August 15, 2024 • 31 mins
A big part of the cyber criminal's toolkit is impersonation. Phishing and Business Email Compromise can start with impersonation of authority in an effort to manipulate their intended victim into revealing sensitive information, or separating them from their money.
We're told to verify identities, but how do we do this, when Generative AI is making it so much easier to impersonate people over the phone, and in videos?
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:25):
Welcome today to a
new thing that we're going to be doingat Phriendly Phishing.
I'm Benji, and with metoday is my colleague Bec.
and what will be hosting
today is a new podcastseries called Bytes with Bec and Benji!
I'll hand over to my colleague Becto give you a bit of insight
as to her background, and we'll kick offthe conversation after that.
(00:45):
Man, I just love the phrasestranger danger,
and I think it really doesneed to come back in a huge way.
We've been doing it wrong.
Yeah, absolutely.
Hi, everyone.
Yes, my name is Bec Caldwelland I'm the Content Marketing Specialist
at Phriendly Phishing.
And I've been working in searchengine optimisation,
project management,a bit of broadcasting too, and now I'm,
(01:08):
all in, both fit into cyber security.
And I love a bit of open sourceintelligence (OSINT)
and a bit of incident responseand also psychology, which is a little bit
what we're going to be talkingabout today.
Absolutely.
And for those that don't know me,my name's Benji Zorella.
I'm an eLearning instructional designer here at Phriendly Phishing and I'm responsible for
course design and creating those simulatedphishing emails that we send out to all of clients.
(01:33):
My background’s primarily in higher education,
cybersecurity,digital enablement of various sorts.
and I've recently acquired an ISC2 Certification.
I'm really interested in all thingscyber security, but I hold a particular
keen interest in foreign interference,open source intelligence (OSINT),
web vulnerabilities, and GenerativeAI technologies more broadly,
(01:55):
all of which I think translatedirectly into the conversation
we're about to have today, Bec, around
social proof.
Yeah, sure.
What do you understandwhen I say ‘social proof’?
Well, it's quite broad.
in normal terms, it's basically just mostpeople are looking
for social cues on how to act in a certainarea of their life.
(02:18):
And it can be as mundane as, you know,
which fork to useat a fine dining restaurant.
You know, people look around
and see what the majority is doingand then act accordingly.
and I suppose on the internet, it's,you know, you're
looking for a social proofthat proves that your opinion is correct.
Absolutely; justifies, I guess,the information that you have
(02:39):
ready at hand, that they agreewith that information as well.
I think a great exampleof something that happened relatively
recently is with the FTX
and Sam Bankman-Fried crypto saga, whereby
a lot of people investingin that cryptocurrency, that exchange,
(02:59):
they ended up getting very much,
I suppose, sucked in by the verificationspeople like Larry David and Tom Brady,
who you, as a layman, would assume their legal teamsand that finance people are doing
that due diligence behind the scenesin promoting such an exchange.
And it's you and I,the layman, regular person.
You don't have those resources to,I guess, find out
(03:22):
if there would be something that could benefarious behind that whole set up.
And we we almost rely on those individuals
to make the callso we can kind of follow suit.
And it's become harder and harder to dothat.
It really is.
And, you know,
someone that doesn't really understandhow all that sort of backend stuff works,
they're saying these famous faces that,
(03:43):
“backing it”,and even those famous faces,
they can't be on top of every single timethey're mentioned in the media as well.
So it might be too little, too latewhen they say, hang on.
Actually, this isn't how it's meant to be.
This is not me saying thisor this is not my endorsement.
So if someone's looking for an endorsementby someone
they admire and respect,they can still catch you.
(04:07):
Absolutely.
And, you know, with the accessibilityand just low barrier to entry to generate
material based on famous people.
Yeah, it's becoming very complicatedto be able to, I guess, identify
where exactly social proof is no longer,as relevant as it was,
(04:27):
but also what do we look to,in the age of impersonations
and deepfakes and generativeAI and all this stuff?
What is social proof now?
Well, that's it, because I think
when you can't see a person.
So I mean, obviously there's a deepfakeso you can see a person now sometimes.
But when you conversewith people on the web,
(04:49):
you can fall into a very quickfeeling of closeness
because the other person,if they're scamming you,
they know exactly how to communicatewith you to get you to do what they want.
And now that we've got generative AI,
the scammers are training thisAI to be more empathetic.
And they're using this thing to say
“You are a psychologist.In a psychological way,
(05:10):
How do I get this personto say yes to this?”
And they don't have cueslike body language,
the smile reaching the eyes,facial expressions and things like that.
And just and even that.
how would you put it?
The “spidey-sense” of uneasewhen you're with someone
that might not be trustworthy?
(05:31):
you know,and it's it's really fascinating.
This, I think, ties directly into what,Phriendly Phishing also tries to do in that
with all that coursework and the simulatedphishing emails, we very much try to use
similar techniques that scammers will usein their lures and in their setups.
They will always comewith some level of emotional trigger,
(05:54):
whether excitement, love, sympathy or
guilt or anxietyor fear; it's always leveraging on one
or more of those things “sales tactics”being shoved into the social engineering.
Yeah, well, people are so used to itthese days.
you know, obviously during pandemic times,almost all work was online.
So people got loggedinto a false sense of security, of,
(06:14):
okay, all my interactions are online now,so this is all
I've got to deal with.
But that also kind of fostereda sense of loneliness
if people get used to that, evennot saying hello to someone in the office,
you're very isolated and you sort offorget that you require a couple of layers
of physical security, which is,is this person a human being or a robot?
(06:40):
You know,
how do you do the “am I a robot?” check
when you're talking to someone onlinewithout being super awkward?
The more online we became, the entire humansocial experience kind of followed suit as well.
Where everything's onlinenow, your services, your jury duty, your government services
And so with that kind of direct
(07:02):
access to the brain stem,if you will, through your email,
scammers have a much more impactful wayto reach out to you as well.
Because if you are expecting a jury dutyemail to come via email
instead of via the post now,I suppose the the landscape vulernability
increases greatly inhow they can leverage those against us.
Even in the ‘scanning for S.C.A.M.’
(07:23):
and looking at the unusual domainsand things of that nature.
I actually just reset one Microsoftpassword here at work,
and I got a notification (via email) from the domainmicrosoft-onlineservices.com.
It was an entirely legitimateemail entirely sent from Microsoft.
But the domains that they using wouldn'tnecessarily make me think they’re legitimate.
(07:44):
So even the legitimate social proof that we have
is so disparate and inconsistent that you can't even really rely on
“oh, well, it IS from Microsoft”...
because it's the same sort of domaina scammer would likely register.
So I do think there is a part to playwith these technology companies not having
as much of an impetus for you, as the user,to know all of these idiosyncrasies.
