Evolution of Phishing – what AI is doing to revolutionise social engineering
16435
post-template,post-template-elementor_theme,single,single-post,postid-16435,single-format-standard,bridge-core-3.0.8,qi-blocks-1.3.5,qodef-gutenberg--no-touch,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-theme-ver-29.5,qode-theme-bridge,wpb-js-composer js-comp-ver-8.1,vc_responsive,elementor-default,elementor-kit-16383,elementor-page elementor-page-16435

Evolution of Phishing – what AI is doing to revolutionise social engineering

Evolution of Phishing – what AI is doing to revolutionise social engineering

Phishing started as a basic tactic for attackers to exploit our trust. They were often directionless mass emails sent out with the hope that somebody would bite the hook. Over the years they have evolved into nastier, targeted emails to small and large businesses alike. Now, with the advent of AI, the threat has increased significantly – as shown by this recent study reporting a 60% increase in AI-driven phishing attacks.

AI has revolutionised phishing: it is more intelligent, persuasive, and difficult to identify. Grasping the nuances of this new danger is essential to staying safe.

AI-enhanced phishing

 

Hyper-realistic emails

AI can process vast amounts of data to study human communication patterns. By analysing the language, tone, and style of legitimate emails or messages, AI can craft phishing messages that closely resemble real communication. These messages are harder to recognise as phishing attempts because they sound natural, as if they come from a trusted source.

Curious about the process? Read on to discover how it’s done in detail

Tailored Attacks and Spear Phishes

Social media is a powerful tool, not just for us, but for AI too. By scraping data from social media and public profiles, AI can create phishing messages tailored to specific individuals or organisations. These messages might mimic or acknowledge our speech patterns and vernacular. They might feel personal or reference recent events in our lives. With this comes a higher chance of trust. Greater trust significantly increases the likelihood that the recipient will act and click on a phishing link.
 

An AI system that gathers detailed information about a target from various sources allows it to create messages that are difficult to distinguish from legitimate communications. Now we have spear-phishing attacks which are highly targeted, hugely effective, and difficult to prevent.

Automation

It might seem that this level of tailoring can be labour intensive, and it used to be. Before the advent of AI, spear phishing attacks were less frequent and generally less sophisticated. Attackers had to manually gather information about their targets and craft personalised messages, a time-consuming process that limited the scale of their operations.

Now, AI language models can quickly generate and send thousands of hyper-realistic phishing emails, each as tailored as the last. Additionally, AI can adapt messages based on responses, sending follow-up emails to those who initially engage but don’t provide the desired information, making the attacks more persistent and effective.

Deepfake technology

Deepfakes involve manipulating or generating audio, images, or videos to make them appear real, even though they depict events or people that may not exist or have never occurred.
 
This method is increasingly being used in AI-driven phishing attacks to enhance their effectiveness and deception. For example, attackers may create realistic videos or audio clips of CEOs, managers, or other authority figures requesting sensitive information or urgent actions. 
 
A survey by McAfee found that 25% of adults had experienced an attack that used an AI voice. 10% of respondents said that they had personally been targeted, and 15% said it had happened to someone they knew.
 

THE IMPACT OF AI-enhanced phishing

 

Increased success rates

Simply put, AI makes phishing more effective. A growing number of people are being fooled by these highly elaborate attacks. Data breaches are on the rise. Businesses suffer financial losses, while individuals become targets of identity theft and other serious problems.

Greater damage

Personalised attacks can lead to substantial data breaches, allowing attackers to gain unauthorised access to sensitive data. The impact of further disruption to business operations can be far-reaching and damaging.

 

how to protect yourself

 
This all may seem rather bleak, but the good news is that there are ways to protect ourselves to this evolved form of phishing.
 

Vigilance

Be sceptical. Question the authenticity of emails, messages, and links. By cultivating a habit of doubt, you will be less likely to fall for any phishing attacks which rely on trust and urgency.
 

Warning signs

Urgent language, request for sensitive information, does the email seem too good to be true. These are all warning signs which should immediately have you on high alert.
 

Additional Authentication

Enforcing multi-factor authentication (MFA) on your accounts adds an additional layer of security. Even if an attacker gets your password, this extra form of verification adds an additional later of protection in most cases. 
 

Authentication Protocols

Email address domains are easy to spoof. Protocols like SPF, DKIM, and DMARC validate that an email is actually from the domain it claims to be from. By verifying the sender’s identity, these protocols help prevent email spoofing, where attackers send emails that appear to come from a trusted source.
 

Education

Training is essential. Dive deeper into these phishing tactics and stay updated on the latest threats. Share what you learn with others, as education equips people to recognise and avoid phishing attacks. Many security training platforms also provide phishing tests capabilities where identification skills are tested against simulated phishing emails – these are a fantastic way to fine-tune your phishing radar. 
 

Confirm Legitimacy of Requests

Never disclose sensitive information via email. If you receive such a request, confirm its legitimacy through another communication method. Directly contact the person using a known phone number, email address, or the company’s official messaging platform.
 

Use Advanced Security Tools

Advanced tools like anti-phishing software and spam filters can detect and block phishing attempts before they reach you. This proactive approach helps prevent potential threats from causing harm. The more advanced tools are designed to adapt to these newer, more sophisticated techniques.
 

Report Phishing Attempts

By reporting phishing, you help prevent others from falling victim to the same scam. It raises awareness and helps your IT team or email provider take action against the attackers.
 

Regular Security Audits

Regular audits help uncover hidden security risks and vulnerabilities within your IT systems before cybercriminals can exploit them.
 

Need Help with Safeguards Against AI-driven Phishing?

 
Phishing is a serious threat amplified by AI. Have you implemented an effective email filter? Would you recognise a hyper-realistic attack?
 
Contact us today to schedule a chat about what further steps you can do to safeguard your information environment.
 
 
 
 
 
 
 
 
No Comments

Sorry, the comment form is closed at this time.