With the advancement of artificial intelligence, cybercriminals can quickly analyze online data, creating sophisticated phishing strategies that fool even the most advanced security systems.
We celebrate the fact that artificial intelligence is transforming many industries, but not all of the industries affected are equally legitimate: it has also served to arm cybercriminals with more sophisticated tools to carry out phishing scams.
According to cybersecurity experts and recent reports from companies such as e-commerce giant eBay or multinational insurance company Beazley, began to proliferate ultra-sophisticated, personalized AI-based phishing scams, which poses a major challenge as users still continue to fall for much less elaborate phishing campaigns.
The impact of artificial intelligence on phishing
AI allows hackers to quickly analyze large amounts of data about an individual or company and replicate their style and tone to craft convincing emails that are difficult to detect as fraudulent. According to Kirsty Kelly, chief information security officer at Beazley:
“It’s getting worse and worse and becoming more personalized. So we suspect that AI is largely behind it.”
- Doomsday Weapon: The Devastating Electromagnetic Bomb Putin Could Use to Paralyze the West
- Elon Musk warns: “We are at the limit!” Billionaire embraces ‘peak data’ theory, says human data to train AI is officially exhausted
- Ocean Plant Promises to Capture CO2 and Produce Green Hydrogen! Bold Technology Could Save the Planet or Become an Immeasurable Environmental Risk
- Welcome to the future: China launches train that doesn't need tracks and appears to float through the streets! Virtual rail technology takes urban mobility to another level
This extreme personalization is achieved by analyzing online profiles and social media activity, which also allows attackers to identify topics that might appeal to or convince victims. For example, an executive might receive a seemingly legitimate email related to a recent project mentioned on LinkedIn.
Kip Meintzer, from the cybersecurity company Check Point Software Tech., said during a recent investor conference that AI has given hackers “the ability to write the perfect phishing email.”
These hyper-personalized tactics significantly increase the likelihood of attacks being successful.
Advantages of artificial intelligence for cybercriminals
Nadezda Demidova, a cybersecurity researcher at eBay, explained that the availability of generative AI tools has significantly lowered the barriers to entry for cybercrime (i.e., you no longer need to be a tech expert to launch a cyberscam campaign).
These tools not only allow you to create convincing emails, but also quickly adapt them to bypass corporate security filters.
Additionally, AI can scan code and analyze human processes to identify vulnerabilities, according to Sean Joyce, global cybersecurity leader at PwC. This makes even companies with sophisticated defense systems vulnerable to targeted attacks.
The scope of scams and their financial impact
More than 90% of successful cyberattacks begin with an email phishing attack, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This attack method is not only effective but also very costly for victims, especially when it comes to businesses.
A specific type of attack that has gained prominence is known as 'BEC', in which scammers trick recipients (pretending to be an executive or supplier) into transferring funds or sharing sensitive information without using malware.
According to the FBI, this type of fraud has generated losses of more than 50 billion dollars worldwide since 2013.
What can companies and users do?
Given this scenario, both companies and individuals must adopt more proactive strategies to mitigate the risk of AI-driven phishing attacks:
Continuing education: Cybersecurity training must evolve to include examples of hyper-personalized emails and other emerging strategies powered by artificial intelligence.
Investments in technology: Organizations need to implement AI-based detection systems that can identify anomalous patterns in emails, even when they appear highly personalized.
Constant monitoring of online profiles: Reducing the amount of publicly available personal information can make it harder for attackers to collect data relevant to their scams.