Q&A: The Future of Cybercrime

June 14, 2024
Artificial intelligence is quickly reshaping cybercrime. Here, two cybersecurity experts discuss the future of internet fraud and what individuals can do to keep their data safe.

Developments in artificial intelligence (AI) are changing the way cybercriminals operate—and the ways in which companies and governments respond to evolving threats. At the same time, other technologies once limited to the world of science fiction are opening the door to a new generation of cyberattacks.

As cyberscams become more sophisticated, what can individuals do to avoid becoming victims of fraud? We brought these questions to Robert Tripp, special agent in charge of the Federal Bureau of Investigation's San Francisco field office, and Jeff Tricoli, Schwab's head of technology risk management.

What cyberthreats keep you up at night?

Robert: AI is really empowering cybercriminals to attack us as individuals. They develop rapport and trust with their victims, manipulating them into giving up confidential or personal information. Many fraudsters don't speak English as a first language, but with AI, they can come across as completely fluent and can pull off fraud at scale.

Jeff: It's now as simple as asking an AI chatbot to create an email or a text message with a certain tone, like that of a customer service representative asking you to reset a password. It's becoming increasingly difficult for folks to distinguish between an authentic and a fraudulent message.

That sounds scary. How worried should we be?

Robert: The good news is that while AI is an effective offensive weapon, it's also enabling equally effective defensive weapons. The private sector has a fairly substantial advantage over cybercriminals and can develop its own tools to specifically address these abuses. In fact, an AI-enabled defensive tool can detect anomalies far better than most humans can.

Jeff: Businesses are building AI technology into many of the tools they use to identify patterns that might indicate someone has stolen your password, such as unusual login times or locations. At Schwab, we also have a robust cybersecurity intel team constantly monitoring the dark web and elsewhere for emerging threats and trends—and developing strategies to counteract them.

How can individuals protect themselves against these sophisticated scams?

Jeff: Oftentimes these messages are designed to elicit fear and urgency—which in the moment can cloud our judgment. So . . . take a deep breath. If a message is purportedly from your bank or credit card provider, reach out directly to the number on the back of your credit or debit card to confirm what's going on. Or go to the bank and talk to someone in person.

On the prevention front, you can register a security freeze with all three credit bureaus—Equifax, Experian, and TransUnion—so no one can open a line of credit in your name. It's a good defense, but you'll want to evaluate your needs before taking such action—especially if you tend to open lines of credit regularly.

Robert: Be diligent about protecting your identifying information, such as your Social Security number. Be cautious about putting your photo or voice on social media accounts. And if you receive an email or text that seems even slightly odd, do not click on any links and be wary of even responding. Once you start a conversation with a potential fraudster, it's amazing what they can elicit from you.

Six ways to fight fraud

The technology to protect your data already exists—but it works only if you implement it. Here are six lines of defense to get you started:

  • Use a password generator to create a unique, complex password for each account, which is stored behind a single master password. Your browser may offer this, but there are also stand-alone apps that work across browsers and operating systems.
  • Enable two-factor authentication, especially on sensitive accounts. If someone gets your password, they won't be able to access your account without an additional temporary code, which you'll receive by email, phone, or text.
  • Avoid using public Wi-Fi, since public networks are often unsecured and therefore vulnerable to hacks.
  • Update your apps and operating system—ideally automatically—since software updates often include security patches for newly identified vulnerabilities.
  • Set a one-year, renewable fraud alert that requires credit agencies to verify your identity before extending credit in your name. You can contact any one of the three major credit reporting bureaus to set up the alert, and it will inform the other two of your request.
  • Freeze your credit, which goes one step further than an alert, to prevent new accounts from being opened in your name. (You can easily unfreeze it if you want to apply for credit yourself.) Consider doing this also for your minor children, since clean credit records are ripe targets for criminals.

The technology to protect your data already exists—but it works only if you implement it. Here are six lines of defense to get you started:

  • Use a password generator to create a unique, complex password for each account, which is stored behind a single master password. Your browser may offer this, but there are also stand-alone apps that work across browsers and operating systems.
  • Enable two-factor authentication, especially on sensitive accounts. If someone gets your password, they won't be able to access your account without an additional temporary code, which you'll receive by email, phone, or text.
  • Avoid using public Wi-Fi, since public networks are often unsecured and therefore vulnerable to hacks.
  • Update your apps and operating system—ideally automatically—since software updates often include security patches for newly identified vulnerabilities.
  • Set a one-year, renewable fraud alert that requires credit agencies to verify your identity before extending credit in your name. You can contact any one of the three major credit reporting bureaus to set up the alert, and it will inform the other two of your request.
  • Freeze your credit, which goes one step further than an alert, to prevent new accounts from being opened in your name. (You can easily unfreeze it if you want to apply for credit yourself.) Consider doing this also for your minor children, since clean credit records are ripe targets for criminals.