(08:09):
I think those things only help scammersabuse us. They do.
By not knowing who we should go to,and who to rely on.
They do.
And just for the people listening,if you don’t know what a TLD is,
It’s a Top-Level-Domain (TLD).(thank you Bec)
So when we speak to that, we're lookingat, you know, you would expect it
to come from Office.com or somethingsimilar like that.
But as, as Benji just said,they can buy any domain
(08:33):
they want, just like a scammer can.
And you know when you've got lotsof branches of a business
or in a giant organisation like Microsoft,there's going to be different
email servers and domains used to serve thattype part of the business.
Different teams, different responsibilities.
And that's and that's somehow on usto sort of know, oh, okay,
“this is a giant conglomerateand these all of their properties.
(08:56):
Now I know what to look out for!”
It's just not feasible.
We don't have time to do thatlevel of analysis,
which is why social proof has always beenlooked to, is one of these, like
instinct-based things.
You look to other peopleso that you can kind of immediately
ascertain what you should be doing,and then make that call for yourself.
With all of these thingsbecoming so disparate and inconsistent,
(09:17):
how does one know what things
to look out for, let alone evenknowing to look for social proof?
What is the new social proofin the age of AI?
And I think that's going to change againin no time at all.
I mean, we've just put out the new courseUnderstanding Generative
AI and even the new Catfishing course,and we tell you what to spot.
(09:38):
But I have a feeling we're going to redothose courses very soon.
I absolutely agree,I almost feel like the material
related to these new technologiescoming out will
almost be like an archive course of like,“see how far it's come in a year?”
I've been playingwith a lot of these generative
AI tools in my spare time,and the ones that are most,
(09:58):
I suppose, confronting inhow far they've come in such a short
period of time to meis, some of the music generation ones.
so around January 2023,they would come out with very bad
out of key music, with voicesthat *sounded like thiiiiis* and very robotic.
And now, just six months, eight monthslater, they are full instrumentals
(10:21):
with recorded voicesthat actually sing in the key.
They change the key for the chorus.
They're getting exponentially better exponentially quicker.
You can have Sinatra like singingHappy Birthday to You or like singing
something that you've written.
You can have fullarrangements of instruments.
(11:18):
That’s it...
I can see why artists are extremely nervousabout all this.
Because it's taking the fun out of life.
Like we didn't want to give robotsdominion over our creativity.
Who would have thought that all of uswould be sitting there
doing spreadsheets while all the robotsmake music and draw paintings?
Right?
It's literally the worst partof the evolution of online life, I think.
(11:40):
And I don't think we saw it coming.
In saying that,I do think one of the benefits
of that kind of reduction of the barrierto entry is,
who knows, all the new artiststhat will come that never thought
they could ever be an artist.
You know, it has, in a way democratisedthe creative process for individuals,
which does, again, tieinto this whole social proof.
(12:02):
The only thing preventing you from doingsomething nefarious is the intent.
Now you have all the toolsand all the knowhow.
The only thing stopping you is,“should I do that?”
“Maybe I shouldn't do that!”
It’s Damocles sword.
Like anything,you know, it'll swing, on both sides.
But I do value the,I suppose, creative thinking that is
unlocked for of people that weren't
(12:22):
necessarily creativeor didn't consider themselves creative.
That said, it also comes down to,the copyright
and the training of the modelsand all these things.
It's kind of a larger conversation,obviously, than than just that.
Yeah.
as you're sayingthat something also came to mind.
it's kind of an opportunitybecause some people grew up,
with the resources to learn an instrument,
(12:44):
to learn how to sing, to go to choir meetsand all this kind of stuff.
Not everyone had those opportunities.
So if you've had that creativeitch over time
and have always felt held back,that is not true anymore. (now’s your time)
So it's not actually just about,
a glut of new creativity.
it's an opportunity based thing.
(13:04):
And I think that's a really cool way of,you know, positioning it
because anything that's accessible topeople is, is a good thing, I think.
In the moving throughthe digital ecosystem of all these tools,
I do think that that's wherethis generative AI really comes into it.
If you have different toolsthat can expedite that whole process,
(13:25):
you know nowwhere to slot them in within the process.
It's not about revolving the wholeworkflow around that individual piece.
I think
there's a great opportunity, as you said,in, in a lot of these things,
as much as there is a double edgedsword of it being used against us.
Yeah, but I think the majority of peoplewill use it, like you
said, like a bit of a toolkitbecause nobody has the time to devote
(13:48):
recreating themselves,as an expert in each of these areas.
And years ago,if you wanted to get on the radio where.
where it's a little bit more organicand it's live or or even if it's not live,
that was really reservedfor a small amount of people.
And I think, you know, 99% of peoplewouldn't experience getting their voice
heard.
So now, although we have to like usemaybe ten tools to get this done,
(14:12):
it is super accessibleand it is an excellent tool.
Kit Yeah, absolutely.
The flipside of all this is
by using these tools,you also get a direct sense
of behind the scenes how these toolscould be leveraged against you.
In the instanceof the more we use these tools
more broadly, the more we incorporatethem into our workflow.
(14:34):
It's that almost becomes the social proofwe need because you see
what the output is and that thereforeyou recognize the output laid up.
You're kind of like,I know where that came from.
The more generative art that
I see, the more I can pickwhat is it generated?
A piece of art because they all sharesimilar characteristics
and this will change and it will changeevery week and every day and every year.
(14:58):
But currently they do all havethis kind of
uncanny valley still feel when you see them, particularly
when you're creating a lot of it,
you see a lot more commonalitiesacross all different types,
especially if you give it instructionsto copy a style from, say,
a famous artist, whether that's a painteror a singer, things like that.
(15:22):
And yeah, I mean, one of the cool thingsthis is a slight divergence,
but I'm saying that there's new products to poison
AI so that it can'tthen be used as original material.
So things like Nightshade,
I think there's a few more that likethat are coming out and I'm really hoping
there's one that we can useas a, as a layer in between us
(15:42):
and a recording to stop our voicesbeing printed to stop
our face is being usedin facial recognition.
It shouldn't be 100%.
The voice cloning thingis remarkably accessible
You can also go to thingslike Google Cloud
and just kind of start experimentingwith some of these voices
that will absolutely be making their wayinto customer support.
(16:03):
Those voices will be the voices
that you hear everywherewhen you call on Optus or Medibank
or any of these companiesthat have front line support,
they're getting better every day,particularly those Australian voices.
There are there are certain wordsthat you can kind of tell if you know,
but for the most part out of the box,I require no experience.
(16:26):
It costs me a dollar a month.
I want to tell youthat you have a voicemail from the ATO.
Call me back on this mobile number.
