Corporate executives are currently facing an alarming surge in hyper-personalised phishing scams that are being powered by advanced artificial intelligence technologies. This increase in cybercrime sophistication has been highlighted by notable companies, including the British insurer Beazley and the global e-commerce platform eBay, both of which have reported a rise in fraudulent communications that contain personal data likely harvested through AI-driven analysis of individuals' online profiles.
Kirsty Kelly, the Chief Information Security Officer at Beazley, expressed her concerns, stating, “This is getting worse and it’s getting very personal, and this is why we suspect AI is behind a lot of it.” She noted that there has been a concerning trend of highly targeted attacks that accumulate significant amounts of personal information about individuals, adding to the authenticity of these scams.
The emergence of sophisticated generative AI tools is enabling cybercriminals to easily access and process vast amounts of data, allowing them to imitate the distinct tone and style of organisations or individuals. This ability not only enhances the credibility of their scams but also makes them more likely to resonate with potential victims. Nadezda Demidova, a researcher focused on cyber crime security at eBay, emphasised, “The availability of generative AI tools lowers the entry threshold for advanced cyber crime.” She noted a marked increase in diverse forms of cyber attacks, especially in the area of “polished and closely targeted” phishing.
Kip Meintzer from Check Point Software Technologies corroborated these views at a recent investor conference, articulating that AI empowers hackers to create exceptionally convincing phishing emails. According to the US Cybersecurity and Infrastructure Security Agency, over 90 per cent of successful cyber attacks initiate through phishing emails. As these malicious attacks grow in complexity, they also carry more substantial financial repercussions. IBM projects that the global average cost of a data breach is expected to rise by nearly 10 per cent to $4.9 million in 2024.
Research indicates that AI is particularly adept at facilitating business email compromise scams, a form of phishing that specifically aims to deceive recipients into initiating fraudulent financial transactions or disclosing sensitive company information. The FBI has reported that this type of scam has resulted in financial losses exceeding $50 billion worldwide since 2013.
Sean Joyce, the global cyber security lead at PwC, remarked on the capabilities of AI in exploiting vulnerabilities, stating that it is “being used to scan everything to see where there’s a vulnerability, whether that’s in code or in the human chain.”
Moreover, the sophisticated nature of AI-generated phishing scams may allow them to evade traditional email filters and corporate cybersecurity protocols. Demidova noted that standard filters, often designed to intercept generic bulk phishing attempts, might struggle against the rapid creation of multiple reworded messages by AI, further complicating efforts to safeguard against such threats.
As artificial intelligence continues to evolve, both companies and individuals must navigate the nuanced and increasingly perilous landscape of cyber threats. The ongoing developments in AI technology are reshaping the ways in which cybercriminals operate, pointing towards a future where online security practices will need to adapt substantially to combat these advanced forms of deception.
Source: Noah Wire Services