Phishing 2.0: How AI is Amplifying the Threat

A recent study found a 60% increase in AI-driven phishing attacks, and it’s a wake-up call that phishing threats will continue to rise.

How AI enhances the phishing threat

• Creation of realistic messages – AI analyses vast amounts of data and studies how people write and speak. This helps to create realistic messages as it will mimic the tone and style of legitimate communications, so they seem more authentic.
• Personalised attacks – As AI gathers information from social media and other sources, it will use that information to create personalised messages which may include your recent activities and interests, which increases the chance of believing the email is from a legitimate source.
• Better targeted spear phishing – Spear phishing is an act of targeting specific individuals and organisations and with the introduction of AI, threat actors can conduct better research on their targets and to help them create tailored messages which again, make it more difficult for the recipient to distinguish from legitimate emails.
• Automation of phishing attacks – AI can also improve the automation of sending out mass emails to a vast audience quickly, as well as sending out follow-up emails to recipients who failed to acknowledge the first email, in the hope the user will succumb the second or third time around.
• Deepfake technology – Threat actors will utilise AI to create realistic videos or audio adding another more sophisticated layer of deception, for example a CEO sending an audio message asking for the recipient to send across urgent and sensitive information.
  
  

The impact of AI-Enhanced Phishing

• Increased Success Rates: AI makes phishing more effective. More users fall for more sophisticated attacks.
• Harder to Detect: Traditional phishing detection methods struggle against AI-enhanced attacks.
• Greater Damage: Personalised attacks can lead to significant data breaches and consequences.
  
  

How to Better Protect yourself against these attacks?

• Be even more sceptical: Don’t click on links or download attachments from unknown sources, pause and consider the validity of the email before opening and actioning.
• Check for red flags: Look for red flags in the email, be cautious if the email seems too good to be true or it is an email you were not necessarily expecting to receive.
• Use MFA:  Enable the best form of MFA available.
• Educate yourself and others: Learn about the various forms of phishing, especially regarding AI phishing tactics.
• Implement advanced security tools:  Invest in advanced tools to better defend against this type of threat.
• Report phishing attempts: Warn others, report all phishing attempts to your IT team or email provider, share screenshot examples with your colleagues so they are aware.
• Enable email authentication: Use email authentication protocols like SPF, DKIM and DMARC.
• Conduct regular security audits: To help identify vulnerabilities in your IT Infrastructure and systems.

Author

Richard Huggins

Richard joined us in 1997 as an apprentice IT engineer conducting on-site installations of CAD workstations and Microsoft and Novell network environments. After a brief spell away to travel the world, he returned to work on our helpdesk supporting our CAD customers. In 2007, Richard was promoted to Support Services Manager and worked in this role until 2016 when he decided to acquire new skills and widen his IT industry knowledge and left to work as an Operational Manager for one of the UK’s Top 20 leading Information Security companies. In 2019 Richard once again returned to Symetri as Head of Support and Customer Success to further improve the Symetri customer support experience and is now responsible for the IT Solutions division.