E-commerce giants and several other companies have reportedly witnessed an increase in the number of personalized phishing attacks targeting senior employees. According to the report, these phishing scams are conducted using artificial intelligence (AI) systems to make them look like humans and avoid obvious signs of typical scam emails. These cyber attackers also reportedly use AI to scratch and analyze data about company executives to add to the personal style of the message. Basic security filters are said to be insufficient to stop such emails at the organization level.
Company executives targeted by AI phishing scams
Companies such as eBay and British insurer Beazley highlighted the increase in fraudulent emails that contain personal information about their executive-level employees, according to a report from the Financial Times.
Beazley’s CIS Officer Kirsty Kelly told the publication that AI is suspected to be behind these attacks due to the personal nature of the emails. Kelly also reportedly added that these targeted phishing attacks are likely to be done after scraping off large amounts of data about employees from various sources.
It is worth noting that phishing scams involve deceiving sensitive and financial information by pretending to be a trustworthy entity. These are usually done by email, text messages, or by sharing URLs to fraudulent websites. However, typical phishing attacks are impersonal and often include vague information and grammatical errors, resulting in low success rates.
However, according to the report, these AI-generated phishing scams are different in a way that uses highly emotional language and shares personal information about the target. These emails may be more convincing and may trigger positive responses from individuals.
Nadezda Demidova, a cybercrime security researcher at eBay, highlighted that generated AI tools have lowered barriers to cyber attacks, telling the Financial Times, “We have witnessed the number of various cyberattacks.” She reportedly added, The specific area of focus is the “polished and closely targeted” phishing scam.
Security researchers also reportedly explained that basic security filters that typically identify and block batch phishing activity may be difficult to block AI-generated emails, as it is possible that every email can even be made unique and seems to be made by Sented by the legal sender.
