Scam and Cybersecurity among university students in Malaysia” This case study focused on examining the awareness levels of Malaysian university students regarding different types of cyber scams, including phishing, investment schemes, romance scams, and merchant fraud. It also assessed the overall cybersecurity awareness of the student population, covering topics like privacy, password management, and online trust. 5
CYBERSCAMS ANDAI TERMINOLOGY DEFINITION & EXAMPLES OF
Artificial Intelligence (AI) Artificial Intelligence (AI) known to be the simulation of human intelligence processes by machines, enabling them to perform tasks that typically require human intelligence, such as learning, problem-solving, decisionmaking, and perception. For example, virtual assistants like Siri, Alexa, and Google Assistant use AI to understand natural language, answer questions, and carry out commands. Machine Learning (ML): A subset of AI that enables systems to learn and improve from experience without being explicitly programmed. For instances, spam filters that automatically detect and block suspicious emails are powered by machine learning algorithms that identify patterns in data. Natural Language Processing (NLP): Natural Language Processing (NLP) is the branch of AI that enables computers to analyze, understand, and generate human language, including speech and text. For instances, language translation apps that can instantly translate between multiple languages use NLP to interpret and convert the text. DEFINITION & EXAMPLES OF CYBER SCAMS AND AI TERMINOLOGY Deep Learning: A type of machine learning that uses artificial neural networks to learn and make decisions, similar to the way the human brain operates. One of the examples are facial recognition systems that can accurately identify individuals in images and videos rely on deep learning algorithms. Phishing Scam: Phishing scam is a type of social engineering attack where scammers send fraudulent messages, often disguised as legitimate communications, to trick victims into revealing sensitive information or performing actions that benefit the attacker. For example, receiving an email that appears to be from your bank, asking you to click a link and enter your login credentials to verify your account. 6
Vishing Scam Vishing scam is a type of social engineering attack where scammers use voice communication, often impersonating a trusted organization, to trick victims into revealing sensitive information or performing actions that benefit the attacker. For instances, by receiving a phone call from someone claiming to be from the IRS, demanding immediate payment of back taxes. Smishing Scam Smishing scam known to be a type of phishing attack that uses SMS (text messages) to lure victims into revealing sensitive information or performing actions that benefit the attacker. For example, by receiving a text message that appears to be from your mobile carrier, asking you to click a link to update your account information. ChatGPT A large language model developed by OpenAI that can engage in natural language conversations, answer questions, and generate human-like text on a wide range of topics. For example, student using ChatGPT to help with research, brainstorming ideas, or even drafting written content like articles or essays. DEFINITION & EXAMPLES OF CYBER SCAMS AND AI TERMINOLOGY Spear Phishing: A targeted form of phishing where scammers tailor their messages to specific individuals or organizations, making the attacks more personalized and convincing. For example, user received an email that appears to be from their boss, requesting to wire funds to a particular account for a business transaction. Chatbots: Computer programs designed to simulate human conversation, often used for customer service, information retrieval, and other interactive tasks. For instances, the customer service chatbot on a company's website that can answer basic questions and guide users to the appropriate resources. 7
STANDARD OF PROCEDURE (SOP) GUIDELINE ON CYBER SCAMS AND AI
Standard of Procedure (SOP)/ Guideline CyberSecurity Malaysia has published guidelines on computer security for home users, which cover topics like protecting against phishing, malware, and other cyber threats. These guidelines provide best practices for securing home computers and using the internet safely, especially for online transactions and accessing webbased applications. Awareness and Education Regular training sessions for employees to recognize different types of cyber scams, such as phishing, vishing (voice phishing), smishing (SMS phishing), and social engineering attacks. Secondly, by awareness Campaigns. Continuous awareness campaigns highlighting the latest cyber scam tactics are needed to ensure the public aware and acknowledged about the cyberscam tactic. Training should go beyond just lectures and presentations - it needs to be interactive, with quizzes, reallife examples, and hands-on exercises. Firstly, by the Implementation of software and tools to detect suspicious emails, links, and activities. This will be convenience not only for the user but also the cybersecurity organization as we could prevent the issue from getting bigger. There should be a reporting Mechanisms where there are clear procedures for employees and users to report suspected scams. This includes a dedicated email address, phone number, or internal system for reporting Detection and Reporting 8
