Podcast Episode Details

Back to Podcast Episodes

AI Supercharges Scams

Episode 289

Cybercriminals are accelerating their attacks in ways that weren’t possible a few years ago. Artificial intelligence is giving them the ability to spin up phishing campaigns, voice clones, and deepfakes in minutes instead of days. As a result, the gap between what’s genuine and what’s fake is closing fast, making it harder for both individuals and organizations to defend themselves.

I’m thrilled to welcome Brett Winterford, Vice President of Okta Threat Intelligence. Brett has had a front row seat to these changes. His team analyzes identity-based attacks and delivers insights to help organizations adapt their defenses. Brett previously served as Okta’s Regional CISO for Asia-Pacific and Japan and started his career as a journalist covering information security before moving into leadership roles in banking, government, and technology.

In this episode, Brett explains how AI is reshaping the speed and scale of cybercrime, why trusted platforms like email, SMS, and collaboration tools are being targeted, and what practical steps can reduce risk. He highlights the growing importance of phishing-resistant authentication methods like passkeys, the need for clearer communication between service providers and users, and the role of collaboration across industries and law enforcement in pushing back against attackers.

Show Notes:
  • [00:00] Brett Winterford introduces himself as Vice President of Okta Threat Intelligence and explains how identity-based threats are monitored.
  • [02:00] He shares his career path from cybersecurity journalist to CISO roles and now to leading threat intelligence.
  • [05:48] Brett compares phishing campaigns of a decade ago with today’s AI-driven ability to launch attacks in minutes.
  • [08:00] He notes how reconnaissance and lure creation have become easier with artificial intelligence.
  • [10:40] Brett describes the shift from banking malware to generic infostealers that sell stolen credentials.
  • [12:30] He explains how cryptocurrency changed the targeting of attacks by offering higher payouts.
  • [14:21] We learn about the Poison Seed campaign that used compromised bulk email accounts to spread phishing.
  • [15:26] Brett highlights the rise of SMS and other trusted communication channels as phishing delivery methods.
  • [16:04] He explains how attackers exploit platforms like Microsoft Teams and Slack to bypass traditional defenses.
  • [18:30] Brett details a Slack-based campaign where attackers impersonated a CEO and smuggled phishing links.
  • [22:41] He warns that generative AI has erased many of the old “red flags” that once signaled a scam.
  • [23:01] Brett advises consumers to focus on top-level domains, official apps, and intent of requests to detect phishing.
  • [26:06] He stresses why organizations should adopt passkeys, even though adoption can be challenging.
  • [27:22] Brett points out that passkeys offer faster, more secure logins compared to traditional passwords.
  • [28:31] He explains how attackers increasingly rely on SMS, WhatsApp, and social platforms instead of email.
  • [31:00] Brett discusses voice cloning scams targeting both individuals and corporate staff.
  • [32:30] He warns about deepfake video being used in fraud schemes, including North Korean IT worker scams.
  • [34:59] Brett explains

    Published on 10 hours ago





If you like Podbriefly.com, please consider donating to support the ongoing development.

Donate

© 2025 Developer Service

DevAsService

DevAsService

Cloud Home Lab

Developer Service

Imaginator

Courses Developer Service

Is It Clickbait