Perfectly achievablefor very little effort, very little money.
This is an example of a generatedaudio clip.
It is created to synthesise humanlikesounding voices in a variety of contexts.
We can get this voice to say anything.
Even things like: “This is the ATO calling regarding your overdue tax return.” (16:47):
undefined
Always be cautiouswhen relying entirely on audio.
Which is one of those thingswhere at least in a forum
like this online, there is some levelof visual appearance and interaction.
Like I am physically sitting here,my mouth is physically moving
(17:07):
when words are coming out.
When we’re just on a phone, and someone could even line up
several recordings with a soundboard
and play them as thoughit's a conversation
like an eight track just hitting,hitting all the different responses.
Hundred percent.
“Hi, this is Benji calling from the ATO.”
You say, “what's this about?”
“I'm calling today about your overdue fine.”
“I don't have any overdue fines.”
(17:28):
“Well, actually, what we found is...”and you just queue up all the things
that you would need to convince themthat this is a legitimate call.
And I feel like what does one do that?
Like beyond actively hanging up the phone,calling up the ATO (and calling back)
which is literallythe only thing you can do...
I think the propensity peoplehave to trust
others, particularly in serviceareas, is much greater online
(17:50):
than it is in person,because we've had these things
like “stranger danger” growing upand things like that, whereas now
there's no choice.
You have to deal with people
that you get linked up to onlineor who reach out to you online.
I think people have a little bit of‘they don't want to be rude’
and just hang up the phone or say no,I'll figure out if this is a scam myself.
(18:11):
Yeah, protecting yourself is not rude.
You know,you can do it in a very polite way.
“I don't have time for this.”
“I'm going to call the ATO back in 10 minutes”or whatever have-you.
But the not wanting to offend someone isnot enough reason to go along with a scam,
assuming there is nothing telling youthat it is in fact legitimate.
(18:33):
Yeah.
And I feel, you know,
there's a lot of statisticsthat I don't have to hand at the moment,
but it makes sensethat some of the older generations
will fall for it a bit more becausethey're more used to picking up the phone.
I mean, I make phone calls for workrelated reasons.
It’s very rare that I would pick up the phoneand call someone other than my mother.
(18:53):
So, you know, if I get these text messagesin these emails,
I think, now I got to call someone... :(
And, if someone calls meand I think, okay, that's that's my bank’s name
coming up on my mobile,I should pick it up.
But that can be spoofed as well.
And that's something they're (scammers) doing now aswell, is they'll spoof the name of a bank
so it goes into a legitimate trailof the bank SMS.
(19:15):
So then it's not even two separate things.
So you can see this is the fake one.
This is the Westpac one.
It comes within the original Westpacbank trail,
and that stuff can be incredibly nefariousbecause that social proof
it's in the Westpac trail,it's all G, it's all fine
And it was actually something you,you taught me about the other day, Bec,
which was with International Women's Day.
(19:36):
You actually rightly mentionedto get around how there's been a scam
going for many yearsand do want to give some insight on that?
Yeah, I mean, scam is probablyI mean, I guess it is the right word.
So you know a marketing companywith fairly, I guess
dodgy background put up International Women's Day dot com
(internationalwomensday.com)
So that's you know, top leveldomain with social proof right there
(20:01):
because people want to celebrate equityin the workplace and,
you know, safety for womenand it looks legit
and it probably is “legit”as far as anyone can tell.
But the thing is, it's not part of the UN,and the UN is the organisation
that coined International Women's Dayfor the betterment of girls
(20:23):
and women around the world.
So you've got two themeshappening every year.
And you know,
if you Google IWD
the fake one comes up,the UN one is maybe like ten places below
And that’s the scary thing,(that IS the scary thing)
Because Google is the social proof,the top thing.
That's thelegitimate one always, right?
(20:45):
And the UN URL is unwomen.org whichwell it has a .org,
People are going to knowthat's the UN, it's un women.
Is that a thing?
I'm not going to click through to that
and is it okay to just celebratethis theme over this theme?
What's the harm?
But the harm is both ofthe websites are taking money
(21:05):
for toolkitsfor your workplace to celebrate it.
So we don't know where that moneyis going to that marketing agency.
We know that if it's going to the UN,
it is going to the things that they'redoing to support women and girls.
Whereas the marketing company,we have no clue where that money is going.
There's also certain stipulations aroundwho can and can't register a dot org
(21:26):
top level domain.
You generally have to be some levelof nonprofit or government organisation
to receive those TLDs.
So the notion that this other randomone could be privatised, for profit,
those donations that were in theorymeant to go to a nonprofit organisation
are now going to some for profitprivatised corporation.
That's an issue! People are being misled.
(21:48):
Exactly.
And the thing is, they mightstill have the best of intentions,
but they certainly they certainly don'thave the access to charitable foundations
to give this money to.
And with a lot of charities out therethat have a, you know, retail facing
this money going to like their staff,
you know, there's a lot of moneyto go around and how much of it's
going to go to the actual charitythat they say they’re representing.
(22:11):
Absolutely.
it's amazinghow much this, the SEO (Search Engine Optimisation) side of Google
can be abused. Pay a couple of bucks and Google promotes them.
Yeah, there's a lot of there'sa lot of scams out that it all started
with just,you know, small, innocent things.
And it's yeah, the evolution of ithas just gotten out of control.
And I guess my question is,at what point does lying about yourself
(22:33):
become a catfish, especially nowthat it's just completely different beast?
And that's, again, the stranger dangersort of situation of, you know,
all of that emotional stuffis there. Like, we're talking to
someone that we think likes usor something like that
we want to impress as well, show our bestfoot forward or whatever, you know?
(22:54):
It just comes down to that intent, right?
I remember one of my single friends
mentioned the phrase to me, hatfishing.
It's when gentlemen on these dating appshave a hat, but they're actually bald.
But you wouldn't realise thatfrom your photos; hatfishing.
So yeah, that's kind of you know, it’spretty benign, it's nothing too bad.
It's like just generaldating faux pas stuff
(23:16):
that you probably shouldn't do, but like,it is what it is.
But where does that kind of go to?
I'm doing this with the sole intentionof getting something out of you
and it's not.
Yeah, you know, relations or anything.
It's generally monetaryor your identity, right.
It’s harder for people to come to concrete conclusions around someone being not forthcoming.
And a great examplewould be like romance scams.
(23:38):
One of the more common thingsthat I've seen in my kind of cursory research
is people claiming that,you know, they're either in the military
and that's why, you know
why they can only respond at weird hoursis that's why they can never have calls
because it's always too noisyin the background.
You can always throw something outto throw people off the scent
as to the legitimate reasonas to why you're being not legitimate.
(24:01):
And it can sound exciting,especially with that military thing.
