Sign up to save your podcasts
Or
Share AI Supercharges Scams
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AI Supercharges Scams
Cybercriminals are accelerating their attacks in ways that weren't possible a few years ago. Artificial intelligence is giving them the ability to spin up phishing campaigns, voice clones, and deepfakes in minutes instead of days. As a result, the gap between what's genuine and what's fake is closing fast, making it harder for both individuals and organizations to defend themselves.
I'm thrilled to welcome Brett Winterford, Vice President of Okta Threat Intelligence. Brett has had a front row seat to these changes. His team analyzes identity-based attacks and delivers insights to help organizations adapt their defenses. Brett previously served as Okta's Regional CISO for Asia-Pacific and Japan and started his career as a journalist covering information security before moving into leadership roles in banking, government, and technology.
In this episode, Brett explains how AI is reshaping the speed and scale of cybercrime, why trusted platforms like email, SMS, and collaboration tools are being targeted, and what practical steps can reduce risk. He highlights the growing importance of phishing-resistant authentication methods like passkeys, the need for clearer communication between service providers and users, and the role of collaboration across industries and law enforcement in pushing back against attackers.
Show Notes:- [00:00] Brett Winterford introduces himself as Vice President of Okta Threat Intelligence and explains how identity-based threats are monitored.
- [02:00] He shares his career path from cybersecurity journalist to CISO roles and now to leading threat intelligence.
- [05:48] Brett compares phishing campaigns of a decade ago with today's AI-driven ability to launch attacks in minutes.
- [08:00] He notes how reconnaissance and lure creation have become easier with artificial intelligence.
- [10:40] Brett describes the shift from banking malware to generic infostealers that sell stolen credentials.
- [12:30] He explains how cryptocurrency changed the targeting of attacks by offering higher payouts.
- [14:21] We learn about the Poison Seed campaign that used compromised bulk email accounts to spread phishing.
- [15:26] Brett highlights the rise of SMS and other trusted communication channels as phishing delivery methods.
- [16:04] He explains how attackers exploit platforms like Microsoft Teams and Slack to bypass traditional defenses.
- [18:30] Brett details a Slack-based campaign where attackers impersonated a CEO and smuggled phishing links.
- [22:41] He warns that generative AI has erased many of the old "red flags" that once signaled a scam.
- [23:01] Brett advises consumers to focus on top-level domains, official apps, and intent of requests to detect phishing.
- [26:06] He stresses why organizations should adopt passkeys, even though adoption can be challenging.
- [27:22] Brett points out that passkeys offer faster, more secure logins compared to traditional passwords.
- [28:31] He explains how attackers increasingly rely on SMS, WhatsApp, and social platforms instead of email.
- [31:00] Brett discusses voice cloning scams targeting both individuals and corporate staff.
- [32:30] He warns about deepfake video being used in fraud schemes, including North Korean IT worker scams.
- [34:59] Brett explains why traditional media-specific red flags are less useful and critical thinking is essential.
- [37:15] He emphasizes the need for service providers to create trusted communication channels for verification.
- [39:29] Brett talks about the difficulty of convincing users to reset credentials during real incidents.
- [41:00] He reflects on how attackers adapt quickly and why organizations must raise the cost of attacks.
- [44:18] Brett highlights the importance of cross-industry collaboration with groups like Interpol and Europol.
- [45:24] He directs listeners to Okta's newsroom for resources on threat intelligence and recent campaigns.
- [47:00] Brett advises consumers to experiment with passkeys and use official apps to reduce risk.
- [48:00] He closes by stressing the importance of having a trusted, in-app channel for security communications.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Brett Winterford - LinkedIn
- Brett Winterford - Okta
View all episodes
By Chris Parker
4.7
3030 ratings
Cybercriminals are accelerating their attacks in ways that weren't possible a few years ago. Artificial intelligence is giving them the ability to spin up phishing campaigns, voice clones, and deepfakes in minutes instead of days. As a result, the gap between what's genuine and what's fake is closing fast, making it harder for both individuals and organizations to defend themselves.
