With the new year comes new tricks, and phishing scammers are using artificial intelligence (AI) to target people at an increasing rate. Now is the best time for UNLV employees to stay sharp to ensure they don’t take the bait.
Phishing is a type of cyberattack where scammers pretend to be someone you trust — like a bank or friend — to trick you into sharing passwords and other sensitive information or downloading malicious software. Oftentimes, fake emails are used to carry out this crime.
In 2023, phishing attacks increased by 58 percent compared to the previous year, due in part to a surge in AI-driven schemes, a 2024 report by the Zscaler cybersecurity company revealed. With generative AI, cybercriminals can easily create realistic-looking phishing campaigns, making them more believable and harder to detect. It also means new types of scams are possible, like artificially generated videos and audio recordings that use a cloned voice to impersonate a reputable person.
With AI-generated phishing scams on the rise, what can you do to protect yourself and UNLV?
According to Vito Rocco, the university's chief information security officer, faculty and staff need to be aware of the techniques scammers use so they can spot the red flags to avoid falling for phishing scams. The cybersecurity training employees take each year is updated regularly, helping build awareness as these threats evolve and become more sophisticated.
Rocco’s information security team encourages employees to stay updated on their cybersecurity knowledge. They’re noticing that annual training and the Cybersecurity Liaison Program, where employees volunteer to help strengthen the cybersecurity culture within their department, are making a real difference.
“Employees are applying what they learned and reacting accordingly to phishing scams,” Rocco said. “As a way to check if the training is effective, our team periodically sends simulated phishing exercises. Since we started that a couple of years ago, we’ve seen a significant reduction in the number of clicks on these emails.”
Alongside the program’s training, there are still some things you can watch out for so you don’t become a scammer’s next big catch.
“With attackers constantly evolving, the barriers to entry are coming down every day,“ Rocco said. “Long gone are the days where phishing attempts were full of improper grammar and poor spelling. AI has made it easy for attackers to generate a convincing email that sounds like it’s coming from a real person.”
Phishing Precautions
- Avoid deals too good to be true: Be skeptical of messages with urgent language or lucrative offers. “Attackers often try to provoke a sense of urgency in order to get you to act quickly without thinking first,” Rocco said. He recommends going directly to the company’s website to see if the deal is legitimate.
- Inspect messages thoroughly: Pay close attention to the sender and when the email was sent to you. Look for inconsistencies in their email address, like mismatched domain names, or if it’s marked external. Be wary of emails received at unusual hours of the day, including early mornings and weekends.
- Check links before clicking: Hover over links to ensure website addresses aren’t different from what you expected. Avoid opening suspicious links or attachments. Before scanning a QR code, check for signs of tampering, including stickers placed over the original code.
- Examine photos and videos: Look closely at images and videos on social media ads, websites, and emails for things that appear unrealistic or out of place, like a hand with six fingers. These falsified photos and videos are called deepfakes. “While we now need to be skeptical of what we read and see in photos, we very soon may need to be skeptical of live video or audio in various forms of communication,” Rocco said.
- Use multifactor authentication (MFA): Your ACE login already has MFA built in. Consider adding MFA to your personal accounts for an extra layer of security, reducing the risk of unauthorized access.
If you suspect an email is a phishing attempt, report it to the IT Help Desk by forwarding the email to ithelp@unlv.edu so it can be investigated. Then delete the email from your UNLVMail inbox.
For more tips on how to protect against phishing scams, visit the phishing page on the UNLV IT site.