It's like, “I'm in a secure location.”
“I can't reveal my location,I can't turn on my camera.”
“It's been shut down.”
I mean, you know, they (you could buy that!)
Well, it'sit's probably true in some cases,
but the thing is, I don't think
for me at least, I don't think, you know,if you're deployed.
(24:22):
What are you doing on a dating app anyway?
Yeah.
If nothing's accessible to you,if you're not able to, like, actually
enter into some sort of relationship,that would be my red flag anyway.
Like, okay, what are you doing?
And I guess that's it, right?
Is what threshold do individuals
individually have to kind of point outthose things?
(24:42):
Like if that's a red flag for you,but someone who's I suppose
potentially more lonelyor is maybe younger or older,
they may beless experienced or more experienced
in datingand then be like, well, that makes sense.
“I mean, I've dated someone in militarybefore.”
It's just about convincing ENOUGH peoplethat you get what you want
from your real intent, right?
(25:03):
It's all about convincing everyone.And that's I think the game of the scammer.
More often than not,they'll probably get found out.
But the people that do pay them,they will never forget it.
They'll never forget it. Yeah.
And that's why it's so relentless.
Because just like regular dating,it's a numbers game.
Just get as many people as possibleand you'll get that vulnerable person
that just wants to talk.
(25:24):
And they are so happythat you respond with kindness and
and future plans and things like that.
Love bombing, just like, “oh, you're amazing!”
“I'm so glad that we met.You know, we have so much in common.”
“I love talking about dogs or,you know, playing checkers or chess”
or whatever it is.
And we bond over that thing
because you're so specialthat I found you over that thing.
(25:44):
And I guess this ties intohow impersonation more broadly
kind of acrossromance scams, employment scams
all of these scamsthat rely on a certain level of authority
or urgency or compassion.
I think there are certain cyber
I think there are certain cyber
case studies that people will point toover time that “that's the point
things changed.”
(26:05):
And one of them,
I think, happened more recentlywhere a finance worker agreed to pay out
$25 million after a video
call with a deep fake ChiefFinancial Officer.
But yeah, the details of those stories are even more fascinating...
Where the individual receiveda phishing email
was incredibly suspiciousof the phishing email at the start.
(26:27):
However,their suspicions were completely allayed
when they signed on to the Zoom calland there were several people
(and his boss was there)all deep-faked. Not a single real human was there.
And I feel like it's one of those...“Yeah, I would have spotted it!”
But, you know, when you're surroundedby authoritative figures
(26:47):
and you're not in a position
to question things,I don't think that people question things,
you know, I mean, going back to that wholethey don't want to be rude
or don't come off as aggressiveor whatever else.
So I can see this happening a lot morewith that ability to mass profile people,
pick a target and then find outas much about that small group of people
as we need to then be able to replicatethat their voices and their likeness.
(27:11):
It's becoming remarkably achievableto do these types of sophisticated scams.
Yeah, I agree.
And even if you take away that levelof sophistication with deep fakes,
which just blows my mind, by the way,I mean, bravo to them, to be honest,
yeah, I kind of wanted
to see a recording excerptor something like the quality of deep fake.
(27:32):
Yeah, it could still be deployedin a much like I say, lesser.
It's not lesser, but it is in the contextof what we’re talking about, like a chat bot.
Just you could deploy a million chat botson a million dating app websites or,
or take over a chat bot on a legitimatewebsite and, and get information
that way. That requiresalmost zero human interaction
(27:54):
on the scammer’s side,if they've trained them (the chatbots) well.
So, this is a kind of a funny thing.
It came out a few years ago one of Google's engineers for Lambda,
I think it was Blake LaMoine.
He actually said, I think “eventually it'sjust going to become a real person”.
Well, he thought it WASreal person, right? Yeah.
(28:15):
He had like, in-depth conversationsabout like it's views on... (personal conversations!)
Yeah, yeah.
And if someone that sort of smartat least and who,
who made it, or was part of the teamthat made this thing...
how can a laypersonsort of have an emotional conversation
or a fun conversation with a chatbotand not think; “I trust this thing.”
(28:38):
“This is totally fine.”
And what kind of secrets are sharingwith basically a robot?
A digital stranger that canthen put everything into a spreadsheet,
Just aggregates it all,pass it up to my ‘lord’.
Yeah, 100%. Yeah.
To that chatbot, automated disinformation/misinformation thing.
Just look at Twitter.
If you simply in the search bar of Twittertype in the automated response
(29:01):
that you get from most LLMs (Large Language Models)when they can't produce a response
because of their guidelines.
So like yeah, “as an AI language model,I am not allowed to produce blah blah blah”
If you just in quotesput that in the Twitter search bar,
you will find
hundreds of individual postsby people that are not actual individuals
but rather linked to a GPT (Chatbot) that just postsall this stuff en-masse.
(29:24):
So I prompt to say something nefariousabout Russia and Ukraine
and then my army of bots all post
something slightly similar denigratingUkraine or Russia, or what have you.
And suddenly hundreds of peopleare “thinking this on Twitter”
when really was one individualwith a script and a GPT.
And that's basically the definitionof how this social proof
(29:44):
can derail a huge amount of people.
And it creates an echo chamberfor things that people have left unsaid.
But now that they're seeing it everywhere,
they're like,maybe there is something to it.
Exactly!
And that's
the other side of the social proof,is if there isn't something to look to,
if you do look to it to makeyou think the wrong behavior,
(30:05):
like modeling the incorrect thing to door modeling, you know, disinformation
and sharing that around it,it does have that almost backwards effect.
You're then proliferating
disinformation,not just falling victim to disinformation.
Yeah, easier said than done.
So extremely easier said than done.
So, you know, we've got like a lot of tips for people on how to spot
(30:27):
all of this kind of stuff,but it really does
just come down to being self awareand being curious about
where you heard somethingor like what someone's telling you
and yeah, trying to get those other levelsof verification going.
But I get it.
Human beings are awkward people.
(30:47):
And we're to a degree also a bit lazy.
You know, if we think we know,we're saying if that's good enough,
I think people are just like,“yeah, that's good enough.”
“I trust the source enough that that is nowinternalised and that is what I think.”
And bringing back Stranger Danger onlineI think is something that we can
all definitely get behind in terms of not everyone's that help you.
(31:08):
And in fact on theInternet most people aren't.
That’s so true.
I think people should have a lookat some of our new courses just to sort of
get it in front of their eyes as to likehow exactly that would all work.
But hey, this has been such a great chat, Benji.
It's been really enjoyable.
As usual, we've gone on tangents and we've explored
a lot of different topics todayand I really enjoyed it.
(31:33):
I think it's great.
I hope everyone listening enjoys it too.
Well, thank you everyone for joining us.
