Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities.jpg)
Cyber Security in the age of AI: why phishing attacks are now more dangerous
One of the most persistent attack methods used by malicious actors when it comes to cyber threats is phishing: emails designed to trick the recipient into revealing confidential information or performing actions that allow their data to be stolen.
Phishing is one of the most successful attack methods. And in the age of Artificial Intelligence (AI) cybercriminals have found in AI a tool that allows them to send more convincing, contextual, and personalized messages to increase their chances of success. And according to the Phishing Threat Trends Report 2023, they are succeeding.
✅ A classic example of phishing would be an email that impersonates a banking institution and asks the recipient to type in their online banking username and password. When the victim follows the directions in the email and types in their bank credentials, they are actually handing them over to the cybercriminals.
Artificial Intelligence in phishing and spear-phishing attacks
The report, published by Egress (under subscription), reveals that AI-generated phishing emails are on the rise and becoming more effective. More difficult to identify and to differentiate from legitimate communications.
So much so that in three out of four cases (71%) AI detectors cannot distinguish between an email written by a bot and a person, according to Infosecurity Magazine.
In this way, using generative AI models, attackers manage to create more convincing texts, very similar to legitimate emails from companies (as in the bank example), entities, non-profit organizations or government agencies.
Cybercriminals also find it easier to personalize emails with specific information about potential victims with the help of AI. This information can be obtained from open sources, such as social networks, or by compiling and analyzing large databases available on the Deep Web black market. The purpose is also to steal data or install malware on your computer.
This means that phishing emails are becoming increasingly personalized by adding information about the victim, such as name, job title and place of work. This makes the message more believable. More data about the victim's personal interests and preferences or lifestyle is also used to construct a unique bait targeting a specific individual or company.
Cybercriminals use AI in this way to achieve an even more effective deception that adds to the danger of the attack by increasing the risk that users will take the bait.
AI automation comes to phishing attacks
AI is not only used in the creation of phishing emails, but also in the automation of attacks. Attackers can use AI bots to send more efficient phishing emails on a large scale.
These bots can automatically identify potential targets and, in many cases, evade conventional security defenses. In this regard, AI enables, for example:
- Sending thousands of personalized, topical phishing emails in 'real time'. To solicit fake aid or donations, for example, from seemingly legitimate humanitarian organizations in the event of a natural disaster. Or to mimic the security notifications of an entity that has been the victim of a phishing campaign, making it even more difficult for recipients to distinguish between the hoax and the reality.
🎣 The Tax Agency sent a message in May 2023 alerting of a phishing campaign. The cybercriminals took advantage of this message to start a new phishing campaign that spoofed the Tax Agency's alert and asked users for personal data to verify that they were not affected by the initial phishing campaign.
- Detect responses from victims and continue the conversation through chatbots and with automatic responses to maintain simulated conversations with those who respond or show interest. Also, to extract additional information. When the out of office or away message provides more information than necessary, for instance.
- As discussed above, to collect data from social networks, public websites and large filtered databases to build detailed profiles of potential victims. This allows them to design personalized phishing emails that have a higher chance of success.
- Bypass conventional security defenses, such as spam filters and anti-virus, by obfuscating the actual content and intent of the email. Or constantly changing its content and technique to avoid automatic detection, making automatic protection against phishing attacks more difficult.
How to protect against AI-generated phishing
Given the increasing sophistication of AI-generated phishing attacks, it is imperative to automatically implement measures to protect yourself. Strategies that can help include:
- Be informed and up to date on campaigns and developments related to phishing and learn how to identify it, also in the age of AI. Companies should provide their employees with adequate training in Cyber Security.
- Invest in proven and recognized protection tools and advanced security solutions that use AI to detect and prevent phishing attacks beyond content, identifying suspicious behavior patterns and alerting about potential threats.
- Verify the origin (From: field) of an e-mail before clicking on links or providing confidential information, carefully checking the sender's address and the URLs included in the message.
- Always be wary of urgent e-mails or e-mails that demand immediate action or threaten negative consequences (such as the blocking of your bank account or an incident with your tax return) and take a moment to analyze the message and assess its authenticity. Keep computers, devices, mobiles, and software up to date and patched to reduce the risk of attackers exploiting known vulnerabilities.
* * *
According to Egress, 30% of email is "graymail", unsolicited but unnecessary bulk messages that are rarely opened, such as notifications or newsletters.
📫 Spam and graymail: what is the difference?
The main difference between spam and graymail is intent:
○ Spam or junk mail has a malicious intent: they are intrusive and unsolicited messages sent for the purpose of promoting products, services or scams... without the recipient's consent.
○ The intent of graymail is legitimate: they are solicited messages, although in many cases they are not necessary and are often ignored. Notifications, newsletters, or promotions from companies with which you have interacted at some point; for example, when shopping online, are considered graymail.
Graymail can flood the inbox and become a problem due to its excessive volume, which makes it difficult to keep incoming mail under control.
Image from Natanaelginting on Freepik.
.jpg "How Clean Email Business protects SMEs from email cyber-attacks")
