Phishing emails are a constant threat that all organizations must contend with. However, with the advent of generative AI, we may be entering a new, more dangerous era of phishing — the era of AI-Phishing. In the past cybercriminals mostly relied on mass-phishing emails containing malicious links or malware. In addition, humanly crafted spear-phishing is another method of cybercriminals, as it is more difficult to detect and can be used to carry out highly targeted attacks on organizations. However, writing these types of emails has proven to be time-consuming and resource-intensive, which until now made it less appealing to cybercriminals. With the new large language models, cybercriminals can now generate highly targeted spear-phishing emails in a fraction of the time, making these attacks more effective and dangerous than ever before.
The use of AI in crafting targeted phishing emails poses a significant threat to the cybersecurity landscape, as many recipients may assume that these emails are written by humans, increasing the level of trust, and making them more likely to be successful. With the abundance of personal data available on the internet, AI algorithms can analyze this information to create tailored messages for the recipient, which may include personal details such as their name or job title. This makes these emails more convincing and increases the likelihood of them being clicked on. However, cyber attackers don't necessarily require a large amount of data to create successful phishing emails. Even a simple piece of information, such as a recent tweet or LinkedIn post, can be enough to craft a message that appears convincing to the recipient and exploits a recent event or situation.