Bec and I are incredibly luckyto have this opportunity.
Discuss these wide ranging topicsand how they change constantly.
And I hope you enjoyed.
Chat to ya next time!Signing off!
Welcome today to a
new thing that we're going to be doingat Phriendly Phishing.
I'm Benji, and with metoday is my colleague Bec.
and what will be hosting
today is a new podcastseries called Bytes with Bec and Benji!
I'll hand over to my colleague Becto give you a bit of insight
as to her background, and we'll kick offthe conversation after that.
(00:45):
Man, I just love the phrasestranger danger,
and I think it really doesneed to come back in a huge way.
We've been doing it wrong.
Yeah, absolutely.
Hi, everyone.
Yes, my name is Bec Caldwelland I'm the Content Marketing Specialist
at Phriendly Phishing.
And I've been working in searchengine optimisation,
project management,a bit of broadcasting too, and now I'm,
(01:08):
all in, both fit into cyber security.
And I love a bit of open sourceintelligence (OSINT)
and a bit of incident responseand also psychology, which is a little bit
what we're going to be talkingabout today.
Absolutely.
And for those that don't know me,my name's Benji Zorella.
I'm an eLearning instructional designer here at Phriendly Phishing and I'm responsible for
course design and creating those simulatedphishing emails that we send out to all of clients.
(01:33):
My background’s primarily in higher education,
cybersecurity,digital enablement of various sorts.
and I've recently acquired an ISC2 Certification.
I'm really interested in all thingscyber security, but I hold a particular
keen interest in foreign interference,open source intelligence (OSINT),
web vulnerabilities, and GenerativeAI technologies more broadly,
(01:55):
all of which I think translatedirectly into the conversation
we're about to have today, Bec, around
social proof.
Yeah, sure.
What do you understandwhen I say ‘social proof’?
Well, it's quite broad.
in normal terms, it's basically just mostpeople are looking
for social cues on how to act in a certainarea of their life.
(02:18):
And it can be as mundane as, you know,
which fork to useat a fine dining restaurant.
You know, people look around
and see what the majority is doingand then act accordingly.
and I suppose on the internet, it's,you know, you're
looking for a social proofthat proves that your opinion is correct.
Absolutely; justifies, I guess,the information that you have
(02:39):
ready at hand, that they agreewith that information as well.
I think a great exampleof something that happened relatively
recently is with the FTX
and Sam Bankman-Fried crypto saga, whereby
a lot of people investingin that cryptocurrency, that exchange,
(02:59):
they ended up getting very much,
I suppose, sucked in by the verificationspeople like Larry David and Tom Brady,
who you, as a layman, would assume their legal teamsand that finance people are doing
that due diligence behind the scenesin promoting such an exchange.
And it's you and I,the layman, regular person.
You don't have those resources to,I guess, find out
(03:22):
if there would be something that could benefarious behind that whole set up.
And we we almost rely on those individuals
to make the callso we can kind of follow suit.
And it's become harder and harder to dothat.
It really is.
And, you know,
someone that doesn't really understandhow all that sort of backend stuff works,
they're saying these famous faces that,
(03:43):
“backing it”,and even those famous faces,
they can't be on top of every single timethey're mentioned in the media as well.
So it might be too little, too latewhen they say, hang on.
Actually, this isn't how it's meant to be.
This is not me saying thisor this is not my endorsement.
So if someone's looking for an endorsementby someone
they admire and respect,they can still catch you.
(04:07):
Absolutely.
And, you know, with the accessibilityand just low barrier to entry to generate
material based on famous people.
Yeah, it's becoming very complicatedto be able to, I guess, identify
where exactly social proof is no longer,as relevant as it was,
(04:27):
but also what do we look to,in the age of impersonations
and deepfakes and generativeAI and all this stuff?
What is social proof now?
Well, that's it, because I think
when you can't see a person.
So I mean, obviously there's a deepfakeso you can see a person now sometimes.
But when you conversewith people on the web,
(04:49):
you can fall into a very quickfeeling of closeness
because the other person,if they're scamming you,
they know exactly how to communicatewith you to get you to do what they want.
And now that we've got generative AI,
the scammers are training thisAI to be more empathetic.
And they're using this thing to say
“You are a psychologist.In a psychological way,
(05:10):
How do I get this personto say yes to this?”
And they don't have cueslike body language,
the smile reaching the eyes,facial expressions and things like that.
And just and even that.
how would you put it?
The “spidey-sense” of uneasewhen you're with someone
that might not be trustworthy?
(05:31):
you know,and it's it's really fascinating.
This, I think, ties directly into what,Phriendly Phishing also tries to do in that
with all that coursework and the simulatedphishing emails, we very much try to use
similar techniques that scammers will usein their lures and in their setups.
They will always comewith some level of emotional trigger,
(05:54):
whether excitement, love, sympathy or
guilt or anxietyor fear; it's always leveraging on one
or more of those things “sales tactics”being shoved into the social engineering.
Yeah, well, people are so used to itthese days.
you know, obviously during pandemic times,almost all work was online.
So people got loggedinto a false sense of security, of,
(06:14):
okay, all my interactions are online now,so this is all
I've got to deal with.
But that also kind of fostereda sense of loneliness
if people get used to that, evennot saying hello to someone in the office,
you're very isolated and you sort offorget that you require a couple of layers
of physical security, which is,is this person a human being or a robot?
(06:40):
You know,
how do you do the “am I a robot?” check
when you're talking to someone onlinewithout being super awkward?
The more online we became, the entire humansocial experience kind of followed suit as well.
Where everything's onlinenow, your services, your jury duty, your government services
And so with that kind of direct
(07:02):
access to the brain stem,if you will, through your email,
scammers have a much more impactful wayto reach out to you as well.
Because if you are expecting a jury dutyemail to come via email
instead of via the post now,I suppose the the landscape vulernability
increases greatly inhow they can leverage those against us.
Even in the ‘scanning for S.C.A.M.’
(07:23):
and looking at the unusual domainsand things of that nature.
I actually just reset one Microsoftpassword here at work,
and I got a notification (via email) from the domainmicrosoft-onlineservices.com.
It was an entirely legitimateemail entirely sent from Microsoft.
But the domains that they using wouldn'tnecessarily make me think they’re legitimate.
(07:44):
So even the legitimate social proof that we have
is so disparate and inconsistent that you can't even really rely on
“oh, well, it IS from Microsoft”...
because it's the same sort of domaina scammer would likely register.
So I do think there is a part to playwith these technology companies not having
as much of an impetus for you, as the user,to know all of these idiosyncrasies.
(08:09):
I think those things only help scammersabuse us. They do.
By not knowing who we should go to,and who to rely on.
They do.