Standard of Procedure (SOP)/ Guideline Preventive Measures Firstly, by e-mail filtering. Use algorithms to identify and block spam emails. These filters analyze email content, sender reputation, and patterns that indicate spam. Secondly, by access controls: Strict access controls to sensitive information, ensuring only authorized personnel can access critical systems and data. It is important to keep detailed logs of who accessed what information and when. These logs are essential for detecting unauthorized access and investigating incidents. User Interaction and Education Government are responsible in educating users on how to interact with AI systems safely and effectively. There should be a channels for users to provide feedback on AI systems and report any issues. Data Privacy and Security: Implementing strong data protection measures to secure the data used by AI systems. It is important to Ensure that AI systems comply with relevant data privacy laws and regulations, such as GDPR. Continuous Monitoring and Improvement There should be job where they continuously monitoring the performance of AI systems to detect and correct any issues. Next is regular updates. Keeping AI systems updated with the latest advancements and security measures. Development and Deployment Frequent testing and validation of AI systems to ensure accuracy, reliability, and safety will ensure there is no misinformation and fake news from spread around. Lastly, is to have a clear guidelines for the deployment of AI systems. 9
CYBERSCAMS ANDAI ISSUESAND CHALLENGE OF TECHNOLOGY IN MALAYSIA
Increasing sophistication of cyber scams The cyber scams in Malaysia have evolved significantly, with scammers employing more advanced techniques to deceive victims. The use of AI and deepfake technology is making online scams more sophisticated, as it enables fraudsters to manipulate media and impersonate real people. The cyber scammers using advanced techniques like phishing, malware, and social engineering to deceive victims. For example, the rise of "Authorized Push Payment" (APP) scams, where fraudsters trick victims into willingly transferring funds, has been a growing problem. These scams are difficult to detect and prevent, as they exploit human vulnerabilities rather than just technical vulnerabilities. Challenges Scammers are constantly developing new and more complex tactics to deceive victims, making it difficult for authorities and financial institutions to keep up.Adapting their methods to evade AI-based fraud detection systems used by banks, requiring constant model updates. They will constantly developing new scam types and variants, forcing defenders to always be cautious. Impact Significant financial losses for individual victims, with the average loss from APP scams in Malaysia being around RM30,000. Not only that, there will be an Erosion of public trust in digital financial services and online transactions, hindering the country's digital transformation efforts. Reputational damage for financial institutions that fail to adequately protect their customers. Increased costs for banks and businesses to implement robust fraud prevention measures. The transnational nature of many cyber scams makes it challenging to investigate and prosecute the perpetrators. Scammers often operate across international borders, making it hard for any single country's authorities to investigate and prosecute them There is also perpetrators leverage the anonymity and technical expertise afforded by the internet to cover their tracks. Lastly, is the lack of cross-border cooperation and harmonized laws makes it easier for scammers to evade justice 10
