Phishing 2.0: How AI is Amplifying the Threat


Phishing has always been a threat, but with the introduction of Artificial Intelligence (AI) threat actors now use AI to craft even more convincing messages and target specific individuals to improve their success rates of an attack.

A recent study found a 60% increase in AI-driven phishing attacks, and it’s a wake-up call that phishing threats will continue to rise.

How AI enhances the phishing threat

  • Creation of realistic messages – AI analyses vast amounts of data and studies how people write and speak. This helps to create realistic messages as it will mimic the tone and style of legitimate communications, so they seem more authentic.
  • Personalised attacks – As AI gathers information from social media and other sources, it will use that information to create personalised messages which may include your recent activities and interests, which increases the chance of believing the email is from a legitimate source.
  • Better targeted spear phishing – Spear phishing is an act of targeting specific individuals and organisations and with the introduction of AI, threat actors can conduct better research on their targets and to help them create tailored messages which again, make it more difficult for the recipient to distinguish from legitimate emails.
  • Automation of phishing attacks – AI can also improve the automation of sending out mass emails to a vast audience quickly, as well as sending out follow-up emails to recipients who failed to acknowledge the first email, in the hope the user will succumb the second or third time around.
  • Deepfake technology – Threat actors will utilise AI to create realistic videos or audio adding another more sophisticated layer of deception, for example a CEO sending an audio message asking for the recipient to send across urgent and sensitive information.

The impact of AI-Enhanced Phishing

  • Increased Success Rates: AI makes phishing more effective. More users fall for more sophisticated attacks.
  • Harder to Detect: Traditional phishing detection methods struggle against AI-enhanced attacks.
  • Greater Damage: Personalised attacks can lead to significant data breaches and consequences.

How to Better Protect yourself against these attacks?

  • Be even more sceptical: Don’t click on links or download attachments from unknown sources, pause and consider the validity of the email before opening and actioning.
  • Check for red flags: Look for red flags in the email, be cautious if the email seems too good to be true or it is an email you were not necessarily expecting to receive.
  • Use MFA:  Enable the best form of MFA available.
  • Educate yourself and others: Learn about the various forms of phishing, especially regarding AI phishing tactics.
  • Implement advanced security tools:  Invest in advanced tools to better defend against this type of threat.
  • Report phishing attempts: Warn others, report all phishing attempts to your IT team or email provider, share screenshot examples with your colleagues so they are aware.
  • Enable email authentication: Use email authentication protocols like SPF, DKIM and DMARC.
  • Conduct regular security audits: To help identify vulnerabilities in your IT Infrastructure and systems.

 

Blog

Harnessing the Power of Technology: Insights from Symetri

26 November 2024

Symetri is dedicated to helping businesses thrive in a rapidly evolving technological landscape. From leveraging AI in Microsoft Teams to maximising the potential of Microsoft 365 and addressing the critical impacts of IT downtime, understanding and implementing the right tools and strategies is key to success. Below, we explore three significant areas shaping the modern workplace.

Learn more
Blog

What is an LCA? 3 Examples of Life-Cycle Assessments in Building Projects

11 November 2024

A Life-Cycle Assessment (LCA) is a powerful tool used to measure the complete environmental impact of a building project. It evaluates the carbon footprint and other environmental effects throughout a building's life, across four key stages: production, use, end-of-life, and beyond. Below are three examples of how LCAs can guide decisions for more sustainable building projects.

Learn more