And just for the people listening,if you don’t know what a TLD is,
It’s a Top-Level-Domain (TLD).(thank you Bec)
So when we speak to that, we're lookingat, you know, you would expect it
to come from Office.com or somethingsimilar like that.
But as, as Benji just said,they can buy any domain
(08:33):
they want, just like a scammer can.
And you know when you've got lotsof branches of a business
or in a giant organisation like Microsoft,there's going to be different
email servers and domains used to serve thattype part of the business.
Different teams, different responsibilities.
And that's and that's somehow on usto sort of know, oh, okay,
“this is a giant conglomerateand these all of their properties.
(08:56):
Now I know what to look out for!”
It's just not feasible.
We don't have time to do thatlevel of analysis,
which is why social proof has always beenlooked to, is one of these, like
instinct-based things.
You look to other peopleso that you can kind of immediately
ascertain what you should be doing,and then make that call for yourself.
With all of these thingsbecoming so disparate and inconsistent,
(09:17):
how does one know what things
to look out for, let alone evenknowing to look for social proof?
What is the new social proofin the age of AI?
And I think that's going to change againin no time at all.
I mean, we've just put out the new courseUnderstanding Generative
AI and even the new Catfishing course,and we tell you what to spot.
(09:38):
But I have a feeling we're going to redothose courses very soon.
I absolutely agree,I almost feel like the material
related to these new technologiescoming out will
almost be like an archive course of like,“see how far it's come in a year?”
I've been playingwith a lot of these generative
AI tools in my spare time,and the ones that are most,
(09:58):
I suppose, confronting inhow far they've come in such a short
period of time to meis, some of the music generation ones.
so around January 2023,they would come out with very bad
out of key music, with voicesthat *sounded like thiiiiis* and very robotic.
And now, just six months, eight monthslater, they are full instrumentals
(10:21):
with recorded voicesthat actually sing in the key.
They change the key for the chorus.
They're getting exponentially better exponentially quicker.
You can have Sinatra like singingHappy Birthday to You or like singing
something that you've written.
You can have fullarrangements of instruments.
(11:18):
That’s it...
I can see why artists are extremely nervousabout all this.
Because it's taking the fun out of life.
Like we didn't want to give robotsdominion over our creativity.
Who would have thought that all of uswould be sitting there
doing spreadsheets while all the robotsmake music and draw paintings?
Right?
It's literally the worst partof the evolution of online life, I think.
(11:40):
And I don't think we saw it coming.
In saying that,I do think one of the benefits
of that kind of reduction of the barrierto entry is,
who knows, all the new artiststhat will come that never thought
they could ever be an artist.
You know, it has, in a way democratisedthe creative process for individuals,
which does, again, tieinto this whole social proof.
(12:02):
The only thing preventing you from doingsomething nefarious is the intent.
Now you have all the toolsand all the knowhow.
The only thing stopping you is,“should I do that?”
“Maybe I shouldn't do that!”
It’s Damocles sword.
Like anything,you know, it'll swing, on both sides.
But I do value the,I suppose, creative thinking that is
unlocked for of people that weren't
(12:22):
necessarily creativeor didn't consider themselves creative.
That said, it also comes down to,the copyright
and the training of the modelsand all these things.
It's kind of a larger conversation,obviously, than than just that.
Yeah.
as you're sayingthat something also came to mind.
it's kind of an opportunitybecause some people grew up,
with the resources to learn an instrument,
(12:44):
to learn how to sing, to go to choir meetsand all this kind of stuff.
Not everyone had those opportunities.
So if you've had that creativeitch over time
and have always felt held back,that is not true anymore. (now’s your time)
So it's not actually just about,
a glut of new creativity.
it's an opportunity based thing.
(13:04):
And I think that's a really cool way of,you know, positioning it
because anything that's accessible topeople is, is a good thing, I think.
In the moving throughthe digital ecosystem of all these tools,
I do think that that's wherethis generative AI really comes into it.
If you have different toolsthat can expedite that whole process,
(13:25):
you know nowwhere to slot them in within the process.
It's not about revolving the wholeworkflow around that individual piece.
I think
there's a great opportunity, as you said,in, in a lot of these things,
as much as there is a double edgedsword of it being used against us.
Yeah, but I think the majority of peoplewill use it, like you
said, like a bit of a toolkitbecause nobody has the time to devote
(13:48):
recreating themselves,as an expert in each of these areas.
And years ago,if you wanted to get on the radio where.
where it's a little bit more organicand it's live or or even if it's not live,
that was really reservedfor a small amount of people.
And I think, you know, 99% of peoplewouldn't experience getting their voice
heard.
So now, although we have to like usemaybe ten tools to get this done,
(14:12):
it is super accessibleand it is an excellent tool.
Kit Yeah, absolutely.
The flipside of all this is
by using these tools,you also get a direct sense
of behind the scenes how these toolscould be leveraged against you.
In the instanceof the more we use these tools
more broadly, the more we incorporatethem into our workflow.
(14:34):
It's that almost becomes the social proofwe need because you see
what the output is and that thereforeyou recognize the output laid up.
You're kind of like,I know where that came from.
The more generative art that
I see, the more I can pickwhat is it generated?
A piece of art because they all sharesimilar characteristics
and this will change and it will changeevery week and every day and every year.
(14:58):
But currently they do all havethis kind of
uncanny valley still feel when you see them, particularly
when you're creating a lot of it,
you see a lot more commonalitiesacross all different types,
especially if you give it instructionsto copy a style from, say,
a famous artist, whether that's a painteror a singer, things like that.
(15:22):
And yeah, I mean, one of the cool thingsthis is a slight divergence,
but I'm saying that there's new products to poison
AI so that it can'tthen be used as original material.
So things like Nightshade,
I think there's a few more that likethat are coming out and I'm really hoping
there's one that we can useas a, as a layer in between us
(15:42):
and a recording to stop our voicesbeing printed to stop
our face is being usedin facial recognition.
It shouldn't be 100%.
The voice cloning thingis remarkably accessible
You can also go to thingslike Google Cloud
and just kind of start experimentingwith some of these voices
that will absolutely be making their wayinto customer support.
(16:03):
Those voices will be the voices
that you hear everywherewhen you call on Optus or Medibank
or any of these companiesthat have front line support,
they're getting better every day,particularly those Australian voices.
There are there are certain wordsthat you can kind of tell if you know,
but for the most part out of the box,I require no experience.
(16:26):
It costs me a dollar a month.
I want to tell youthat you have a voicemail from the ATO.
Call me back on this mobile number.
Perfectly achievablefor very little effort, very little money.
This is an example of a generatedaudio clip.
It is created to synthesise humanlikesounding voices in a variety of contexts.
We can get this voice to say anything.
