S0168Critical

AI 精準化社交工程攻擊

Operation & Monitoring

Risk Description

AI is used to automate and precision-target social engineering attacks, including generating highly personalized phishing messages based on targets social media profiles, impersonating specific individuals writing styles for fraudulent communications, or using deepfake technology for real-time video/voice fraud. AI enables attackers to mass-generate targeted attack content at minimal cost, dramatically increasing social engineering success rates.

Framework Mappings

iso 23894R8
tw principle資安與安全
tw risk type社會系統性影響(Societal Systemic)

Controls English translation pending

  • AI 生成內容偵測
  • 多因子身份驗證

Implementation Steps English translation pending

  1. 部署 AI 生成內容偵測系統,識別可疑的釣魚和詐騙訊息
  2. 對高風險操作(如轉帳、權限變更)強制實施多因子身份驗證
  3. 建立組織內部的深度偽造警覺訓練計畫
  4. 制定「語音/視訊驗證」標準流程,防範即時深偽詐騙