AI-enabled phishing and scams
Generated emails, SMS, social messages, fake support chats, and urgent requests can look polished and personal. Build habits that verify requests through trusted channels.
A focused hub for defending people and organisations against AI-enabled scams, deepfakes, voice fraud, prompt injection risk, unsafe AI tool use, data exposure, and incident pressure.
AI changes how believable, fast, and personalised attacks can become. The response is not panic; it is better verification, safer data handling, least privilege, monitoring, and response discipline.
Generated emails, SMS, social messages, fake support chats, and urgent requests can look polished and personal. Build habits that verify requests through trusted channels.
Audio and video impersonation can pressure people into payment changes, sensitive disclosures, or access approvals. Verify unusual requests outside the original channel.
AI tools that read web pages, documents, email, or tickets can be influenced by hidden or malicious instructions. Treat AI output as untrusted until reviewed.
Prompts, file uploads, chat history, plugins, and connectors can expose confidential information if people paste or connect data without clear approval.
Agents that can browse, email, create files, call APIs, or make changes need least privilege, approval steps, logging, and a clear human decision point.
Organisations need ownership for AI acceptable use, data classification, vendor review, escalation, and evidence handling when something goes wrong.
Safer AI adoption starts with clear boundaries. People should know what they can use AI for, what information must never be pasted, when to verify outputs, and who to contact if a tool behaves unexpectedly.
This checklist is written for practical use by individuals, small businesses, leaders, and technical teams. It is defensive guidance, not legal advice or a replacement for formal security assessment.
HD Cyber Defence recommends a calm, control-based model: know where AI is used, classify the data, limit permissions, verify outputs, monitor risky signals, and prepare a response path.
Identify AI tools, browser extensions, copilots, chatbots, automations, connectors, and local agents already in use.
Separate public information from confidential, personal, financial, health, security, source code, and board-level material.
Apply least privilege to connected tools, accounts, folders, mailboxes, APIs, and workflow automation.
Review AI output before decisions, payments, access approvals, customer responses, code changes, or security actions.
Watch for unusual access, unexpected sharing, suspicious browser extensions, leaked credentials, and impersonation attempts.
Prepare escalation, evidence capture, containment, communication, and recovery steps for AI-related cyber incidents.
The same threat may need a household explanation, a small-business checklist, an executive risk briefing, or a technical control review. The hub gives each audience a safe starting point.
Protect accounts, verify family emergency messages, recognise voice-clone pressure, and secure recovery options.
Verify supplier bank changes, protect shared mailboxes, manage AI tools, and prepare basic incident response steps.
Ask who owns AI risk, what data is exposed, how AI use is approved, and how incidents will be escalated.
Review integrations, logs, permissions, prompt injection exposure, data flows, and monitoring coverage.
Pause before urgent requests, verify identity, avoid sensitive prompts, and report suspicious messages early.
Validate outputs, isolate tools, protect system prompts, test retrieval sources, and document human approval points.
Strong AI security is not only a technology purchase. It is a repeatable operating habit that combines policy, people, process, monitoring, and response.
Define what staff can use AI for and what information must stay out of public tools.
Use trusted-channel confirmation for payments, access changes, executive instructions, and sensitive disclosures.
Keep AI agents and connectors on minimum permissions with review points before action.
Teach realistic AI phishing, voice fraud, deepfake pressure, and safe prompt behaviours.
Monitor suspicious logins, unusual sharing, leaked credentials, exposed services, and risky tool adoption.
Have a playbook for suspected account compromise, data exposure, impersonation, and AI tool misuse.
Use this hub as the starting page for AI cyber safety conversations, staff awareness, executive briefings, and safer AI adoption planning.
Choose a topic to get a short, practical contact suggestion.