More and more people are adopting cybersecurity best practices—like enabling two-factor authentication on their various electronic devices. However, threats have become increasingly sophisticated since the arrival of ChatGPT. An interview on this topic with Emeline Manson, fraud prevention and cybersecurity trainer.
With the arrival of generative AI platforms, the cyber threat has slightly shifted fronts. While in another era, the most fatal mistake was not updating your antivirus software, nowadays, social engineering is all the rage.
“Social engineering attacks have become much more sophisticated,” confirms Emeline Manson. “Fraudsters use AI to automate and personalize large-scale phishing campaigns by adapting messages to the victim’s profile, create audio or video deepfakes to impersonate an executive or colleague, or even abuse OAuth consents or API permissions, where a simple click on ‘authorize’ opens a breach.”
The cybersecurity consultant explains that vendors have become organizations’ weak link.
“Cybercriminals have become very good at exploiting the digital supply chain: a compromised vendor becomes the gateway to the client organization. It’s precisely to counter this type of partner-related risk that we developed our free questionnaire. It allows you to ask the right questions to your partners, quickly identify potential vulnerabilities, and strengthen the cybersecurity of data exchanges,” she continues.
In the field, the most common attacks remain phishing (stealing passwords or sensitive information with a simple click), cloud account compromise (Microsoft 365, Google Workspace, etc.), often linked to weak or reused passwords, fake vendor or fake invoice fraud, and ransomware, now combined with theft and disclosure of stolen data.
The Human Vulnerability, Again and Always
Emeline Manson acknowledges that two-factor authentication (2FA) has “significantly” reduced brute force attacks and password reuse attacks. Even if it’s not a silver bullet.
“SMS-based 2FA can be bypassed with SIM swap or 2FA fatigue. The new generation of technologies, like passkeys (FIDO2), provides security that is much more resistant to phishing. Despite everything, the human link remains vulnerable: if an employee clicks on a fraudulent link, no 2FA can compensate for that action,” she assures.
As a user of digital platforms, the point of vulnerability remains very simple messages that arrive by email or text.
“People still fall for it,” insists Emeline Manson. “The most effective ones? Delivery notifications (package waiting, postal tracking), fake invoices or fake vendor fraud, fake resumes or job applications containing malicious attachments, or security alert messages (password reset, suspicious login).”
Training and awareness remain essential.
