AI phishing threats

Evl robot fox with glowing red eyes

Phishing as a service

Skill no longer required

Phishing-as-a-service kits have made sophisticated phishing scams accessible to anyone.

These kits include AI-generated email templates, fake login pages, and tracking tools, all sold as easy-to-use packages on the Dark Web.

Even low-skilled attackers can launch deadly campaigns with just a few clicks.

This had led to a sharp rise in both the volume and realism of phishing attacks.

No poor spelling or grammar

"You're computer is in risk!"

One of the hallmarks of phishing emails used to be poor spelling, grammar, and phrasing.

While this was sometimes intentional (as an attempt to fool email filters) it could also simply be that the email was not in the cybercriminal’s native language.

With AI phishing tools cybercriminals can craft phishes flawlessly in any language they want.

AI automation means it can automatically vary the wording in every email to evade email filters, without resorting to poor spelling and grammar.

Realistic and relevant content

Looks like a genuine email

Mimic personal writing styles

AI phishing tools can learn from stolen or public examples of writing, allowing them to perfectly mimic the personal writing style of a colleague or someone you do business with.

They could also mimic the layout and format of an internal email, or of an organisation you trust.

Include real details

AI phishing tools can scan company websites and social media sites to find real names, projects, and even timelines related to you and your organisation.

These details can be included into phishing emails to increase realism, by making the email seem highly specific and relevant to you.

Smishing

SMS phishing

AI phishing tools have made SMS text messaging phishing more dangerous. AI-powered automation, personalisation, and scaling, mean smishing is a bigger threat than ever before.

Studies have shown that people click on links in smishes 4-5 times more often than links in email phishes.

Vishing

Audio/video phishing

Using stolen or publicly available voice samples, AI-phishing tools could generate deepfake phone calls, voicemails, and videos.

Are you going to argue when your “boss”  leaves you a voicemail?