The evolution of AI is not only affecting various industries, but it has also transformed cybercriminals’ tactics. One alarming trend is the use of AI to enhance phishing scams, refining them, targeting specific individuals, and making these attacks almost impossible to recognize. Kaspersky reviews how AI is changing phishing techniques and why even the most cyber-aware employees fall for these scams.

According to a recent Kaspersky study in the Middle East, Turkiye and Africa region (META), the number of cyberattacks experienced by organizations in the last 12 months is reported to have increased by nearly half (48%). The most ubiquitous threat came from phishing attacks, with 51% of those questioned reporting this type of incident. With AI becoming a more prevalent enabler for cybercriminals, half of the respondents (53%) anticipate significant growth in the number of phishing attacks. In this text, we will examine how AI is used in phishing and why experience alone is sometimes not enough to avoid becoming a victim.

Personalization through AI

Previously, phishing attacks relied on a generic mass message sent to thousands, hoping one of the recipients would fall for the bait. AI has changed this into scripting highly personalized phishing emails in large numbers. Using publicly available information like that on social media, job boards, and companies’ websites, these AI-powered tools can generate emails tailored to an individual’s role, interests, and communication style. For example, a CFO might receive a fraudulent email that mirrors the tone and formatting of their CEO’s messages, including accurate references to recent company events. This level of customization makes it exceptionally challenging for employees to distinguish between legitimate and malicious communications.

Deepfake technology

AI has also introduced deepfakes into the phishing arsenal. These are increasingly being leveraged by cybercriminals to create fake but highly accurate audio and video messages, crafted to reflect the voice and appearance of the executives they seek to impersonate. For example, in one reported case, attackers used a deepfake to impersonate multiple members of staff during a video conference, convincing the employee to transfer approximately $25.6 million. As deepfake technology continues to advance, it is expected that such attacks will become more frequent and harder to detect.

Bypassing traditional defenses

Cybercriminals can manipulate the script of traditional e-mail filtering systems with the use of AI. By analyzing and mimicking legitimate email patterns, AI-generated phishing emails can bypass security software detection. Machine learning algorithms can test and refine phishing campaigns in real time, enhancing their success rates and making them increasingly sophisticated.

Why experience is not enough

Even experienced employees are falling victim to these advanced phishing attacks. The level of realism and personalization that AI can achieve may override the skepticism that keeps experienced professionals cautious. Moreover, AI-generated attacks often exploit human psychology, such as urgency, fear, or authority, pressuring employees into acting without double-checking the authenticity of the request.

Combatting AI-hyped phishing

To defend against AI-driven phishing attacks, organizations must adopt a proactive and multi-layered approach that emphasizes comprehensive cybersecurity. Regular, up-to-date AI-focused cybersecurity awareness training is critical for employees, helping them identify the subtle signs of phishing and other malicious tactics. Kaspersky Automated Security Awareness Platform can help with such training. Alongside this, businesses should implement robust security tools, such as Kaspersky Next and Kaspersky Security for Mail Server, capable of detecting anomalies in emails, such as unusual writing patterns or suspicious metadata.

A zero-trust security model also plays a vital role in minimizing the potential damage of a successful attack. By restricting access to sensitive data and systems, this approach ensures that even if attackers breach one layer of security, they cannot compromise the entire network. Together, these measures create a comprehensive defense strategy, combining advanced technology with vigilant human oversight.