Beyond AI, what novel threats are on your radar?

Robert: Quantum computing, which is based on the principles of quantum physics, is a big one; it's much faster, nimbler, and more powerful than classical computing. While classical computers would take years to break the encryption protecting much of our personal data, quantum computers could theoretically do it in hours. That's truly concerning.

Jeff: Based on what researchers are saying, the ability to crack encrypted data with quantum computing might happen within 10 to 15 years. But part of what some bad actors are doing now is scooping up as much encrypted information as possible. They can't crack the encryption codes today, but they can store captured data until the quantum technology becomes available to access it.

So, is the security of our personal data doomed?

Robert: When I talk about quantum computing, I always emphasize that the threat is currently only theoretical. That said, large organizations and nation-states are aware of the danger of quantum computing and are developing ways to defend against its misuse. For individuals, this technology is so nascent that there are many more immediate concerns we should all guard against.

Jeff: This has always been a cat-and-mouse game. The bottom line is that there are cybersecurity professionals at Schwab and elsewhere who are keeping abreast of quantum computing and other emerging threats and crafting appropriate countermeasures. You'll never fully stamp out digital attacks—but you can stay a step ahead.

Discover more from Onward

Keep reading the latest issue online or view the print edition.

Onward magazine print issues next to a laptop showing the Onward hub

Keep reading the latest issue online or view the print edition.

The information and content provided herein is general in nature and is for informational purposes only. It is not intended, and should not be construed, as a specific recommendation, individualized tax, legal, or investment advice. Tax laws are subject to change, either prospectively or retroactively. Where specific advice is necessary or appropriate, individuals should contact their own professional tax and investment advisors or other professionals (CPA, Financial Planner, Investment Manager) to help answer questions about specific situations or needs prior to taking any action based upon this information.

Please note that this content was created as of the specific date indicated and reflects the author's views as of that date. It will be kept solely for historical purposes, and the author's opinions may change, without notice, in reaction to shifting economic, business, and other conditions.

The information provided here is for general informational purposes only and should not be considered an individualized recommendation or personalized investment advice. The investment strategies mentioned here may not be suitable for everyone. Each investor needs to review an investment strategy for his or her own particular situation before making any investment decision.

All expressions of opinion are subject to change without notice in reaction to shifting market conditions. Data contained herein from third-party providers is obtained from what are considered reliable sources. However, its accuracy, completeness, or reliability cannot be guaranteed.

Examples provided are for illustrative purposes only and not intended to be reflective of results you can expect to achieve.

All expressions of opinion are subject to changes without notice in reaction to shifting market, economic, and geopolitical conditions.

Supporting documentation for any claims or statistical information is available upon request.

0624-K218
Investment and Insurance Products Are: Not FDIC Insured • Not Insured by Any Federal Government Agency • Not a Deposit or Other Obligation of, or Guaranteed by, the Bank or any of its Affiliates • Subject to Investment Risks, Including Possible Loss of Principal Amount Invested

The information on this website is for educational purposes only. It is not intended to be a substitute for specific individualized tax, legal or investment planning advice. Where specific advice is necessary or appropriate, consult with a qualified tax advisor, CPA, financial planner or investment manager.

Access to Electronic Services may be limited or unavailable during periods of peak demand, market volatility, systems upgrade, maintenance, or for other reasons.

The Charles Schwab Corporation provides services to retirement and other benefit plans and participants through its separate but affiliated companies and subsidiaries: Charles Schwab Trust Bank; Charles Schwab Bank, SSB; Charles Schwab & Co., Inc.; and Schwab Retirement Plan Services, Inc. Trust, custody, and deposit products and services are available through Charles Schwab Trust Bank and Charles Schwab Bank, SSB, Members of FDIC. Brokerage products and services are offered by Charles Schwab & Co., Inc. (Member SIPC). Schwab Retirement Plan Services, Inc. is not a fiduciary to retirement plans or participants and only provides recordkeeping and related services.

©2024 Schwab Retirement Plan Services, Inc. All rights reserved. (0723-3GJY)

YouTube Twitter Facebook LinkedIn