I'm thrilled to welcome Brett Winterford, Vice President of Okta Threat Intelligence. Brett has had a front row seat to these changes. His team analyzes identity-based attacks and delivers insights to help organizations adapt their defenses. Brett previously served as Okta's Regional CISO for Asia-Pacific and Japan and started his career as a journalist covering information security before moving into leadership roles in banking, government, and technology.
In this episode, Brett explains how AI is reshaping the speed and scale of cybercrime, why trusted platforms like email, SMS, and collaboration tools are being targeted, and what practical steps can reduce risk. He highlights the growing importance of phishing-resistant authentication methods like passkeys, the need for clearer communication between service providers and users, and the role of collaboration across industries and law enforcement in pushing back against attackers.
Show Notes:- [00:00] Brett Winterford introduces himself as Vice President of Okta Threat Intelligence and explains how identity-based threats are monitored.
- [02:00] He shares his career path from cybersecurity journalist to CISO roles and now to leading threat intelligence.
- [05:48] Brett compares phishing campaigns of a decade ago with today's AI-driven ability to launch attacks in minutes.
- [08:00] He notes how reconnaissance and lure creation have become easier with artificial intelligence.
- [10:40] Brett describes the shift from banking malware to generic infostealers that sell stolen credentials.
- [12:30] He explains how cryptocurrency changed the targeting of attacks by offering higher payouts.
- [14:21] We learn about the Poison Seed campaign that used compromised bulk email accounts to spread phishing.
- [15:26] Brett highlights the rise of SMS and other trusted communication channels as phishing delivery methods.
- [16:04] He explains how attackers exploit platforms like Microsoft Teams and Slack to bypass traditional defenses.
- [18:30] Brett details a Slack-based campaign where attackers impersonated a CEO and smuggled phishing links.
- [22:41] He warns that generative AI has erased many of the old "red flags" that once signaled a scam.
- [23:01] Brett advises consumers to focus on top-level domains, official apps, and intent of requests to detect phishing.
- [26:06] He stresses why organizations should adopt passkeys, even though adoption can be challenging.
- [27:22] Brett points out that passkeys offer faster, more secure logins compared to traditional passwords.
- [28:31] He explains how attackers increasingly rely on SMS, WhatsApp, and social platforms instead of email.
- [31:00] Brett discusses voice cloning scams targeting both individuals and corporate staff.
- [32:30] He warns about deepfake video being used in fraud schemes, including North Korean IT worker scams.
- [34:59] Brett explains why traditional media-specific red flags are less useful and critical thinking is essential.
- [37:15] He emphasizes the need for service providers to create trusted communication channels for verification.
- [39:29] Brett talks about the difficulty of convincing users to reset credentials during real incidents.
- [41:00] He reflects on how attackers adapt quickly and why organizations must raise the cost of attacks.
- [44:18] Brett highlights the importance of cross-industry collaboration with groups like Interpol and Europol.
- [45:24] He directs listeners to Okta's newsroom for resources on threat intelligence and recent campaigns.
- [47:00] Brett advises consumers to experiment with passkeys and use official apps to reduce risk.
- [48:00] He closes by stressing the importance of having a trusted, in-app channel for security communications.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.
Links and Resources:- Podcast Web Page
- Facebook Page
- whatismyipaddress.com
- Easy Prey on Instagram
- Easy Prey on Twitter
- Easy Prey on LinkedIn
- Easy Prey on YouTube
- Easy Prey on Pinterest
- Brett Winterford - LinkedIn
- Brett Winterford - Okta
More shows like Easy Prey
View all
Criminal
37,514 Listeners
The School of Greatness
21,187 Listeners
20/20
11,783 Listeners
48 Hours
10,756 Listeners
Health Report
131 Listeners
Darknet Diaries
8,052 Listeners
The Perfect Scam
1,087 Listeners
What Was That Like - True Stories. Real People.
1,908 Listeners
Dateline NBC
47,350 Listeners
WHEN DATING HURTS
349 Listeners
Killer Psyche
4,698 Listeners
Body Bags with Joseph Scott Morgan
2,141 Listeners
Betrayal: Weekly
7,982 Listeners
The Mel Robbins Podcast
19,668 Listeners
If I Can Be SCAMMED, So Could YOU!
1 Listeners