Even things like: “This is the ATO calling regarding your overdue tax return.” (16:47):
undefined
Always be cautiouswhen relying entirely on audio.
Which is one of those thingswhere at least in a forum
like this online, there is some levelof visual appearance and interaction.
Like I am physically sitting here,my mouth is physically moving
(17:07):
when words are coming out.
When we’re just on a phone, and someone could even line up
several recordings with a soundboard
and play them as thoughit's a conversation
like an eight track just hitting,hitting all the different responses.
Hundred percent.
“Hi, this is Benji calling from the ATO.”
You say, “what's this about?”
“I'm calling today about your overdue fine.”
“I don't have any overdue fines.”
(17:28):
“Well, actually, what we found is...”and you just queue up all the things
that you would need to convince themthat this is a legitimate call.
And I feel like what does one do that?
Like beyond actively hanging up the phone,calling up the ATO (and calling back)
which is literallythe only thing you can do...
I think the propensity peoplehave to trust
others, particularly in serviceareas, is much greater online
(17:50):
than it is in person,because we've had these things
like “stranger danger” growing upand things like that, whereas now
there's no choice.
You have to deal with people
that you get linked up to onlineor who reach out to you online.
I think people have a little bit of‘they don't want to be rude’
and just hang up the phone or say no,I'll figure out if this is a scam myself.
(18:11):
Yeah, protecting yourself is not rude.
You know,you can do it in a very polite way.
“I don't have time for this.”
“I'm going to call the ATO back in 10 minutes”or whatever have-you.
But the not wanting to offend someone isnot enough reason to go along with a scam,
assuming there is nothing telling youthat it is in fact legitimate.
(18:33):
Yeah.
And I feel, you know,
there's a lot of statisticsthat I don't have to hand at the moment,
but it makes sensethat some of the older generations
will fall for it a bit more becausethey're more used to picking up the phone.
I mean, I make phone calls for workrelated reasons.
It’s very rare that I would pick up the phoneand call someone other than my mother.
(18:53):
So, you know, if I get these text messagesin these emails,
I think, now I got to call someone... :(
And, if someone calls meand I think, okay, that's that's my bank’s name
coming up on my mobile,I should pick it up.
But that can be spoofed as well.
And that's something they're (scammers) doing now aswell, is they'll spoof the name of a bank
so it goes into a legitimate trailof the bank SMS.
(19:15):
So then it's not even two separate things.
So you can see this is the fake one.
This is the Westpac one.
It comes within the original Westpacbank trail,
and that stuff can be incredibly nefariousbecause that social proof
it's in the Westpac trail,it's all G, it's all fine
And it was actually something you,you taught me about the other day, Bec,
which was with International Women's Day.
(19:36):
You actually rightly mentionedto get around how there's been a scam
going for many yearsand do want to give some insight on that?
Yeah, I mean, scam is probablyI mean, I guess it is the right word.
So you know a marketing companywith fairly, I guess
dodgy background put up International Women's Day dot com
(internationalwomensday.com)
So that's you know, top leveldomain with social proof right there
(20:01):
because people want to celebrate equityin the workplace and,
you know, safety for womenand it looks legit
and it probably is “legit”as far as anyone can tell.
But the thing is, it's not part of the UN,and the UN is the organisation
that coined International Women's Dayfor the betterment of girls
(20:23):
and women around the world.
So you've got two themeshappening every year.
And you know,
if you Google IWD
the fake one comes up,the UN one is maybe like ten places below
And that’s the scary thing,(that IS the scary thing)
Because Google is the social proof,the top thing.
That's thelegitimate one always, right?
(20:45):
And the UN URL is unwomen.org whichwell it has a .org,
People are going to knowthat's the UN, it's un women.
Is that a thing?
I'm not going to click through to that
and is it okay to just celebratethis theme over this theme?
What's the harm?
But the harm is both ofthe websites are taking money
(21:05):
for toolkitsfor your workplace to celebrate it.
So we don't know where that moneyis going to that marketing agency.
We know that if it's going to the UN,
it is going to the things that they'redoing to support women and girls.
Whereas the marketing company,we have no clue where that money is going.
There's also certain stipulations aroundwho can and can't register a dot org
(21:26):
top level domain.
You generally have to be some levelof nonprofit or government organisation
to receive those TLDs.
So the notion that this other randomone could be privatised, for profit,
those donations that were in theorymeant to go to a nonprofit organisation
are now going to some for profitprivatised corporation.
That's an issue! People are being misled.
(21:48):
Exactly.
And the thing is, they mightstill have the best of intentions,
but they certainly they certainly don'thave the access to charitable foundations
to give this money to.
And with a lot of charities out therethat have a, you know, retail facing
this money going to like their staff,
you know, there's a lot of moneyto go around and how much of it's
going to go to the actual charitythat they say they’re representing.
(22:11):
Absolutely.
it's amazinghow much this, the SEO (Search Engine Optimisation) side of Google
can be abused. Pay a couple of bucks and Google promotes them.
Yeah, there's a lot of there'sa lot of scams out that it all started
with just,you know, small, innocent things.
And it's yeah, the evolution of ithas just gotten out of control.
And I guess my question is,at what point does lying about yourself
(22:33):
become a catfish, especially nowthat it's just completely different beast?
And that's, again, the stranger dangersort of situation of, you know,
all of that emotional stuffis there. Like, we're talking to
someone that we think likes usor something like that
we want to impress as well, show our bestfoot forward or whatever, you know?
(22:54):
It just comes down to that intent, right?
I remember one of my single friends
mentioned the phrase to me, hatfishing.
It's when gentlemen on these dating appshave a hat, but they're actually bald.
But you wouldn't realise thatfrom your photos; hatfishing.
So yeah, that's kind of you know, it’spretty benign, it's nothing too bad.
It's like just generaldating faux pas stuff
(23:16):
that you probably shouldn't do, but like,it is what it is.
But where does that kind of go to?
I'm doing this with the sole intentionof getting something out of you
and it's not.
Yeah, you know, relations or anything.
It's generally monetaryor your identity, right.
It’s harder for people to come to concrete conclusions around someone being not forthcoming.
And a great examplewould be like romance scams.
(23:38):
One of the more common thingsthat I've seen in my kind of cursory research
is people claiming that,you know, they're either in the military
and that's why, you know
why they can only respond at weird hoursis that's why they can never have calls
because it's always too noisyin the background.
You can always throw something outto throw people off the scent
as to the legitimate reasonas to why you're being not legitimate.
(24:01):
And it can sound exciting,especially with that military thing.
It's like, “I'm in a secure location.”
“I can't reveal my location,I can't turn on my camera.”
“It's been shut down.”
I mean, you know, they (you could buy that!)
