One of our social engineering predictions for 2023 was that AI and machine learning would have a huge impact on both attackers and defenders. The truth is, machine learning has already had a huge impact on social engineering, and it's not just the bad guys who are taking advantage of it. In fact, the good guys are using it too to help protect people from falling victim to scams and phishing attacks.

But let's start with the dark side. Social engineering is the art of manipulating people into doing something they wouldn't normally do, like giving away their personal information or clicking on a malicious link. And with machine learning, scammers and hackers have a whole new set of tools at their disposal to make their attacks more convincing and harder to detect.

For example, let's say you're minding your own business when you get an email from your bank asking you to click on a link to confirm your account information. But wait, something seems off about this email. Maybe the logo is a little different, or the language is a little stilted. Your gut tells you it's a scam, but you're not sure. That's where machine learning comes in.

With machine learning, scammers can create incredibly realistic phishing emails that are almost impossible to distinguish from the real thing. They can use natural language processing to craft emails that sound like they were written by a real person, and they can use image recognition to make the logos and other graphics look just like the real thing.

And that's not all. With machine learning, scammers can also personalize their attacks, making them even more convincing. For example, they can use data mining to find out what you're interested in, and then craft an email that's tailored to your interests. So, if you're a fan of a certain sports team, they can send you an email that looks like it's from the team, asking you to click on a link to buy tickets.

But it's not all doom and gloom. Machine learning is also being used to help protect people from these kinds of attacks. For example, researchers are using machine learning to create algorithms that can automatically detect phishing emails. These algorithms can look at things like the language used in the email, the graphics and logos, and even the structure of the email to determine if it's a scam or not.

And it's not just researchers who are using machine learning to fight back against social engineering. Companies and organizations are using it too. For example, Google has developed a machine learning-based tool called "Phish AI" that can automatically detect phishing emails and warn users before they click on a malicious link.

But it's not just about detecting phishing emails. Machine learning can also be used to help educate people about how to spot a scam. For example, researchers and companies like Haekka are using machine learning to create interactive simulations and phishing campaigns that teach people how to identify phishing emails. These simulations can show people what to look for and give them a chance to practice spotting scams without actually putting them in danger. At Haekka, we use ChatGPT to help write some of our phishing templates.

So, while machine learning has certainly given scammers and hackers a powerful new set of tools to use in their attacks, it's also helping us to fight back. With machine learning, we can create more effective defenses, and we can educate people on how to protect themselves.

Machine learning and AI have a two-sided impact on social engineering, they can be used to create more sophisticated and realistic scamming techniques, but also it can be used to create more efficient ways to detect and prevent them. Keep in mind that machine learning is just a tool and it's up to us to use it responsibly.