Steady advancements in artificial intelligence (AI) have had both a negative and positive impact on the phishing threat for small businesses. In this article, we will examine the ways bad actors use AI to enhance their phishing efforts, and how AI technology also helps companies better defend against these sophisticated cyberattacks.
What is Phishing?
Phishing is the practice of sending fake communications that appear to come from legitimate sources usually via email or text messages. The goal of the bad actor is to convince someone to click on an unsafe link or provide sensitive information to what they think is a legitimate and trusted source. The most common types of phishing attacks are described below.
Email phishing
This is the oldest and most common phishing attack. Scammers will register a fake domain or website name and send out emails from a legitimate looking email address. This type of attack is usually sent in a generic email to a large group of recipients.
Spear phishing
This is a more targeted form of email phishing. The bad actor will target a specific person or department at an organization, such as an HR associate with access to sensitive information. This email will contain more customized information such as industry-specific references to convince the recipient that it is legitimate.
Whaling
This is a more advanced version of spear phishing that targets high level executives such as at the C-Suite level. These emails are even more customized with specific information in an effort to gain access to the data-rich files of an executive.
Smishing
This type of phishing attack uses SMS text messages. Experts note that many victims trust texts more readily than emails, and AI has improved the ability of scammers to send realistic sounding texts on a greater scale.
Vishing
This type of attack is also known as “voice phishing,” and it is a phone-based attempt to fraudulently obtain sensitive information. AI technology has made this more of a threat with the enhanced ability to simulate voices and accents on phone calls and the expanded distribution of these calls.
Disturbing Phishing Statistics
The following statistics outline the growing phishing threat facing your small business in 2024 and beyond.
- Reliaquest reported that 71% of the cyber threats they tracked in 2023 involved phishing attempts.
- Zscaler reported that researchers observed a nearly 60% increase in phishing attacks in 2023.
- Phishing websites increased to more than 13 million in 2023—an increase of 94% since 2020.
- Microsoft is the most imitated brand by cybercriminals with a 43.1% share. 68 million Microsoft-related phishing emails were sent out in 2023 with Office 365 being the most featured product.
- IBM researchers concluded that it takes cybercriminals using generative AI only five minutes to create a believable phish.
- Proofpoint reported that almost 10% of employees in simulated phishing attacks clicked on the malicious link.
- The FBI’s IC3 noted that companies suffered nearly $3 trillion in reported losses from phishing and spoofing attacks in 2023. They also estimate a significant amount of losses related to these cyberattacks are not reported.
AI’s Negative Impact on Phishing
Cybercriminals are using AI’s analytical and generative content power to overcome current security safeguards against phishing and other cybersecurity threats.
AI has made it possible for scammers to research and develop highly sophisticated phishing attacks more easily. Using powerful AI technology hackers can easily find and collect personal information of company employees online and on social media. Cybercriminals are using AI-based predictive social engineering and machine learning to create more personalized phishing campaigns that are more effective and to scale their attacks.
Cybercriminals are using large language models (LLMs) such as ChatGPT to create effective phishing campaigns at a 95% less expensive cost. They are using these generative content features to create compelling email messages to trick employees into clicking on links or providing sensitive information. They are also scaling up their attacks using the ability of these LLMs to automate campaigns.
Bad actors are also using AI deepfake technology, which creates realistic synthetic audio and video content, for more effective social engineering attacks. AI technology has made it easier and cheaper for cybercriminals to create improved audio and video campaigns and execute them on a greater scale.
In addition, with the increased usage of AI by companies in a wide range of applications, the amount of sensitive data being entered and shared has grown exponentially. These activities have correspondingly raised the risks to data privacy and security.
AI and Improved Phishing Defenses
Security experts note that there is fierce competition between cybercriminals using AI and ML to plan and implement more effective phishing attacks versus cybersecurity professionals who are using powerful AI tools to identify threats and improve security.
AI-powered email filters, behavior analytics, and threat intelligence platforms are becoming more effective at identifying and mitigating sophisticated phishing attempts. Ever improving AI and ML-powered tools enable security personnel to analyze user data, identify and predict patterns, and detect anomalies quickly.
AI also helps companies increasingly automate important cybersecurity tasks such as patch management, malware detection, and security and compliance testing, which will save them time and money. Data security experts will use this game-changing technology to try to maintain the upper hand in threat detection and prevention.
In addition, AI technology is capable of creating realistic simulations to test and prepare your employees to overcome phishing attacks. This type of AI-powered training is a necessity for your employees as phishing will become more sophisticated and widespread in the future.
Consult with an IT Support Partner and AI Expert
We recommend you work with a trusted IT Support partner and AI expert like Network Depot to discuss and implement the right solutions to protect your organization against the formidable phishing threat. A reliable IT expert on AI tools will help your organization select and utilize the best AI technology to keep your organization secure.
A dependable IT Support partner will also help train your staff to effectively use AI products and detect phishing attempts. In addition, they will always be at your side to provide AI and other tech support. With powerful anti-phishing solutions and policies in place and the assistance of a reliable IT Support partner and expert in AI-driven tools, your organization will be able to optimally achieve your unique objectives.