Well, it'sit's probably true in some cases,
but the thing is, I don't think
for me at least, I don't think, you know,if you're deployed.
(24:22):
What are you doing on a dating app anyway?
Yeah.
If nothing's accessible to you,if you're not able to, like, actually
enter into some sort of relationship,that would be my red flag anyway.
Like, okay, what are you doing?
And I guess that's it, right?
Is what threshold do individuals
individually have to kind of point outthose things?
(24:42):
Like if that's a red flag for you,but someone who's I suppose
potentially more lonelyor is maybe younger or older,
they may beless experienced or more experienced
in datingand then be like, well, that makes sense.
“I mean, I've dated someone in militarybefore.”
It's just about convincing ENOUGH peoplethat you get what you want
from your real intent, right?
(25:03):
It's all about convincing everyone.And that's I think the game of the scammer.
More often than not,they'll probably get found out.
But the people that do pay them,they will never forget it.
They'll never forget it. Yeah.
And that's why it's so relentless.
Because just like regular dating,it's a numbers game.
Just get as many people as possibleand you'll get that vulnerable person
that just wants to talk.
(25:24):
And they are so happythat you respond with kindness and
and future plans and things like that.
Love bombing, just like, “oh, you're amazing!”
“I'm so glad that we met.You know, we have so much in common.”
“I love talking about dogs or,you know, playing checkers or chess”
or whatever it is.
And we bond over that thing
because you're so specialthat I found you over that thing.
(25:44):
And I guess this ties intohow impersonation more broadly
kind of acrossromance scams, employment scams
all of these scamsthat rely on a certain level of authority
or urgency or compassion.
I think there are certain cyber
I think there are certain cyber
case studies that people will point toover time that “that's the point
things changed.”
(26:05):
And one of them,
I think, happened more recentlywhere a finance worker agreed to pay out
$25 million after a video
call with a deep fake ChiefFinancial Officer.
But yeah, the details of those stories are even more fascinating...
Where the individual receiveda phishing email
was incredibly suspiciousof the phishing email at the start.
(26:27):
However,their suspicions were completely allayed
when they signed on to the Zoom calland there were several people
(and his boss was there)all deep-faked. Not a single real human was there.
And I feel like it's one of those...“Yeah, I would have spotted it!”
But, you know, when you're surroundedby authoritative figures
(26:47):
and you're not in a position
to question things,I don't think that people question things,
you know, I mean, going back to that wholethey don't want to be rude
or don't come off as aggressiveor whatever else.
So I can see this happening a lot morewith that ability to mass profile people,
pick a target and then find outas much about that small group of people
as we need to then be able to replicatethat their voices and their likeness.
(27:11):
It's becoming remarkably achievableto do these types of sophisticated scams.
Yeah, I agree.
And even if you take away that levelof sophistication with deep fakes,
which just blows my mind, by the way,I mean, bravo to them, to be honest,
yeah, I kind of wanted
to see a recording excerptor something like the quality of deep fake.
(27:32):
Yeah, it could still be deployedin a much like I say, lesser.
It's not lesser, but it is in the contextof what we’re talking about, like a chat bot.
Just you could deploy a million chat botson a million dating app websites or,
or take over a chat bot on a legitimatewebsite and, and get information
that way. That requiresalmost zero human interaction
(27:54):
on the scammer’s side,if they've trained them (the chatbots) well.
So, this is a kind of a funny thing.
It came out a few years ago one of Google's engineers for Lambda,
I think it was Blake LaMoine.
He actually said, I think “eventually it'sjust going to become a real person”.
Well, he thought it WASreal person, right? Yeah.
(28:15):
He had like, in-depth conversationsabout like it's views on... (personal conversations!)
Yeah, yeah.
And if someone that sort of smartat least and who,
who made it, or was part of the teamthat made this thing...
how can a laypersonsort of have an emotional conversation
or a fun conversation with a chatbotand not think; “I trust this thing.”
(28:38):
“This is totally fine.”
And what kind of secrets are sharingwith basically a robot?
A digital stranger that canthen put everything into a spreadsheet,
Just aggregates it all,pass it up to my ‘lord’.
Yeah, 100%. Yeah.
To that chatbot, automated disinformation/misinformation thing.
Just look at Twitter.
If you simply in the search bar of Twittertype in the automated response
(29:01):
that you get from most LLMs (Large Language Models)when they can't produce a response
because of their guidelines.
So like yeah, “as an AI language model,I am not allowed to produce blah blah blah”
If you just in quotesput that in the Twitter search bar,
you will find
hundreds of individual postsby people that are not actual individuals
but rather linked to a GPT (Chatbot) that just postsall this stuff en-masse.
(29:24):
So I prompt to say something nefariousabout Russia and Ukraine
and then my army of bots all post
something slightly similar denigratingUkraine or Russia, or what have you.
And suddenly hundreds of peopleare “thinking this on Twitter”
when really was one individualwith a script and a GPT.
And that's basically the definitionof how this social proof
(29:44):
can derail a huge amount of people.
And it creates an echo chamberfor things that people have left unsaid.
But now that they're seeing it everywhere,
they're like,maybe there is something to it.
Exactly!
And that's
the other side of the social proof,is if there isn't something to look to,
if you do look to it to makeyou think the wrong behavior,
(30:05):
like modeling the incorrect thing to door modeling, you know, disinformation
and sharing that around it,it does have that almost backwards effect.
You're then proliferating
disinformation,not just falling victim to disinformation.
Yeah, easier said than done.
So extremely easier said than done.
So, you know, we've got like a lot of tips for people on how to spot
(30:27):
all of this kind of stuff,but it really does
just come down to being self awareand being curious about
where you heard somethingor like what someone's telling you
and yeah, trying to get those other levelsof verification going.
But I get it.
Human beings are awkward people.
(30:47):
And we're to a degree also a bit lazy.
You know, if we think we know,we're saying if that's good enough,
I think people are just like,“yeah, that's good enough.”
“I trust the source enough that that is nowinternalised and that is what I think.”
And bringing back Stranger Danger onlineI think is something that we can
all definitely get behind in terms of not everyone's that help you.
(31:08):
And in fact on theInternet most people aren't.
That’s so true.
I think people should have a lookat some of our new courses just to sort of
get it in front of their eyes as to likehow exactly that would all work.
But hey, this has been such a great chat, Benji.
It's been really enjoyable.
As usual, we've gone on tangents and we've explored
a lot of different topics todayand I really enjoyed it.
(31:33):
I think it's great.
I hope everyone listening enjoys it too.
Well, thank you everyone for joining us.
Bec and I are incredibly luckyto have this opportunity.
Discuss these wide ranging topicsand how they change constantly.
And I hope you enjoyed.
Chat to ya next time!Signing off!
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com