3 Steps to Protect Yourself from Malicious Chatbots

3 Steps to Protect Yourself from Malicious Chatbots

Markus Melin

Head of Tieto Security Services at Tieto

Views 480

3 Steps to Protect Yourself from Malicious Chatbots

05.01.2017 09:00 am

In my earlier blog about chatbot security I laid out a troubling question: Why should we worry about chatbots? They are such a new phenomenon that we don't have enough information yet to fully estimate the threats they pose to security.

It's also reasonable to ask what all the fuzz is about and think that chatbots are just another internet hype.

I’m not a fortune teller, but it is important to understand the context where chatbots can – and most likely will – flourish. The way people use social media is changing: Today, we spend more time on messaging apps than on social networks. It’s clear that more services such as chatbots will be developed to complement the messaging apps.

The flip side is that with chatbots you should take extra caution with security. This is how to do it:

1. Collect data the right way

The intelligence of chatbots rests very much on their learning capabilities. The more they know about the user, the more personalised service they can offer. This means that they have to collect data.

For security reasons, especially inside enterprise networks, it’s important to know the following:

- What data is collected?
- Where is it stored?
- How long is it stored?
- Who else has access to my data?

2. Encrypt with caution

Communication on chatbots should be encrypted to make sure the information can’t be accessed from outside. With public channels, this is an obvious risk. Last summer, Facebook started to test end-to-end encryption.

While encryption is recommendable, it introduces new problems. Could a chatbot be utilised as a new channel to spread malware, nicely hidden under encryption? Could it be a command and control channel for malware or botnets?

Still, there are more obvious advantages than downsides to encrypting chatbot conversations. 

3. Don't trust the good looks

Chatbots present similar security challenges as email, for which we already have effective remedies.

Most email clients are quite good in detecting phishing email and sending it directly to junk mail. Some bad emails still make it to our mailboxes but luckily we are quite adept at detecting them and know not to click those nasty links, just as I wrote in my earlier blog post.

With chatbots the reality is totally different. They are still so new that technology isn’t able to detect malicious bots accurately. We must do the job ourselves.

When using chatbots in your messaging applications, take extra caution. Don’t automatically give your personal information, especially credit card info, to a friendly-looking chatbot.

Read more about our approach to security in our whitepaper.

Latest blogs

n/a n/a

How COVID-19 Is Ushering In a New Era of Cashless Technology

  Image source: https://www.pexels.com/photo/person-shopping-online-3944405/   Cashless technology isn't a completely fresh concept. People have been using credit cards for decades, and the market for fintech services has been Read more »

Jean Shin tyntec

Using WhatsApp for 2FA is the Future of Banking

From user authentication and password resets to transaction verification, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sends an SMS sent to the customer with a one-time password (OTP). Read more »

Amir Ghodrati App Annie

The Role of Fintech Apps in Navigating This Period of Financial Insecurity

Economic instability has been ricocheting throughout the stock market in the wake of the global coronavirus pandemic. Its effects have been felt across all industries, with winners and losers’ across different sectors. So, how has fintech Read more »

n/a n/a

How to Choose a VPN for Digital Privacy & Security

In a world where almost everything is connected, and where hackers and other malicious people are roaming the internet, it is always advisable that you take every precaution that you can to enhance your data security and privacy protections. Using a Read more »

Ben Slater Instaclustr

The Case for Adopting Open Source – Own Rather Than Rent the Foundations of Your Business

For some time open source was seen as something that only the biggest companies could use and play with. But with the modern, increasingly fast business environment, the use cases for open source are in everything and the technology is increasingly Read more »

Related Blogs

n/a n/a

How to Choose a VPN for Digital Privacy & Security

In a world where almost everything is connected, and where hackers and other malicious people are roaming the internet, it is always advisable that you take every precaution that you can to enhance your data security and privacy protections. Using a Read more »

Colin Neil Adyen UK

P2PE – Silver Bullet or Snake Oil?

Fraud is an ever-present problem for merchants, especially with the increasing number of payment providers, start-up challenger banks, and online shopping sites providing different levels of fraud protection. To ensure the best customer and business Read more »

Sandra Higgins Sysnet Global Solutions

Are You ‘Prescribing’ the Right Security Solution to Your Merchants?

When it comes to leading a healthy lifestyle, eating the right food, taking regular exercise, and maintaining a positive mindset are key. However, despite these best intentions and practices, you still might not get all the nutrients your body needs Read more »

Sunil Jhamb WL Payments

Staying in control of digital payments

For the CIOs and CTOs of banks and PSPs, fraud and security are never very far from their minds. Protecting both their own organisations and their merchants from the threat of cybercrime is a truly business-critical challenge – and one in which the Read more »

Gabriel Leperlier Verizon Enterprise Solutions

Why is Payment Security Compliance Declining with only 1 in 3 Companies Globally Making the Grade?

When companies are attacked, personal and financial customer information from payment card data is often the target. The Payment Card Industry Data Security Standard (PCI DSS) was designed to help protect payment data from the point of purchase and Read more »

Magazine
ALL
Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel