17 Feb Wealth Mindset: Avoiding Cybercrime in the Age of AI

Posted at 21:35h in DW Life, Executive Woman, Front Page, New Articles, Wealth Mindset by

Deepfakes, Romance Scams, and Calendar Phishing, Oh My!

By Sara J. Welch

Anmol Agarwal was flattered —but a little suspicious too.

The telecom executive had just received a LinkedIn request from “Melissa Lambot,” a writer for Influential Women magazine looking to feature Agarwal as a “trailblazing woman” in an upcoming issue. Lambot wanted to schedule an online interview, but since Agarwal had never heard of the publication, she first did a quick search and couldn’t verify the existence of either the magazine or the journalist. She did, how-

ever, find several accounts from other people who had received the exact same request —including, oddly enough, some men.

You may have noticed that suspicious communications like Agarwal’s have become more frequent lately—and more convincing too. That’s largely thanks to the ubiquity of artificial intelligence tools like ChatGPT, which can create nearly flawless scripts in seconds. However, AI is only part of the overall picture, says cybersecurity expert Keren Elazari, a.k.a. The Friendly Hacker.

“In the last five years, the tech industry underwent three significant revolutions,” says Elazari, a senior researcher at the Interdisciplinary Cyber Research Center at Tel Aviv University in Israel. “One, with cloud technology, when companies moved their data and infrastructure onto cloud servers, it became easier for hackers to reach multiple companies through shared data centers. Two, COVID-19 and the rise of remote work created ample hacking opportunities. And three, artificial intelligence—a revolution we’re still in the midst of—is changing how companies handle technology and customer service.”

Yet many companies still approach cybersecurity as they would have in 2019, Elazari says. “Make sure the cybersecurity officer at your organization is aware of what’s happening in 2025, and that they’re not stuck in the past,” she adds. To that end, Executive Woman spoke with cybersecurity experts to learn about the latest scams to watch out for and the best tips to avoid them.

Ransomware

As seen in recent news stories about Coinbase and the cybercrime collective Scattered Spider, ransomware remains one of the most common types of computer hacking, thanks to its high profitability. With ransomware, hackers use malware to encrypt files or lock victims out of their systems, then demand millions of dollars in ransom payments—often in cryptocurrency—to restore access. All executives, regardless of job responsibility, should be aware of the potential for ransomware attacks, says Sivan Tehila, program director and professor in the cybersecurity master’s program at Yeshiva University in New York City and CEO and founder of Onyxia Cyber. “Many modern ransomware attacks involve ‘double extortion,’ where attackers also steal data and threaten to leak it if the ransom isn’t paid,” she says.

To protect yourself and your organization from ransomware, Tehila recommends frequent backups of your data. “A reliable, uninfected backup will allow you to restore your files without paying a ransom,” she says. Also, make sure to avoid suspicious links or attachments, keep your software up to date, only download software from trusted sources, use strong passwords, and enable multifactor authorization across your accounts.

Deepfakes

Deepfakes are synthetic images, videos, or audio recordings that seem real but have been manipulated with AI. “With deepfakes, scammers can make themselves look like anyone they want—even celebrities,” says Agarwal, who is a senior security researcher in Dallas for Nokia, the Finnish telecom giant. From 2023 to 2024 alone, deepfakes increased 3,000 percent, according to IBM, and the use of deepfakes in job interviews is a growing trend, Agarwal says. “North Korean hackers have used deepfakes to get hired by American companies that thought they were hiring US-based employees,” she says.

If you suspect you’ve received a deepfake, scan it for inconsistent or unnatural facial expressions, inconsistent lighting, or out-of-sync or unusual audio, Tehila says. If you’re on a video call, Agarwal suggests asking the other person to blink or put their hand near their face and wiggle their fingers, then look for discontinuities or irregularities in their face, hair, hands, or fingers. To avoid having your own image or voice show up in a deepfake, Tehila recommends being cautious about publicly sharing high-quality photos, videos, and other personal data online, as these can be used to train deepfake models.

Romance and sextortion scams

Romance scams tend to target older women, particularly if they’re recently widowed, divorced, or otherwise emotionally vulnerable, while sextortion scams disproportionately prey on younger women and teenagers, especially those active on social media, gaming platforms, or messaging apps, says Audite Talukder, an information security analyst for American Express in New York City. “Scammers use fake profiles and pretend to be peers or attractive strangers,” she says. “Younger users may not fully understand privacy risks or recognize manipulation tactics, and they can be tricked into sharing explicit images.”

