AI-powered bots are now capable of analyzing vast amounts of data from online profiles. This enables them to craft emails that closely mimic the tone and style of a company or individual. This level of personalization makes the scams more convincing and harder to detect. So, it’s no surprise that there's been a notable surge in highly personalized phishing scams aimed at corporate executives. These scams are becoming increasingly sophisticated and succeeding, largely due to the integration of artificial intelligence (AI) by cybercriminals.
The implications of these advanced phishing techniques are significant. Phishing scams are the starting point for over 90% of successful cyberattacks, leading to substantial financial losses, per CISA. The global average cost of a data breach reached $4.9 million in 2024, according to IBM. Business Email Compromise (BEC) scams, a type of phishing that doesn't rely on malware, have been particularly costly. The use of AI in these scams allows cybercriminals to efficiently identify vulnerabilities, whether in software code or human behavior, making it easier to execute advanced cybercrimes. In recent cases, we’ve heard of personnel in finance wiring millions of dollars to criminals’ accounts thinking they were asked to do so by executives.
Traditional email filters and cybersecurity training are often inadequate against these AI-generated phishing attempts. AI can rapidly produce thousands of unique, reworded messages, making it challenging for basic filters to detect and block them effectively. To thwart these, it comes down to human intervention.
To combat this evolving threat, it's crucial for organizations to implement robust cybersecurity measures, including advanced email filtering systems and continuous employee education on recognizing and responding to phishing attempts. This means having a program in place to train everyone connecting to the network including consultants.
For everyone, and this indeed means every person interacting with the internet in any way, staying informed about the latest cyber threats and maintaining a proactive approach to security can help mitigate the risks associated with all phishing scams, including those helped by AI. Have code words at the ready to verify someone on the other end of the phone line truly is who you expect it to be. Watch for weird head movements in videos, distortions in the facial features when the head turns, and if asked on a video call to do something that gives you pause, confirm the task separately before taking any other action. Pick up the phone and call after you’ve ended your meeting.
These types of attacks aren’t going away any time soon. So stay on top of the latest threats, and keep an eye out for phishing attempts And because we are all still terrible about reusing passwords, use multifactor authentication on your accounts.
SUBSCRIBE TO WEEKLY NEWSLETTER
