AI-Generated Phishing — The Security Landscape Changes
By: Jim Stickley and Tina Davis
November 17, 2024
Phishing scams, the scourge of businesses everywhere, are getting a facelift thanks to generative AI. Already the reason for 90% of all data breaches, phishing is getting much more difficult to spot thanks to generative AI. Traditional ways of identifying phishing scams are becoming obsolete and businesses are in the crosshairs of this new generation of phishing attacks. That's why creating a more effective response is in the best interest of every organization.
AI Phishing Tough to Catch
Whether by email, voice, or text, phishing is now an AI-generated problem. Generative AI gives cybercriminals the tools to create phishing content that's often impossible to tell it's a fake. AI-enabled messaging is more targeted and 53% more successful than before. The now "old school" email phishing red flags like bad spelling and grammar, while still useful, have given way to flawless messaging including targeted socially engineered phishing.
AI-enabled voice messaging can imitate anyone in an organization, or anyone on planet earth. Only a three-second snippet of someone's voice is needed to create an effective "deep fake." Tricky and highly believable, the end result of AI-generated phishing should concern business leaders everywhere.
Time to Sink or Swim
Since traditional ways for employees to identify phishing red flags are becoming obsolete, a new approach to security is needed. It's on C-suite members to fortify online security and that means going beyond using passwords. Mitigation begins with MFA (multi-factor-authentication) always used when available, whether using passwords or not. Transitioning from passwords to passkeys for employee authentication is an added verification step for MFA security.
Passkeys are a highly phishing-resistant form of digital credentials that are more secure than passwords and are easy to use. Biometric tools like fingerprints and facial recognition are unique to us all. Unlike using passwords, bad actors can't duplicate biometric tools and can't use AI phishing trickery to steal them.
Generative AI is bringing the future to our doorsteps and business leaders need to adopt new authentication technologies. If not, they risk sinking with their ship thanks to AI-enabled phishing attacks. Remember, just one employee taking the bait is all that's needed for a successful phishing attack, so it's time for businesses to start swimming.