Commentary

Cyber Thieves Turn To Gen AI: Handing Self-Service Checks To Technology?

Cyber thieves have learned to engineer attacks using AI deepfake injections to fool humans, gain access by tricking the helpdesk, and launch costly ransomware attacks that net them millions. Many have begun to use generative artificial intelligence (GAI).

But GAI has put a lot of pressure on security experts to protect companies and users, especially since self-service features for account recovery has been one area that companies have begun to improve on -- not just for employees, but also for customers.

“The helpdesk serves as the initial point of contact for users facing authentication issues,” says Mona Salvi, senior director of product security, fraud and risk at HubSpot. “Not just at HubSpot, but everywhere – attackers often exploit vulnerabilities through social engineering, deepfakes, phishing and password spraying attacks, aiming for account takeovers.”

advertisement

advertisement

To counter these threats, particularly in the era of generative GAI, HubSpot has integrated Nametag Autopilot for self-service account recovery. 

Salvi said it has strengthened customer-facing and internal operations, tackling challenges and providing safeguards against deepfakes and account takeovers, protecting customer trust, and strengthening the brand and its reputation.

There also has been a reduction in turnaround time for account recovery requests, from an average of 48 hours to just a few minutes. 

The entire integration from start to finish took less than six to eight weeks. HubSpot began to see improvements in service-level agreements and user experience almost immediately.

HubSpot uses the self-service account recovery solution to shut down other types of threats. Someone may contact the HubSpot helpdesk portal.

When a message comes in, the technology verifies the person trying to access the account. The technology uses mobile cryptography and facial biometrics plus proprietary AI models.

“Digital ID checks were built for a different era, and really built for regulatory compliance,” says Nametag CEO Aaron Painter. “It was never built for security and fraud prevention.”

Painter, a former Microsoft executive who supported the company from locations all over the world, has always been interested in technology and business.

He says Nametag uses security and usability features of a smartphone to more securely identify the user. Features on a mobile phone enable the technology to run a facial match and ensure the document was captured in a secure way to authenticate the person.

The technology also can identify deepfakes and identify when GAI is being used.

Next story loading loading..