March 13, 2024
AI expected to increase phishing attacks
Google, Amazon and Apple ranked among the top brands impersonated in phishing attacks in 2023. However, one-third of all phishing attacks that took place in the last quarter of 2023 impersonated Microsoft, making it the brand of choice for cyber criminals.
Cyber security experts warn that phishing is one of the most prevalent and successful threats to enterprises and employees. To add fuel to the fire, artificial intelligence (AI) is being used to create these attacks on a massive scale.
Not only is AI used to write the convincing wording used in emails and other avenues for phishing, but it is also being used to replicate logos and compile these threats on behalf of hackers. Experts say that in 2024, we are likely to see a further increase in phishing attacks as a direct result of AI and that these threats will be harder to distinguish from genuine company communications.
Why big brands are impersonated
Microsoft accounted for 33% of all brand-based phishing attempts from October to December 2023. There are several reasons why cyber criminals impersonate big brands. Firstly, the communications sent to customers about their accounts, software and updates happen on a regular basis, so they can be replicated and injected with malicious links.
Big brands often email new customers with verification codes, making these communications a highly replicated avenue for hackers to exploit. Phishing emails will often ask for verification of email addresses, passwords and will require victims to click on a link, which is not legitimate.
Victims often overlook the subtle signs of phishing attempts and simply trust the communications they receive from big brands. Remember, most of these enterprises will not email you unsolicited for confirmation of your passwords, banking details or other contact information. Be sure to always double-check links within emails before clicking on them.
Technology companies, financial institutions and social media platforms were among the most impersonated brands too. However, in Q4 of 2023, retail companies became highly favoured by cyber criminals due to the massive increase in online shopping ahead of the festive period. Interestingly, package delivery companies were also impersonated in phishing attempts during this period.
How AI is used in phishing attacks
Hackers use AI to automate and streamline several stages of their phishing attempts, making them more convincing and difficult to detect. Hackers are using AI to create emails that are nearly identical to human-written ones. Natural language processing techniques allow AI to analyse patterns and create authentic-sounding material, making phishing emails more convincing.
AI can perform additional tasks for hackers, such as developing phishing websites or false social media profiles to boost the legitimacy of their frauds. AI can also streamline and automate numerous operations in phishing campaigns. These algorithms can analyse massive volumes of data to identify possible targets, extract pertinent information from publicly available sources and personalise phishing emails with convincing details.
Hackers are even using AI-powered chatbots to interact with potential victims in real-time. These chatbots may successfully resemble human speech, prompting unsuspecting people to reveal vital information. The benefit of these tools to cyber criminals is that they can target employees in South Africa, even if English is not their first language; their emails will contain no grammatical errors, which evoke suspicion.
AI’s ability to bypass security systems
One of the most concerning characteristics of AI-enhanced phishing attempts is their ability to circumvent certain security systems. The algorithms can analyse and mimic human behaviour, enabling hackers to impersonate genuine brands and fool security measures. This makes it more difficult for cyber security specialists to detect and prevent AI-powered phishing efforts.
Combating AI-enhanced phishing attacks is a serious problem. Traditional security methods, such as rule-based systems and pattern matching, frequently fail to detect AI-generated phishing emails. Analysing massive volumes of data to detect AI-driven scams in real-time is a hard task. Furthermore, the quick rate at which AI evolves necessitates ongoing adaptation and research by cyber security professionals.
To protect against phishing attacks, education and user awareness are essential. Employees should undergo user awareness training sessions to learn about the warning signs of phishing scams, which include dubious email addresses, grammatical problems and unsolicited requests for sensitive information.
Reporting any suspicious phishing efforts as soon as possible will assist in mitigating the damage. Furthermore, implementing advanced security measures, such as automated threat detection systems and enhanced email protection, can help identify and prevent phishing attempts.
As AI evolves, hackers are using it in more creative ways to improve their phishing efforts, posing a growing danger to cyber security professionals. The automation and sophistication that AI adds to phishing scams make them more difficult to detect and combat. Individuals and corporations must be watchful and educate themselves on AI-driven phishing attacks.
By applying best practices and relying on modern security measures, it is possible to reduce risks and guard against phishing attacks. SEACOM offers a range of cyber security services for enterprises in South Africa. These tools can be used to detect and mitigate phishing attempts, among other threats. For more information about these services or to get a quote, email us at marketing@seacom.com or leave us a message.
SEACOM owns Africa’s most extensive network of information and communications technology (ICT) infrastructure, including subsea cables and secure internet connections. We offer a diverse range of flexible, scalable and high-quality solutions for businesses that meet world-class standards for connectivity.
SEACOM is privately owned and operated, making it agile and adaptable to the needs of the customer. This makes us the preferred ICT and internet connectivity partner for African businesses and peripheral service providers. We can guarantee high-speed, low-latency and secure internet connections to corporates and small enterprises.
For more information on our internet and voice solutions, follow us on LinkedIn, Facebook or Twitter. Keep an eye on our news section for insightful articles and relevant news stories on African ICT, internet connectivity and our leading cloud and security solutions.