How to avoid romance and sextortion scams? Be highly suspicious of anyone online who won’t meet in person, especially if they suddenly claim a financial emergency. Use Google Images or TinEye to reverse-search profile photos to check if they were stolen. Never share explicit images of yourself with anyone, even if you know them (or think you do). Set your social profiles to private and don’t accept friend requests from unknown people. If someone threatens sextortion, saying they’ll share your explicit images if you don’t pay or send more, don’t pay and don’t respond. “Report the crime to local authorities and the FBI’s Internet Crime Complaint Center at ic3.gov,” Talukder says.

Calendar phishing

First there was phishing, then “smishing” (suspicious texts, a.k.a. SMS messages), now there’s calendar phishing. “Cybercriminals are now sending official-looking Google or Outlook calendar invites that appear to come from HR departments, networking events, or even charity fundraisers,” Tehila says. Once accepted, these fake invites quietly plant malicious links or access tokens in the invitation, bypassing the recipient’s inbox filters.

The fix? Turn off auto-accept on calendar invites, preview any links before clicking, and double-check the sender’s email domain, not just the name. “If something feels even slightly off, it probably is,” Tehila says.

Human hacking

Today’s cybercrime is no longer about using programming skills to breach firewalls and the like. “Criminals are going after individual employees and tricking them into sharing corporate data or even their password,” Elazari says. “We know this from metrics of security incidents, which show that many hackers can log into the systems they target.”

Social engineering is the use of psychological manipulation to convince a target to reveal sensitive or personal information. “It’s the most solicited attack method because people are the weakest link in cybersecurity,” says Cristina Dolan, who is an advisor for Crimson Vista, a cybersecurity engineering firm in Austin, Texas.

How to avoid a social engineering attack? Fabianna Rodriguez-Mercado, a cybersecurity professional based in New York City, suggests memorizing the acronym STAR.

S = Slow down. Scammers count on urgency, and you not having time to think, so pause and verify before responding to anything that feels rushed.

T = Think twice. If it feels off or too good to be true, it likely is. Odd links, unusual requests, or unfamiliar senders should always raise a red flag. For example, a text message from a recruiter or the post office—why would they text you?

A = Ask someone. When in doubt, check with a colleague, friend, or IT support. A second opinion can prevent a costly mistake.

R = Review sources. Double-check URLs, sender emails, and attachments, especially in unexpected messages. Hover before you click on anything to see if the full URL looks legitimate.

By staying vigilant—much as Agarwal did with the so-called journalist—we can guard against social engineering tactics that take advantage of our human instinct to trust, help, and believe in others. EW

Sara J. Welch is an award-winning writer based in Jersey City, New Jersey, who has been writing for Executive Woman since 2007. 

EXTRA!

What to Do If You’re Hacked

If you think you may have been hacked, here are some steps to take:

  • Disconnect to contain the threat. Unplug your device from WiFi and the Internet. If you suspect your network has been compromised, unplug your router.
  • Change your passwords. Start with your email and bank accounts. Use strong, unique passwords and turn on two-factor authentication (Google and Microsoft have authenticator apps you can download). Pro tip: Go to HaveIBeenPwned.com to see if your email or password was leaked, says Elazari.
  • Run a full antivirus scan. Scan for viruses or malware using security software and follow its recommendations to quarantine or remove threats.
  • Check for suspicious activity such as unauthorized log-ins or purchases, changed security settings, or strange emails sent from your account.
  • Notify others. Contact any services (bank, credit card) where your account was compromised. If your email or social media was hacked, let friends and family know not to click on any uncharacteristic messages or links from you.
  • Report the incident. File a report with the Federal Trade Commission at identitytheft.gov and/or the FBI at ic3.gov.
  • Check your credit. Visit AnnualCreditReport.com to check your credit for free. If financial data was stolen, you may want to freeze your credit and monitor for identity theft.
  • Update your software. Make sure you have the latest version of your operating system, antivirus software, and apps to patch vulnerabilities.
  • Consider professional help. If it’s a serious problem, such as identity theft or ongoing suspicious activity, consult a cybersecurity expert or a fraud support service.