AI Fueling A New Wave of Phishing

Techy bullion
By -
Phishing Attacks

With the continued development of AI generative technology and the wide accessibility of these new tools, a range of new methods have become available to hackers to refine their existing techniques and develop new ones.


While Phishing has existed for many years, AI technology can now further refine and increase the effectiveness of an industry responsible for an average of $4.76 million for impacted companies.

Traditional Phishing Attacks

Phishing emails have been an ongoing issue for businesses and individuals for years, with a progressive rise in the number of Phishing emails that are sent out each year.


While many Phishing emails are considered easily identifiable, more targeted versions of Phishing exist known as Spear Phishing and Whaling.

Unlike more large-scale generic Phishing attempts targeted at thousands of email addresses, Spear Phishing and Whaling are focused on a small number of individuals, often in high-profile positions within businesses.


As the emails are much more targeted, the time and effort that is put into creating the content for the message is also greatly increased. 


This allows the message to be much more convincing, referencing information about the business, named employees and other unique information making the message appear convincing.


Currently, the number of targeted Phishing attempts is much less than the large-scale generic Phishing attempts due to the time and effort required to effectively carry out a targeted Phishing campaign.

The Effectiveness Of Phishing

There are an estimated 3.4 Billion Phishing emails that are sent out each day. 


The average rate at which generic Phishing emails are clicked on can vary but is around 17%.  


More targeted versions of Phishing are considered much more effective with an average click rate of around 50%.


Phishing is involved in around a third of all data breaches that occur and the number of Phishing attacks which are conducted each year is still growing.

Generative AI

Generative AI technologies have exploded in popularity in recent years, with tools being developed to generate text, images, voice, video, animation, music, code, and many things that would have been considered impossible to automatically generate just a few years ago.


Its explosion in popularity has already started to develop an entire industry based on the rapid and automated responses that AI tools can deliver.


While many benefits come from such technologies, many consequences come with the automated and convincing generation of text, images, videos, and voice.

Generative AI Powered Phishing

With the use of generative AI, a growing concern is that large-scale generic Phishing attempts will transform into more targeted and convincing Phishing attempts, which can be more easily automated and have a higher rate of compromise.


AI tools can help attackers write both the content of the Phishing email and also automate the coding and development process to deliver such unique targeted emails.


This process helps create variations in email content, inserts individual names based on information scraped from Linkedin, and improves the overall appearance of a genuine email.

Securing Against Phishing Attacks

While there are solutions in place that can already filter your email inbox to reduce the amount of spam and Phishing emails you receive, it is possible that these security filters may be bypassed with AI-generated emails.


 AI detection tools are already being developed to identify where text is generated.  These tools can be incorporated into email filtering solutions to remove content that is likely to be AI-generated.

  Security awareness training must be expanded on to recognize the potential threat of targeted Phishing emails and inform staff on how to identify and react to these types of email messages.

     It is important to be aware that Phishing scams have evolved over the years to target emails, text messages, social media messages, phone calls, and other methods of delivering messages.  With generative AI technologies available for text, images, voice, and video, messages using these formats can become increasingly convincing.

     While it is important to prevent the compromise of devices and accounts from Phishing, how to respond to a compromise should also be considered.  Implementing further security measures and preparing an incident response plan to minimize the impact of a compromise should also be carried out.

Continued Development of Phishing Attacks

As AI is a relatively new industry, there is still a large question mark around its future and the benefits or harm that it could bring.


However, regardless of the potential fears, AI technologies have emerged, and their impact has already started to be felt, through their impact on the art world, with automation replacing a number of jobs, and through the further development of Phishing.


As Phishing is projected to continually increase over the next few years, defending against this threat and its developments in sophistication is a requirement for the ongoing security of businesses and individuals.


Andrew Lugsden

Security Consultant at Forge Secure Limited

Working within the Cyber Security industry for over ten years to provide consultancy, security testing, and compliance services.

Post a Comment


Post a Comment (0)