While they might initially seem innocuous, recent technological advancements have transformed simple phishing scams into sophisticated cybersecurity threats. Artificial intelligence (AI) is the most apparent factor in these developments, with major innovations contributing to the next generation of phishing scams. It’s a low investment and high return unless you know what to avoid.
How Phishing Has Changed
Only a few years ago, a phishing scam was easy to spot. It typically came as a poorly worded email or text rife with improper grammar and misspellings. Of course, the email was from an unknown sender trying to get you to click a malicious link. Today, the rise of AI has empowered cyber criminals to achieve the appearance of legitimacy—and at a much lower cost.
“One of the things about phishing is that it’s ubiquitous,” said Adrianus Warmenhoven, a cybersecurity expert at Nordsec, “I don’t know anybody anymore who hasn’t had at least a couple of them in their mailbox… It’s a low-investment enterprise.”
The Role of AI in Cybercrime
While AI has played a valuable role in promoting global efficiency and continues to offer new and exciting online tools, cybercriminals know how to take advantage of emergent technology. Even general phishing attempts are more impactful when a large language model (LLM) includes real-time information to add believability and urgency.
In addition, scams originating from countries that speak different languages would previously be simple to ignore, but AI-powered translation makes international scam emails much more effective. Real-time translation isn’t perfect yet, but translation services are already optimizing the phishing industry globally.
More notably, AI technology has led to “spear phishing,” a more advanced phishing technique that uses social engineering to target specific individuals. An AI can quickly scan someone’s social media sites, existing data breaches, and other sources to seem much more convincing.
AI chatbots play another significant role in cybercrime, perfect for creating engagement with scams. If a user can’t pick out the peculiarities of an AI model, they will likely assume that they are speaking with a real person and be much more susceptible to clicking on whatever link is sent their way. A human attacker could never keep up with so many conversations in a widespread phishing campaign, but an AI has no such limitations.
Best Practices for Protection
In an online landscape where phishing attacks are becoming far more sophisticated and challenging to detect, one of your best practices is never clicking on email links. Navigating to an official website manually is almost always safer than going through email. It might be less convenient, but it protects against various phishing attempts.
An outside tool, such as a password manager, is also an effective way to avoid phishing attempts. A password manager will only autofill your credentials to legitimate URLs, ensuring you aren’t tripped up by a missing character that takes you to a different website. In the same vein, users should enable multi-factor authentication for an added layer of security.
On the business level, corporations should implement challenge-response codes to verify sensitive requests. This security mechanism ensures that users are who they say they are before granting access to the company system, protecting digital assets from unauthorized individuals.
The Future of Cybersecurity
AI-driven phishing scams will only become more sophisticated from this point forward, so humans may soon be unable to detect them independently. To address this issue, the cybersecurity industry is moving toward passkeys, which use public-private key encryption rather than traditional passwords. Whether these measures will be able to prevent cybercrime remains uncertain, so it is vital to keep best practices in mind.
