Tag Archives: security

AI Agents and Trust

Leave a reply

I read this in the Superhuman Newsletter today,

“Agents need authorization, not
just authentication…

The winners in enterprise AI won’t have the most features. They’ll be the ones enterprises can safely trust.”

I am still very far away from letting any kind of AI agent access my email. I don’t care how efficient the tool might make me; don’t care if it can prioritize and reduce my attention on unimportant information. The reality is that my email is the gateway to every login credential and password to every online identity I have… and it’s not only the agent itself I fear, it’s the vulnerabilities that they open me up to if a bad actor can trick the agent into giving them access.

Maybe I’m just paranoid, but I don’t think there are enough kinks worked out in the area of privacy and security. Oh, and to ad an important PSA: Make sure your email password is different than all other passwords you use online. I’d rather be paranoid than overconfident when it comes to online safety and security.

Phishing for your money

On Tuesday I received this almost real looking letter in the mail:

It’s a rather simple scam. First, tell me in a letter that someone has changed my personal information, and get me scared that someone has already gotten into my bank account. Second, have me phone them and ask for my reference number, so that they can call me by name before I even tell them who I am, making me believe that I’m talking to the fraud department of the bank. Next, ask for me to confirm who I am ‘for security reasons’ by asking information that they want to learn about me, so that they can pretend to be me and access my bank account.

I don’t know how these people live with themselves? They make an occupation out of tricking and stealing from innocent people. These scammers disrupt people’s lives, and some of them even break people‘s hearts. And it seems to be something that is getting more rather than less common.

It was after hours and so I contacted the bank via a Twitter direct message. Then through a rather painful process that took way too long, I finally sent a link to a digital copy of the letter to them (the person seeing my Twitter message was seeing it in a chat format with no images, despite my sharing the image in the original message). I got a thank you and a generic warning about how not to be scammed from them. The thing is, although it didn’t fool me, I’m sure this will fool someone who is panicked enough to share too much information with the scammers, thinking they are talking to their bank.

Why wouldn’t the bank immediately be in touch with the phone company to cancel the phone numbers? Why wouldn’t the police be involved too, tracking the phone number? I bet a disproportionate number of elderly are fooled by these scams. I bet the number of these scams that work are greater than we would guess.

Be aware of scams like these. Sign in to your account and check the information rather than calling. Call phone numbers that you can find on bank websites rather than in letters. We unfortunately need to start out cynical rather than trusting when we receive phone calls, emails, and letters like this… and not like this, because the next scam is probably going to be more elaborate, authentic looking or sounding, and tricky.