Stay informed with free updates
Business leaders are being hit by an influx of hyper-personalized phishing attacks generated by artificial intelligence bots, as rapidly developing technology makes advanced cybercrime easier.
Leading companies such as British insurer Beazley and e-commerce group eBay have warned about the rise of fraudulent emails containing personal data likely obtained through AI analysis of online profiles.
“This is getting worse and it’s becoming very personal, which is why we suspect AI is a big part of it,” said Kirsty Kelly, Beazley’s head of information security. “We are starting to see highly targeted attacks that have collected a tremendous amount of information about an individual.”
Cybersecurity experts say the increasing attacks come amid rapid advances in AI technology, as tech companies rush to create increasingly sophisticated systems and launch popular products for consumers and businesses.
AI bots can quickly ingest large amounts of data about a company or individual’s tone and style and replicate these characteristics to create a compelling scam.
They can also analyze a victim’s online presence and social media activity to determine which topics the victim is likely to respond to. This allows hackers to generate customized phishing attacks on a large scale.
“The availability of generative AI tools lowers the barrier to entry for advanced cybercrime,” said Nadezda Demidova, eBay cybercrime researcher. “We have witnessed a growth in the volume of cyber attacks of all kinds,” especially “polished and narrowly targeted” phishing attacks, she added.
Kip Meintzer, an executive at security firm Check Point Software Technologies, told a recent investor conference that AI has given hackers “the ability to write a perfect phishing email.”
According to the U.S. Cybersecurity and Infrastructure Security Agency, more than 90 percent of successful cyber attacks start with a phishing email. As these attacks become more sophisticated, their consequences have become increasingly expensive, with the global average cost of a data breach increasing by almost 10 percent to $4.9 million by 2024, according to IBM.
Researchers have warned that AI is particularly effective at creating business email scams – a specific form of malware-free phishing where fraudsters trick recipients into transferring money or revealing confidential business information. According to the FBI, these types of scams have cost victims worldwide more than $50 billion since 2013.
AI is “used to scan everything to see where there is a vulnerability, whether that’s in the code or in the human chain,” says Sean Joyce, Global Cyber Security Lead at PwC.
Phishing scams generated using AI are also more likely to bypass companies’ email filters and cybersecurity training.
Basic filters, which generally block repeated bulk phishing campaigns, may struggle to detect these scams if AI is used to quickly generate thousands of reworded messages, eBay’s Demidova said.