The rapid transformation of the technological landscape by artificial intelligence (AI) is having a significant impact on cybersecurity. This is most evident in the rise of AI phishing attacks, which pose a growing threat due to their enhanced efficiency and sophistication.

Cybercriminals, once reliant on manual tactics, now leverage AI to orchestrate exploit attempts and scams with increased efficiency and sophistication. According to one report, AI drove a surge in phishing attacks of almost 60 per cent in 2023, with expectations that growth will continue or even accelerate.

On the ground, ABC reported last week that real-time deepfake face-swapping systems, which are thought to be used by South-East Asian crime syndicates, are being openly advertised on social media. Meanwhile, the UK’s National Cyber Security Centre (NCSC) said earlier this year that people would simply struggle to identify phishing messages thanks to the sophistication of AI tools.

AI empowers cybercriminals to generate AI phishing emails that appear more polished and legitimate. Traditional red flags, such as poor grammar and spelling mistakes, are mitigated by Large Language Models (LLMs) that create natural-sounding content. This lulls victims into a false sense of security.

Fraud detection software often relies on identifying specific keywords or phrases within emails. AI-generated content circumvents this approach as phishing attempts become free of traditional detection markers. AI can leverage social media data and publicly available information to personalise phishing emails. This personalisation makes them more believable and difficult to distinguish from legitimate communications.

While real-time AI phishing scams that mimic targeted advertisements aren’t yet widespread, AI’s capabilities suggest they could become a future threat. Imagine receiving an email for VIP festival tickets, seemingly relevant because of your browsing history. This could be an AI-generated phishing attempt designed to steal your credit card details.

Advancements in AI and cybersecurity present a double-edged sword. While AI offers powerful tools to combat cybercrime, it can also be exploited by malicious actors. Voice cloning technology is a prime example. Scammers can leverage readily available online audio clips to create highly realistic voice replicas. This allows them to impersonate trusted individuals with access to business information, such as a CEO or a vendor the company frequently works with.

The increasing sophistication of AI cybersecurity threats presents new and evolving challenges for industries worldwide. Financial services and insurance industries, handling sensitive data like login credentials, account information, and financial assets, are prime targets for AI phishing attacks designed to steal this valuable information. Non-profit organisations, reliant on online donations and fundraising, are vulnerable to scams targeting donors and volunteers. AI can personalise these scams, increasing the risk of deception.

In the legal industry, AI phishing scams can be used to impersonate trusted individuals like clients or colleagues, potentially leading to data breaches and compromised legal proceedings. This can have a significant impact on client confidentiality and the integrity of legal processes. Patient information and medical records in the healthcare sector are highly valuable on the black market. AI phishing can specifically target healthcare providers and institutions to gain access to this sensitive data, compromising patient privacy and potentially disrupting critical healthcare services.

In the retail and commerce sectors, AI-powered phishing can be used to impersonate customer service representatives or create fake online stores with the goal of stealing financial information or compromising customer accounts. This can damage customer trust and lead to financial losses.

Phishing attacks are the opening act in a multi-stage threat strategy within the evolving AI in cybersecurity landscape. Success hinges on attackers completing multiple steps, offering organisations opportunities for intervention. Therefore, a layered cybersecurity defence is essential.

Layer 1: Block Attacker Reach

Email filtering and anti-spoofing tools minimise phishing emails reaching user inboxes. Strong information security practices make it difficult for attackers to create convincing email spoofs of your organisation.

Layer 2: Empower User Action

Comprehensive training educates users to recognise generic phishing attempts and targeted spear phishing attacks. A supportive organisational culture encourages prompt reporting of suspected phishing, even if users believe they clicked a malicious link. Streamlined procedures for reporting make it easier for users to flag phishing attempts.

Layer 3: Mitigate Successful Phishing

Cybersecurity solutions block malware and unsafe websites. Patching and updating critical applications address vulnerabilities exploited by attackers. Network administrative controls prevent unauthorised software installation by regular users. Strong password security and multi-factor authentication (MFA) practices minimise the effectiveness of stolen credentials.

Layer 4: Respond Quickly to Incidents

An incident response plan ensures swift and effective actions upon detecting a security incident. Encouraging early reporting incentivises prompt notification of potential breaches. Continuous network monitoring facilitates the detection of ongoing breaches. Maintaining detailed access logs allows for investigation and mitigation of breaches in progress. Protecting data remains a top priority to minimise losses.

Aggressive cybercrime often begins with deceptive AI phishing emails, bypassing technology and targeting your employees. Empowering them is the most effective defence. Personalised training and adaptive simulations transform your workforce into a cybersecurity-aware line of defence.