Bad actors have discovered that the more information they can gather about you, the easier it will be for them to phish you. This is perhaps the reason why this attack vector is now more well-known than before.
In 2021, 83% of firms experienced a successful email-based phishing attack, a 46% rise from 2020, according to Proofpoint’s 2022 State of the Phish study. Eighty-six percent of firms encountered bulk phishing assaults, while seventy-seven percent endured business email compromise (BEC) attacks. Seventy-eight percent of businesses experienced ransomware attacks that were spread via phishing emails.
According to the most recent Zscaler ThreatLabz Phishing Report, global phishing attacks increased by 29% over the previous 12 months to a record 873.9 million attacks. Additionally, a record number of phishing attacks (1,025, 968) were reported in the first quarter of 2022 in the Phishing Activity Trends report from the Anti-Phishing Working Group (APWG). However, things are only getting more challenging.
Scammers are increasingly using artificial intelligence (AI) to target and attack consumers by consuming all of the compromised data they can find online. As phishing attempts get more sophisticated, some of the biggest companies in the world are more concerned than ever about this activity. What’s the most frightful aspect? Even if the AI being utilised isn’t all that sophisticated yet, there has been an uptick in successful phishing and ransomware payouts.
Development of phishing
Fundamentally, social engineering involves appealing to a user’s emotions in order to elicit a reaction that ultimately leads to their disclosing personal information like passwords, credit card numbers, and other details.
If you know what to look for, simple phishing assaults that take the shape of emails, texts, QR codes, etc. are usually simple to identify. Dead giveaways include grammatical mistakes, typos, strange links, bogus logos, and email addresses in the “from” line that don’t correspond to the reliable source they claim to be.
Millions of individuals were frequently the target of these mass attacks to test who would bite. But bad guys changed, and so did their strategies.
Hackers began employing AI to make more clever personal attacks. Perfect instances include emails from your “IT department” informing you that your account has been compromised or a personalised and direct spear phishing campaign that contained your actual password.
Once more, terrible actors are now going above and beyond.
The revolution in AI phishing
Hackers treasure and collect data. But rather than merely the data they have personally breached or ransomed, the data they value most is data that has been compromised. Every piece of information that has ever been disclosed on the dark web is adored by threat actors.
Hackers may be able to learn your mother’s maiden name, birth date, past passwords, and even your personal interests from data breaches. Even though you have probably already heard this, the way that scammers are utilising it has evolved.
Now, malicious actors are using AI and this data to target consumers with increasingly sophisticated and convincing phishing assaults. They’re also using AI that isn’t even all that smart—yet—to accomplish this.
We don’t have to be concerned about AI developing its own thoughts because it can’t deviate from its pre-programmed course. However, as people become smarter, they may develop more complicated models and teach AI to handle more challenging situations. All indications point to a future where phishing looks a lot like targeted advertisements as the level of sophistication rises.
Tailored phishing meets targeted ads
Nowadays, it’s almost hard to escape advertisements. Based on your browser, search, and social media history, they appear everywhere. We now make jokes about ads anticipating your needs even before you are aware of them.
How long before criminals get this advanced? How long before a market intelligence company is compromised, allowing hackers to phish you using the same information that marketers use? Targeted phishing tactics that are conducted in close to real-time are not just a pipe dream.
Imagine looking for Super Bowl tickets and finding fraudulent emails advertising VIP Super Bowl experiences in your inbox shortly thereafter. This is the actual threat that AI poses right now, and it’s getting closer and closer to being a reality.
A look towards phishing’s future
Currently, all of our security measures are being systemically disregarded using AI and machine learning (ML). Without a little artificial intelligence, no human — or group of humans — could carry out the attacks at the level and sophistication they are.
You would be wrong to believe that malicious actors must create some clever self-realized AI hacking bot to accomplish these objectives. To target and breach individuals and organisations, criminal hackers and nation-state actors merely need to develop an AI intelligent enough to read and manipulate particular sets of data in particular situations.
Even if AI isn’t quite as sophisticated as some people believe, it can nonetheless be utilised to deceive unknowing victims. Hackers are developing more sophisticated and targeted phishing tactics and having more success by fusing AI with stolen data.
There is no turning back now that phishing has new rules and a different playing field due to AI and ML. If we don’t deal with this right away, the game will shortly become unwinnable.