Limitations of AI-based fraud detection While Malaysian banks are increasingly adopting AI and machine learning to detect fraud patterns, these technologies have their own limitations. Scammers can adapt their tactics to evade AI-based detection systems, requiring constant model updates and improvements.Obtaining the large volumes of high-quality data needed to train effective AI fraud models can be resource-intensive for financial institutions. There are also concerns around algorithmic bias and privacy issues in the use of AI for fraud detection.Another challenge is the "black box" nature of complex AI models, which makes it hard to interpret and explain decisions to customers. This can lead to false positives and disruptions to legitimate transactions, resulting in poor user experience.To address these issues, a multi-pronged approach is required. This includes strengthening cybersecurity measures, improving public awareness, enhancing crossagency coordination, and continuously upgrading fraud detection technologies. Regulators and financial institutions in Malaysia will need to stay vigilant and adapt their strategies as cyber scams continue to evolve. Challenges Scammers can adapt their tactics to evade AI-based detection systems, requiring constant model updates and improvements. Obtaining the large volumes of high-quality data needed to train effective AI fraud models can be resourceintensive. There are concerns around algorithmic bias and privacy issues in the use of AI for fraud detection. Difficulty in interpreting the "black box" nature of complex AI models, making it hard to explain decisions to customers. Impact There are potential for false positives and disruptions to legitimate customer transactions, leading to poor user experience. The inability to keep up with the pace of change in cyber scam tactics, leaving vulnerabilities unaddressed. Therefore, a regulatory scrutiny and compliance challenges if AI-based fraud detection systems are not transparent and fair. It will be a missed opportunities to leverage the full potential of AI in enhancing fraud prevention and detection capabilities. 11
THEGLOBAL RISEINCYBER SCAMSANDAI SUGGESTION ON HOW TO COMBAT
SUGGESTION ON HOW TO COMBAT THE GLOBAL RISE IN CYBERSCAMS IN MALAYSIA Strengthen regulations and enforcemen Strengthen regulations and enforcement: Malaysia has existing laws targeting cybercrime, but more specific requirements around electronic know-your-customer and authentication methods may be needed. Robust enforcement and penalties can deter would-be criminals Leverage advanced analytics Financial institutions in Malaysia are increasingly adopting machine learning and data integration to detect fraud patterns in real-time and improve onboarding security. Continued investment in these technologies can bolster defenses. Improve public awareness The Malaysian government has set up initiatives like the National Scam Response Centre to educate the public on digital scams. Continued efforts to raise awareness on common fraud tactics are crucial. Banks and financial institutions in Malaysia have been advised by regulators to a secure appbased authentication. Consumers should also use strong, unique passwords and keep software updated Enhance cross-agency coordination Collaboration between law enforcement, regulators, and cybersecurity agencies is important to quickly identify, investigate, and disrupt cybercrime operations. Sharing data and intelligence can help combat the transnational nature of these crimes Leverage advanced analytics: Strengthen cybersecurity measures 12
In conclusion, the rise of AI-powered cyber scams represents a significant and evolving threat in the digital age. These sophisticated scams leverage advanced technologies to create highly convincing and adaptive attacks that can evade traditional security measures. As cybercriminals continue to innovate, it is crucial for individuals and organizations to implement robust defenses, including advanced email filtering, strict access controls, and regular software updates. By understanding the mechanisms of AI-driven scams and adopting comprehensive security strategies, we can better protect our sensitive information and maintain the integrity of our digital environments. Awareness, continuous education, and proactive measures are key to staying ahead of these threats and ensuring a safer online experience for all. 13
Bong, X. L. (2023). A STUDY OF AWARENESS OF CYBER SCAMS AND CYBERSECURITY AMONG UNIVERSITY STUDENTS IN MALAYSIA, 1– 50. http://eprints.utar.edu.my/5842/1/BONG_XU_LIN_FYP_Clean_versio n.pdf Fam, C. (2022, November 26). Combating a global rise in Cyber Fraud. The Star. https://www.thestar.com.my/tech/technews/2022/11/28/combating-a-global-rise-in-cyber-fraud Rahimi, A. R., & Sevilla-Pavón, A. (2024). The role of CHATGPT readiness in shaping language teachers’ language teaching innovation and meeting accountability: A bisymmetric approach. Computers and Education: Artificial Intelligence, 7, 100258. https://doi.org/10.1016/j.caeai.2024.100258 Abbas, S. G., Vaccari, I., Hussain, F., Zahid, S., Fayyaz, U. U., Shah, G. A., Bakhshi, T., & Cambiaso, E. (2021). Identifying and mitigating phishing attack threats in IOT use cases using a threat modelling approach. Sensors, 21(14), 4816. https://doi.org/10.3390/s21144816 14