The rapid advancement in artificial intelligence (AI) technology has significantly increased cybercrimes, particularly phishing emails. These scams are becoming more sophisticated and harder to detect due to AI’s Large Language Models (LLMs), making it a lucrative tool for cybercriminals.
Traditionally, phishing attacks relied on high volume, with scammers sending generic messages to numerous potential victims, hoping a few would fall for the ruse. Despite this, these attacks often fail due to poor message quality and lack of specific details, making them easy to spot and avoid. However, AI has revolutionized phishing tactics for scammers.
AI-Driven Phishing Emails: A Worrisome Trend
Researchers at Harvard Business School have uncovered some worrisome trends in AI-automated phishing attacks. A study revealed that 60% of participants were deceived by AI-generated phishing emails, matching the success rates of those created by humans.
What’s more surprising is that AI models can automate the entire phishing process, including collecting targets, gathering information about them, creating and sending emails, and validating and improving them. This automation reduces the costs of phishing attacks by more than 95% while achieving equal or greater success rates.
One of AI’s notable advantages is its multilingual capabilities. With ChatGPT understanding about 20 languages, cybercriminals can generate grammatically correct phishing emails in various languages, making them harder for both spam filters and individuals to identify. This enhancement is only the beginning of a broader, more pervasive threat in the digital landscape.
According to SlashNext Threat Labs, malicious phishing emails have increased by 1,265% since the launch of ChatGPT.
By harnessing the capabilities of AI, scammers can now efficiently collect breached data from hacked websites and turn it into highly targeted Spear phishing campaigns.
For example, knowing that a victim visits a specific hospital, a scammer can send an email posing as the hospital, requesting verification of account information to pay a bill, thereby tricking the victim into providing sensitive information. This level of specificity and personalization makes AI-driven Spear phishing particularly dangerous, as it exploits the trust and familiarity that individuals have with legitimate institutions.
“As AI continues to evolve, we’ll continue to see it mimic human behavior more accurately, which may lead to even closer results, or AI ultimately beating humans one day,” Stephanie (Snow) Carruthers, IBM’s chief people hacker, told VentureBeat.
Using AI to Detect Phishing Emails
It is worth noting that AI models are not only used for creating phishing attacks, but also to protect against them.
Cybersecurity experts are using Machine Learning (ML) to create AI algorithms that can sniff out phishing attempts in real-time. However, it’s a cat-and-mouse game.
Despite advancements in AI technology, the effectiveness of these defences is subject to variability. Although some language models exhibit proficiency in detecting phishing emails, the performance spectrum is wide-ranging.
Notably, popular large language models like Claude demonstrate an exceptional ability to accurately identify malicious intent, even within non-obvious phishing emails, occasionally surpassing human detection rates.
On the other hand, there are instances where other models may falter, exhibiting poor performance and failing to detect suspicion, even in overt phishing attempts. This variability underscores the pressing need for continuous improvement and innovation in AI-driven defences, ensuring robust protection against evolving cyber threats.
As AI-driven phishing scams continue to evolve, cyber experts advocate for vigilance as the best defence. Avoiding clicking on links in emails or text messages from unknown senders remains a cardinal rule in safeguarding against phishing scams and other AI-driven cybercrimes.
